| # Install all available updates from Windows Update. See "Windows new bot setup" doc for full |
| # instructions. |
| # Requires Ansible 2.5. |
| - hosts: all |
| tasks: |
| - name: Disable deferring feature updates |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "DeferFeatureUpdates" |
| data: 0 |
| type: dword |
| - name: Disable deferring quality updates |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "DeferQualityUpdates" |
| data: 0 |
| type: dword |
| - name: Set deferral period for feature updates to 0 in UpdatePolicy |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "FeatureUpdatesDeferralInDays" |
| data: 0 |
| type: dword |
| - name: Set deferral period for feature updates to 0 in UX Settings |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings |
| name: "DeferFeatureUpdatesPeriodInDays" |
| data: 0 |
| type: dword |
| - name: Set deferral period for quality updates to 0 in UpdatePolicy |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "QualityUpdatesDeferralInDays" |
| data: 0 |
| type: dword |
| - name: Set deferral period for quality updates to 0 in UX Settings |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings |
| name: "DeferQualityUpdatesPeriodInDays" |
| data: 0 |
| type: dword |
| - name: Enable Windows Update |
| win_service: |
| name: wuauserv |
| start_mode: manual |
| # Based on example at https://docs.ansible.com/ansible/latest/modules/win_updates_module.html |
| - name: Ensure WinRM starts only after the system is ready to work reliably |
| win_service: |
| name: WinRM |
| start_mode: delayed |
| # Sometimes Windows has updates already pending and the win_updates module doesn't work until |
| # after a reboot. |
| - name: Reboot before running Windows Update |
| win_reboot: |
| - name: Install updates and reboot |
| win_updates: |
| category_names: |
| # All categories. |
| - Application |
| - Connectors |
| - CriticalUpdates |
| - DefinitionUpdates |
| - DeveloperKits |
| - FeaturePacks |
| - Guidance |
| - SecurityUpdates |
| - ServicePacks |
| - Tools |
| - UpdateRollups |
| - Updates |
| reboot: yes |
| register: result |
| # Note that Ansible will say “FAILED - RETRYING: Install updates and reboot,” even though we're |
| # just checking for additional updates. |
| until: result.found_update_count == 0 |
| retries: 4 |
| - debug: |
| msg: "Result of win_updates:\n{{ result }}" |
| - name: Enable deferring feature updates |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "DeferFeatureUpdates" |
| data: 1 |
| type: dword |
| - name: Set deferral period for feature updates to 365 in UpdatePolicy |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState |
| name: "FeatureUpdatesDeferralInDays" |
| data: 365 |
| type: dword |
| - name: Set deferral period for feature updates to 365 in UX Settings |
| win_regedit: |
| path: HKLM:\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings |
| name: "DeferFeatureUpdatesPeriodInDays" |
| data: 365 |
| type: dword |
| # We do not defer quality updates because they rarely cause problems. |