Ansible on Windows w/o administrator privileges possible?

alv2412 · September 7, 2016, 9:19am

Hello,

Is it possible to use a non-administrator user to run Ansible against Windows hosts and if yes, how?

I’ve used invoke-command -computername localhost -credential ansible -scriptblock {$env:computername} to test inside Powershell, which works fine only if the Ansible user is Administrator.

What did not help it:

Add user to Windows Remote management group
Add user to Windows Remote management and WinRMRemoteWMIUsers__ group

Test target is this SRV2012R2 vagrant box: https://atlas.hashicorp.com/mwrock/boxes/Windows2012R2

Regards
Avaro Aleman

Matt_Davis · September 8, 2016, 3:47pm

Yes, it’s absolutely possible. Usually the limiting factor on a default install is the WinRM listener ACL- you can see/alter this via:

winrm configSDDL default

and add the necessary users/groups (or add the existing Windows Remote Management group).

Matt_Davis · September 8, 2016, 3:49pm

(typical cases only need the “read” and “execute” permission)

alv2412 · September 9, 2016, 9:59am

That did the trick, thanks!

Topic		Replies	Views
Ansible managing Windows hosts with non admin user Ansible Project windows	14	2	March 6, 2017
Run powershell as administrator Ansible Project windows	0	2	May 11, 2022
Non-Administrator Accounts - WinRM Ansible Project windows	0	1	August 18, 2020
Using ansible on windows with UAC enabled Ansible Project windows	2	5	February 4, 2016
Windows ansible Kerberos user privileges. Ansible Project windows	2	2	March 5, 2019

Ansible on Windows w/o administrator privileges possible?

Related topics