Hello Guys,
Couple of months past i was working on a project where i need to write a ansible playbook which can enable or disable the USB storage capability. I mean windows should not detect the USB devices if i connect to a computer and enforce it so i did a google search a found out the registry key for it.Then i started converting it in a playbook which look like this
---
- name: Disable_Enable USB ports on Windows Operating system
hosts: all
gather_facts: true
tasks:
- name: Check if server are reachable or not
ansible.windows.win_ping:
register: ping_result
# - debug:
# msg: "{{ ping_result }}"
- name: Disable USB storage devices
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR
name: Start
data: 4
type: dword
state: present
register: usb_dis
when:
- usb_disable|default(true)|bool == true
- name: Enable USB storage devices
register: usb_en
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Services\USBSTOR
name: Start
data: 3
type: dword
state: present
when:
- usb_disable|default(true)|bool == false
- name: Reboot system after whitelisting USB device (if required)
win_reboot:
reboot_timeout: 120
ignore_errors : true
when: usb_en.changed or usb_dis.changed
By default it disable the usb on the windows computer
To Disable the USB
ansible-playbook -i inventory usb.yml
To Enable USB
ansible-playbook -i inventory usb.yml -e usb_disable=false
No comments:
Post a Comment