Configure Ansible to access Windows Servers:

    (with Python 2.x)

     

    1. After installing Ansible, let us configure it to access Windows servers. Hoping that Windows server is already configured with WinRM. 1. Install PIP if not installed already.

    sudo apt install python-pip

    2. Install WinRM module on Ansible server

    sudo pip install "pywinrm>=0.3.0"
    .
    .
    .
    .
      Running setup.py install for pywinrm ... done
    Successfully installed ntlm-auth-1.4.0 pywinrm-0.4.1 requests-ntlm-1.1.0

    3. Now edit hosts file with Windows hosts and Variables

    sudo nano /etc/ansible/hosts
    
    [windows]
    172.168.20.10
    
    [windows:vars]
    ansible_user=test\wintel
    ansible_password=P@ssw0rd
    ansible_connection=winrm
    ansible_winrm_transport=ntlm
    ansible_port=5985

    *** Please do not give password in Production environment. You can use ansible-vault to encrypt the inventory file. 4. Now check a simple module to check windows host connectivity

    winadmin@ansible01:~$ ansible windows -i inventory -m win_ping
    172.168.1.10 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }

    5. If you configured WinRM with a certificate, add the following line to inventory file.

    ansible_winrm_cert_validation=ignore

    This is not recommended in production environment. Instead, you configure certificate from a certificate server. 6. The above will work for NTLM authentication. Let us configure with Kerberos authentication.

     Install and Setup Kerberos

    sudo apt install python-dev libkrb5-dev krb5-user 
    
    sudo pip install pywinrm[kerberos]

    7. Check kerberos configuration file if the required values are set correctly

    sudo nano /etc/krb5.conf
    
    [libdefaults]
            default_realm = TEST.ORG
    
    [realms]
            TEST.ORG = {
                    kdc = 172.168.1.10
                    admin_server = 172.168.1.10
            }

    8. Check if the kerberos is working.

    winadmin@ansible01:~$ kinit This email address is being protected from spambots. You need JavaScript enabled to view it.
    Password for This email address is being protected from spambots. You need JavaScript enabled to view it.:
    winadmin@ansible01:~$ klist
    Ticket cache: FILE:/tmp/krb5cc_1000
    Default principal: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    Valid starting       Expires              Service principal
    01/19/2020 08:25:47  01/19/2020 18:25:47  krbtgt/This email address is being protected from spambots. You need JavaScript enabled to view it.
            renew until 01/20/2020 08:25:43
    winadmin@ansible01:~$

    We can see that kerberos ticket is generated. 9. You can destroy using command kdestroy.

    winadmin@ansible01:~$ kdestroy
    venu@ansible01:~$ klist
    klist: No credentials cache found (filename: /tmp/krb5cc_1000)
    winadmin@ansible01:~$

    10. Modify inventory file to use kerberos authentication.

    ansible_winrm_transport=kerberos
    

    Install and configure Ansible on Ubuntu server 18.04

    1. Update Ubuntu repositories and Upgrade.

    sudo apt update && sudo apt upgrade

    2. Check if python is installed. If installed, go to step 3.

    python --version

    Install Python. If not Python is not installed, ansible will install by default.

    sudo apt install python

    3. Install Ansible

    winadmin@ansible01:~$ sudo apt install ansible
    
    Reading package lists... Done
    
    Building dependency tree
    
    Reading state information... Done
    
    The following package was automatically installed and is no longer required:
    
    libdumbnet1
    
    Use 'sudo apt autoremove' to remove it.
    
    The following additional packages will be installed:
    
    ieee-data libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python python-asn1crypto python-certifi
    
    python-cffi-backend python-chardet python-crypto python-cryptography python-enum34 python-httplib2 python-idna
    
    python-ipaddress python-jinja2 python-jmespath python-kerberos python-libcloud python-lockfile python-markupsafe
    
    python-minimal python-netaddr python-openssl python-paramiko python-pkg-resources python-pyasn1 python-requests
    
    python-selinux python-simplejson python-six python-urllib3 python-xmltodict python-yaml python2.7 python2.7-minimal
    
