The ConfigureRemotingForAnsible.ps1 file to setup Windows hosts for Ansible is not suitable for production according to the documentation. Why is it not suitable for production and what can I tweak in the file to make it suitable for production?
Because it does a few things like enabling Basic auth and uses self signed certificates and usually globally allows WinRM traffic through. In a normal production environment you shouldn’t be using Basic auth, using a CA signed certificate and only allow WinRM traffic on the network profile you want. Unfortunately some of these changes we cannot modify as a lot of people rely on this behaviour and just pull straight from GitHub so we just put up a warning saying don’t use this directly in Production.
Thanks
Jordan