I primarily manage our servers through Active Directory, while we use Entra and Intune for user devices. However, we have some devices and VMs that we prefer not to integrate with AD for security reasons. These include lower-trust systems like HVAC systems, and I need to ensure we can still manage and secure them effectively. Most of these systems run on Windows Server 2019 or Alma Linux. Since I'm new to Ansible, I'm curious – is it a suitable option for these non-AD environments, or should I look for something else?
5 Answers
Setting up a local admin account with a random password on your devices, plus using SSH with a certificate, could be a good approach. That way, you can avoid dealing with shared passwords and manage your credentials effectively, keeping everything more secure!
I've used Ansible quite a bit with Windows through winRM, and it works really well! Just make sure to enable winRM on the Windows machines, secure the ports, and configure the firewall rules. You'll also need a local account on each machine. This setup allows me to manage hundreds of Windows VMs effectively with Ansible!
It sounds like it might be beneficial for you to consider a Remote Monitoring and Management (RMM) tool as well. We have a mix of Windows domain-joined computers and various Linux workstations, and we manage everything through an RMM. This way, we can keep track of all our machines in one place, including the non-domain servers!
Ansible is a solid choice. While I'm not heavily into Windows, it appears to have good support for systems that aren't part of a domain. They have plugins specifically for Windows management too! You can check out the documentation for more details on that.
I'm not sure Ansible is the best tool for Windows management. If you're looking to keep these systems off the domain, it might be worth reconsidering that choice and addressing the underlying issues instead of having unmanaged systems lingering around. It could lead to more problems down the line.
Could you explain further? Ansible officially supports managing Windows servers, even if they’re not on the domain. It's quite capable of handling both! Check the Ansible docs for more info.
We've had great success using Ansible with numerous Windows servers; it truly does perform well with them! Just need to ensure you're leveraging it right.