    Suggested packages:
    
    cowsay sshpass python-doc python-tk python-crypto-doc python-cryptography-doc python-cryptography-vectors
    
    python-enum34-doc python-jinja2-doc python-lockfile-doc ipython python-netaddr-docs python-openssl-doc
    
    python-openssl-dbg python-gssapi python-setuptools python-socks python-ntlm python2.7-doc binutils binfmt-support
    
    Recommended packages:
    
    python-winrm
    
    The following NEW packages will be installed:
    
    ansible ieee-data libpython-stdlib libpython2.7-minimal libpython2.7-stdlib python python-asn1crypto python-certifi
    
    python-cffi-backend python-chardet python-crypto python-cryptography python-enum34 python-httplib2 python-idna
    
    python-ipaddress python-jinja2 python-jmespath python-kerberos python-libcloud python-lockfile python-markupsafe
    
    python-minimal python-netaddr python-openssl python-paramiko python-pkg-resources python-pyasn1 python-requests
    
    python-selinux python-simplejson python-six python-urllib3 python-xmltodict python-yaml python2.7 python2.7-minimal
    
    0 upgraded, 37 newly installed, 0 to remove and 0 not upgraded.
    
    Need to get 12.1 MB of archives.
    
    After this operation, 79.5 MB of additional disk space will be used.
    
    Do you want to continue? [Y/n]Y

    4. Once Ansible is installed, check version.

    winadmin@ansible01:~$ ansible --version
    ansible 2.5.1
    config file = /etc/ansible/ansible.cfg
    configured module search path = [u'/home/venu/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
    ansible python module location = /usr/lib/python2.7/dist-packages/ansible
    executable location = /usr/bin/ansible
    python version = 2.7.17 (default, Nov 7 2019, 10:07:09) [GCC 7.4.0]

    5. Check a simple module to check if ansible is working or not. As we have not yet added / updated our inventory file, we can check with localhost.

    winadmin@ansible01:~$ ansible localhost -m ping
    
    [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
    
    'all'
    
    localhost | SUCCESS => {
    "changed": false,
    "ping": "pong"
    }

    Generating SSL/TLS certificates for your website is much easier than you think on a windows operating system like Windows 10. A commercial certificate provider can charge you a lot and Let's Encrypt is free but issue certificate for 90 days. We can extend these for free for lifetime. Let us see how to generate and renew Let's Encrypt certificate.

    • Download the latest version of the Certbot installer for Windows at https://dl.eff.org/certbot-beta-installer-win32.exe.
    • Run the installer and follow the wizard. The installer will propose a default installation directory, C:\Program Files(x86)
    • select the Start menu, enter cmd (to run CMD.EXE) or powershell (to run PowerShell), and click on "Run as administrator"
    • Run the following command certbot certonly --manual 080920 1519 UseWindowss1
    • Enter your website name when prompted. If you need certificate for multiple domains, you can add wildcard.
    • Choose your option 080920 1519 UseWindowss2
    • Create a DNS TXT record by going to your hosting provider and DNS settings for your domain. 080920 1519 UseWindowss3 Will look something like the following based on your hosting provider. 080920 1519 UseWindowss4
    • Create a file on your website with the mentioned parameters. 080920 1519 UseWindowss5
    • If all the above steps are correct, you should receive following Congratulations message. 080920 1519 UseWindowss6
    • Now the certificate is generated. Login to your CPanel account and find SSL/TLS settings.
    • Click "Install and Manage SSL for your site (HTTPS)" and upload your Certificate (fullchain.pem) and private key (privkey.pem)
    • Map the current uploaded certificate to your website and test by browsing.

    Installing and configuring PowerShell on Ubuntu Linux

    Download Powershell package from https://github.com/PowerShell/PowerShell/. Download a suitable version depending on the version of the Operating System you have. Here I am showing the procedure for Ubuntu Server 16.04. Below is the process for installing and configuring PowerShell on Ubuntu Linux.

    Run the following command to download Powershell Package for Ubuntu 16.04 .

    wget https://github.com/PowerShell/PowerShell/releases/download/v6.0.0-alpha.17/powershell_6.0.0-alpha.17-1ubuntu1.16.04.1_amd64.deb

    081420 2006 Installinga1

    Then execute the following in terminal.

    sudo dpkg -i powershell_6.0.0-alpha.17-1ubuntu1.16.04.1_amd64.deb

    sudo apt-get install -f

    081420 2006 Installinga2

    Powershell is installed on Ubuntu now. This is time to test the powershell on Ubuntu Linux. Let us run some commands.

