Setup A NTP Server TO sync the windows machines locally

 Hello Guys,

I have working on a problem where i need to sync the windows machines in isolated network.So I have suggested that we need to have a local NTP server and keep syncing to it periodically. I have wrote a ansible playbook to setup NTP/chrony  server but it can be achive manually as well.

For syncing the windows machines as well we can do it locally but i have sestup a playbook which login on windows machine and syncup the time using the timeserver which we have setup.

---

- name: Set up NTP server on RHEL 9 using Chrony

hosts: all

become: yes

tasks:

- name: check if chrony is installed

shell: rpm -qa | grep chrony

register: chrony_installed

ignore_errors: True

check_mode: False

changed_when: False

- name: print

debug:

msg: "chrony is installed"

when: chrony_installed.rc == 0

- name: Install chrony package

yum:

name: chrony

state: present

when: chrony_installed.rc != 0

- name: Configure chrony as an NTP server

copy:

dest: /etc/chrony.conf

content: |

# Use the default CentOS pool servers

pool 2.centos.pool.ntp.org iburst

# Allow NTP client access from the local network

allow 192.168.1.0/24

#Allow NTP client to access from local network hostonly

allow 192.168.56.0/24

# Serve time even if not synchronized to any NTP server

local stratum 10

# Specify log file

logdir /var/log/chrony

# Dump measurements when chronyd exits

dumpdir /var/lib/chrony

# Save drift file

driftfile /var/lib/chrony/drift

notify:

- restart chronyd

- name: Enable and start chronyd service

systemd:

name: chronyd

enabled: yes

state: started

- name: Ensure firewalld is running

ansible.builtin.service:

name: firewalld

state: started

enabled: yes

- name: Open UDP port 123 for NTP (Chrony) on the server

ansible.posix.firewalld:

port: "{{ item }}/udp"

permanent: true

state: enabled

immediate: true

loop:

- 123

- 323

notify:

- Reload firewalld

handlers:

- name: restart chronyd

systemd:

name: chronyd

state: restarted

- name: Reload firewalld

ansible.builtin.service:

name: firewalld

state: reloaded

For syncing the we can go to time and date setting and  enter the IP address of the NTP server in the internet time section and click sync now. Alternatively we can also write a playbook if we want to do it in bulk which i will cover in the next article. Cheers and enjoy...!   

Ansible Lockout User in WIndows

 Hello Guys,

As i have already told you i am recently extensively working with windows systems.I have come across one more use case where i need to lock the users after 3 unsuccessfully login attempt ans the user is local and not connected to Ad environment 

I have written the playbook which work without AD

---

- hosts: windows

  tasks:

- name: Set user lockout after 3 attempt 

  win_command: net accounts /lockoutthreshold:3

  register: userLockout

  args:

    creates: C:\userLockout.lock

- name: Create userLockout.lock 

  win_copy:

    dest: C:\userLockout.lock

    content: ""

    force: no

  when: userLockout

- name: Set lockout duration to 10 min  

  win_command: net accounts /lockoutduration:10

  register: lockduration

  args:

    creates: C:\lockduration.lock

- name: Create lockduration.lock 

  win_copy:

    dest: C:\lockduration.lock

    content: ""

    force: no

  when: lockduration

- name: Set reset the lockout timeout adter 

  win_command: net accounts /lockoutwindow:10

  register: lockoutwindow

  args:

    creates: C:\lockoutwindow.lock

- name: Create lockoutwindow.lock 

  win_copy:

    dest: C:\lockoutwindow.lock

    content: ""

    force: no

  Enjoy ..! Let me know if you stuck with Automation with Ansible

Ansible To setup Banner on Windows Host

 Hello Guys,

I am recently working on a project where I am working mostly on windows system, I got a requirement where i need to setup a banner on a windows machines. I did some google for manual steps as i don't have much understanding of windows but i was able to get the required steps

its basically i need to make some registry entries and that should take care of it

so i have started writing playbook.You can use this playbook and modify as you see feet for your use case

---

- name: Set Windows Login Banner

  hosts: all

  vars:

    title: "Company Name Authorised Access Only..!"

    body: ""This is a secure system of Company Name. Unauthorised access is prohibited.This system is under the surveillance and any authorised access will be reported. Powered by Ansible Automation  and Written by Navneet N. Rathi.""

  tasks:

    - name: Set banner caption (title) for Windows

      ansible.windows.win_regedit:

        path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

        name: LegalNoticeCaption

        data: "{{ title }}"

        type: String

      register: title

    - name: Set banner text (body) for Windows

      ansible.windows.win_regedit:

        path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

        name: LegalNoticeText

        data: "{{ body }}"

        type: String

      register: content

    - name: Reboot the machine

      ansible.windows.win_reboot:

        reboot_timeout: 120

      when: title.changed or content.changed

      ignore_errors : true

- hosts: all

  tasks:

   - name: check if win server is up or not

     ansible.builtin.win_ping:

     register: ping_status

   - name: Display the status

     ansible.builtin.debug:

       msg: "{{ ping_status }}"   

You can use this play to set it up..!

Enjoy..! Let me know if you have any automation use case for which you need help..!