I’ve started learning Ansible again,
I used to PDQ to apply my workstations Software updates, but due to cost among with other factors I’ve shifted back towards Ansible for Automation.
My “First” Playbook is to install software updates on remote Workstations in my environment. which has taken me a bit, I tried to apply most of the updates using Chocolatey. which “worked” in some cases. but others where there were no update candidates available I’ve done direct download and install with arguments like /S and etc depending on the package.
First off, PDQ sets up restrictions on downloading updates automatically. we must remove that for the browsers we use. I found the following to work for each.
Edge Browsers
---
- name: Enable Edge Auto-Updates
hosts: all
tasks:
- name: Remove registry setting to allow Edge updates
win_shell: |
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Name "Update" -Value $null -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate" -Name "AutoUpdateCheckPeriodMinutes" -Value $null -Force
register: result
ignore_errors: true
- name: Remove Edge Policies with Admin Privileges
win_shell: |
Start-Process powershell -ArgumentList 'Remove-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\Edge" -Recurse -Force' -Verb RunAs
- name: Enable Edge Auto-Update
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate
name: Update{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
type: dword
data: 1
state: present
- name: Ensure Edge updates are enabled
win_service:
name: "edgeupdate"
state: started
start_mode: auto
- name: Force Group Policy update
win_shell: gpupdate /forceFirefox Browsers
---
- name: Enable Firefox Auto-Updates
hosts: all
tasks:
- name: Remove registry key for Mozilla Firefox DisableESR
win_regedit:
path: "HKLM:\\SOFTWARE\\Policies\\Mozilla"
name: "DisableESR"
state: absent
- name: Remove registry key for Mozilla Firefox DisableAppUpdate
win_regedit:
path: "HKLM:\\SOFTWARE\\Policies\\Mozilla\\Firefox"
name: "DisableAppUpdate"
state: absent
- name: Remove registry key for Mozilla Firefox BlockFirefoxUpdates
win_regedit:
path: "HKLM:\\SOFTWARE\\Policies\\Mozilla\\Firefox"
name: "BlockFirefoxUpdates"
state: absent
- name: Remove registry key for Mozilla Firefox DisableAppUpdate in HKCU
win_regedit:
path: "HKCU:\\SOFTWARE\\Policies\\Mozilla\\Firefox"
name: "DisableAppUpdate"
state: absent
- name: Remove registry key for Mozilla Firefox BlockFirefoxUpdates in HKCU
win_regedit:
path: "HKCU:\\SOFTWARE\\Policies\\Mozilla\\Firefox"
name: "BlockFirefoxUpdates"
state: absent
- name: Allow updates in Firefox ESR policies.json
win_copy:
content: |
{
"policies": {
"AppAutoUpdate": true,
"DisableAppUpdate": false
}
}
dest: 'C:\Program Files\Mozilla Firefox\distribution\policies.json'Chrome Browsers
---
- name: Enable Chrome Auto-Updates
hosts: all
tasks:
- name: Delete Chrome Update Registry Keys
win_regedit:
path: "HKLM:\\Software\\Policies\\Google\\Update"
name: "{{ item }}"
state: absent
with_items:
- UpdateDefault
- AutoUpdateCheckPeriodMinutes
- DisableAutoUpdateChecksCheckboxValue
- name: Delete Entire Google Update Policy Key
win_regedit:
path: "HKLM:\\Software\\Policies\\Google\\Update"
state: absent