    Enter powershell in the terminal to start Powershell.

    Enter the following in powershell console.

    081420 2006 Installinga3

    $PSVersionTable

    The output should be something like the following.

    081420 2006 Installinga4 

    The following is a brief listing of the common Cmd.exe and UNIX commands that you can use inside Windows PowerShell:

           

    cat

    dir

    mount

    rm

    cd

    echo

    move

    rmdir

    chdir

    erase

    popd

    sleep

    clear

    h

    ps

    sort

    cls

    history

    pushd

    tee

    copy

    kill

    pwd

    type

    del

    lp

    r

    write

    diff

    ls

    ren

     

    However, all the PowerShell commands are not available on Linux PowerShell. For further reference please check at https://docs.microsoft.com/en-us/powershell/scripting/whats-new/known-issues-ps6?view=powershell-7 : (Known Issues for PowerShell on Non-Windows Platforms)

    Some times you may receive an error if both Hyper-V and VMware workstation are installed. You can disable Hyper-V to run VMware Workstation and also disable Device / Credential guard.

    081420 2023 Yourhostdoe1

    Here is a procedure to disable Device/Credential guard on Windows 10 System.

    Disable Windows Defender Credential Guard by using Group Policy:

    • You can use Group Policy to enable Windows Defender Credential Guard.
    • From the Group Policy Management Console, go to Computer Configuration -> Administrative Templates -> System -> Device Guard.
    • Double-click Turn On Virtualization Based Security, and then click the Disabled option.

     

    081420 2023 Yourhostdoe2

    Update Group Policy to apply changes with gpupdate /force.

    If the group policy update does not resolve the issue, reboot the system.

    How to setup Microsoft Active Directory Certificate Services [AD CS]

    Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network. Let us see how to install and setup Active Directory Certificate Services (AD CS).

    Open Server Manager and click Manage -> Add Roles and Features

    081420 2008 SetupMicros1

    Click Next In the following screen, click Next.

    081420 2008 SetupMicros2

    Select Role-based or feature-based installation

    081420 2008 SetupMicros3

    Select Select a server from the server pool

    081420 2008 SetupMicros4

    In the Select server roles window, select Active Directory Certificate Services

    081420 2008 SetupMicros5

    This will display Add Roles and Features Wizard. Click Add Features

    081420 2008 SetupMicros6

    Click Next

    081420 2008 SetupMicros7

    Click Next – Next.

    081420 2008 SetupMicros8

    Click Install in the Confirmation Window.

    081420 2008 SetupMicros9

    Once you see the Results window, Click Close.

    081420 2008 SetupMicros10

    Active Directory Certificate Services feature is installed on the server successfully. Now, let us configure the AD CS. Open Server Manager window if closed and clicking081420 2008 SetupMicros11will popup a drop down. Click Configure Active Directory Certificate Services on the remote server as shown in the following image.

    081420 2008 SetupMicros12

    Click Next in Credentials window. If needed, you can change the Credentials.

    081420 2008 SetupMicros13

    Click Next in Role Services Window.

    081420 2008 SetupMicros14

    Select Enterprise CA.

    081420 2008 SetupMicros15

    Select Root CA in CA Type.

    081420 2008 SetupMicros16

    Select Create a new private key.

    081420 2008 SetupMicros17

    Select SHA256 or as required.

    081420 2008 SetupMicros18

    In the CA Name window, check settings and click Next.

    081420 2008 SetupMicros19

    Specify the validity period.

    081420 2008 SetupMicros20

    Check the database settings and path and change if required.

    081420 2008 SetupMicros21

    Check all your configuration in Confirmation window and click Configure

    081420 2008 SetupMicros22

    You will see a Results window with a message Configuration succeeded.

    081420 2008 SetupMicros23

    We have completed Adding Active Directory Certificate Services (AD CS) and configuring.

    Create a Certificate Request using Active Directory Certificate Services

    Create a Certificate Request using Microsoft Management Console

    Login to the Server where you want a certificate to be requested.

    Open Microsoft Management Console (MMC) using mmc command. Make sure that you are running mmc as administrator. Click Add/Remove Snap-in

    081420 2011 CreateaCert1

    Select Certificates and click Add to add to the Selected snap-ins.

    081420 2011 CreateaCert2

    Select Computer account in Certificates snap-in.

    081420 2011 CreateaCert3

    Click Finish.

    081420 2011 CreateaCert4

    Click OK

    081420 2011 CreateaCert5

    Expand Certificates in Console Root.

    081420 2011 CreateaCert6

    Right click Personal -> All Tasks -> Advanced Operations -> Create Custom Request ..

    081420 2011 CreateaCert7

    Click Next

    081420 2011 CreateaCert8

    Click Next

    081420 2011 CreateaCert9

    Select Web Server in Template select option.

    081420 2011 CreateaCert10

    Click Next

    081420 2011 CreateaCert11

    Click Next

    081420 2011 CreateaCert12

    Click Details down arrow to configure options.

    081420 2011 CreateaCert13

    Click Properties and configure required properties.

    Give a file name to save and click Finish.

    081420 2011 CreateaCert14

    Now we have completed a request. Let us generate the certificate if Active Directory Certificate Authority Web Enrolment is configured in your domain.

    Generate Certificate:

    Login to the webserver (in my case it is http://dc01.winadmin.org/certsrv/Default.asp).

    081420 2011 CreateaCert15

    Click Request a certificate and then click advanced certificate request.
    081420 2011 CreateaCert16

    Click the second option "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."
    081420 2011 CreateaCert17

    Now open the request file with a notepad and copy text. Paste in the field Base-64-encoded certificate request. Select Certificate Template as Web Server and click Submit button.
    081420 2011 CreateaCert18

    The certificate is now ready to download.

    VPShellRes.dll could not be found error message.

    When you right click any file generates "VPShellRes.dll could not be found" error message specially after removing Symantec product.

     

    081420 2005 VPShellResd1

     

    Please follow the instructions given at https://support.symantec.com/en_US/article.TECH153712.html by Symantec.

    Deleting Windows.old folder from System Drive

    Windows.old folder is created when you upgrade your windows to a higher version. This is meant for roll back purpose. If you think that if you are not going to roll back to previous version, you can delete this folder to save much disk space. Windows.old folder is also created if your installation failed and you tried to install windows again in same drive without formatting.

    Here is how to delete windows.old folder. Deleting the Windows.old folder can't be undone.

    1. Open Disk Cleanup by clicking the Start button, in the search box, type Disk Cleanup (or cleanmgr.exe), and then, in the list of results, click Disk Cleanup.

      081420 2003 DeleteWindo1
      Click OK.
      081420 2003 DeleteWindo2

    2. Disk Cleanup window will open. Click Clean up system files.
      081420 2003 DeleteWindo3
    3. The tool will check for any old windows and will display in a new window. Select Previous Windows installation(s) and click OK.

       081420 2003 DeleteWindo4If you get any prompt that 'You cannot restore the machine back to the previous version of Windows', click Yes.
      081420 2003 DeleteWindo5

    4. The cleaning process will begin. This process may take some time.
      081420 2003 DeleteWindo6
    5. Once the operation is completed, you can check disk space of your System Drive. All the old Windows installations are deleted.

    Offline install of .NET Framework 3.5 in Windows 10

    To install .NET Framework 3.5 in Windows 10, do the following:

    1. Insert your Windows 10 DVD, or double click its ISO image / or right click and select Mount the ISO, or insert your bootable flash drive with Windows 10, depending on what you have.
    2. Open 'This PC' in File Explorer and note the drive letter of the installation media you have inserted. In my case it is disk H:
    3. If you are using an ISO file, make sure that it is mounted.
    4. Now open the elevated command prompt and type the following command:
      Dism /online /enable-feature /featurename:NetFX3 /All /Source:H:\sources\sxs /LimitAccess
    5. Replace H: with your drive letter for Windows 10 installation media.

       

      081420 2002 Offlineinst1

    6. WIndows feature 3.5 is installed successfully.
    7. If you face any problem please post here.
    Page 1 of 4
    © 2021 WinAdmin.org. All Rights Reserved.