From feda27bd245a0ffa147cf777af255bf04720d54a Mon Sep 17 00:00:00 2001 From: Jordan Layfield Date: Mon, 16 Jun 2025 17:51:28 +0100 Subject: [PATCH 1/8] conditional for become NO_JIRA --- defaults/main.yml | 2 ++ tasks/disable_services.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8ab43f8..5b22f9d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,6 @@ --- +# Generic info +use_become: true # Disable Telemetry disable_telemetry_policy: true disable_telemetry_dnsblock: true diff --git a/tasks/disable_services.yml b/tasks/disable_services.yml index ea82f8b..86b0e3c 100644 --- a/tasks/disable_services.yml +++ b/tasks/disable_services.yml @@ -10,4 +10,4 @@ state: stopped start_mode: disabled when: service_info.exists - become: true + become: "{{ use_become | default(true) }}" From a47c6b1d170616f58aa750fe4b2f38466f8d7914 Mon Sep 17 00:00:00 2001 From: Jordan Layfield Date: Mon, 16 Jun 2025 17:51:43 +0100 Subject: [PATCH 2/8] tags for each role NO_JIRA --- tasks/main.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 70dd71b..1236c4e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Disable telemetry ansible.builtin.include_tasks: disable_telemetry.yml - + tags: telemetry # We need to call this role in a loop externally as otherwise it will fail for # any services that happen not to exist on the target system - name: Disable unnecessary services @@ -9,18 +9,25 @@ vars: service: "{{ item }}" with_items: "{{ disable_services }}" - + tags: disable_services - name: Disable Windows Defender ansible.builtin.include_tasks: disable_windows_defender.yml + tags: defender - name: Privacy hardening ansible.builtin.include_tasks: setup_privacy.yml + tags: privacy - name: UI setup ansible.builtin.include_tasks: setup_ui.yml + tags: ui - name: Set up Windows Update ansible.builtin.include_tasks: setup_windows_update.yml + tags: updates - name: Remove default apps ansible.builtin.include_tasks: remove_default_apps.yml + tags: default_apps - name: Remove OneDrive ansible.builtin.include_tasks: remove_onedrive.yml + tags: onedrive - name: Disable Hibernation ansible.builtin.include_tasks: disable_hibernation.yml + tags: hibernation From 5b12c7a8f96532d36b3ca956facd9d78d97c3b73 Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Tue, 17 Jun 2025 11:27:35 +0100 Subject: [PATCH 3/8] add become NO_JIRA --- tasks/setup_privacy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/setup_privacy.yml b/tasks/setup_privacy.yml index b7ae8ee..9a6d152 100644 --- a/tasks/setup_privacy.yml +++ b/tasks/setup_privacy.yml @@ -3,6 +3,7 @@ - name: "Disable Windows Search web results" when: disable_search_web_results ansible.windows.win_shell: Set-WindowsSearchSetting -EnableWebResultsSetting $false + become: true - name: Disable web language list access when: disable_web_language_list_access From ed5be42714dccf4bd2e6c4859c3e5a0d38148fe1 Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Tue, 17 Jun 2025 12:06:51 +0100 Subject: [PATCH 4/8] try win command NO_JIRA --- tasks/setup_privacy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tasks/setup_privacy.yml b/tasks/setup_privacy.yml index 9a6d152..cba9bc9 100644 --- a/tasks/setup_privacy.yml +++ b/tasks/setup_privacy.yml @@ -2,8 +2,7 @@ - name: "Disable Windows Search web results" when: disable_search_web_results - ansible.windows.win_shell: Set-WindowsSearchSetting -EnableWebResultsSetting $false - become: true + ansible.windows.win_command: Set-WindowsSearchSetting -EnableWebResultsSetting $false - name: Disable web language list access when: disable_web_language_list_access From 187e8ff34257ded5fdac6c713526468490cdb55a Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Tue, 17 Jun 2025 12:42:37 +0100 Subject: [PATCH 5/8] try ps module NO_JIRA --- tasks/setup_privacy.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tasks/setup_privacy.yml b/tasks/setup_privacy.yml index cba9bc9..d80b6b4 100644 --- a/tasks/setup_privacy.yml +++ b/tasks/setup_privacy.yml @@ -2,7 +2,9 @@ - name: "Disable Windows Search web results" when: disable_search_web_results - ansible.windows.win_command: Set-WindowsSearchSetting -EnableWebResultsSetting $false + ansible.windows.win_powershell: + script: | + Set-WindowsSearchSetting -EnableWebResultsSetting $false - name: Disable web language list access when: disable_web_language_list_access From 83296a9e6479f80f9bf9297b4cc043ff5064d051 Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Tue, 17 Jun 2025 12:42:53 +0100 Subject: [PATCH 6/8] fix NO_JIRA --- tasks/setup_privacy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tasks/setup_privacy.yml b/tasks/setup_privacy.yml index d80b6b4..2eb0b85 100644 --- a/tasks/setup_privacy.yml +++ b/tasks/setup_privacy.yml @@ -1,5 +1,4 @@ --- - - name: "Disable Windows Search web results" when: disable_search_web_results ansible.windows.win_powershell: From fc75e4c60efec898195d872405e3a5e492cfff74 Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Tue, 17 Jun 2025 16:03:46 +0100 Subject: [PATCH 7/8] ignore od errors NO_JIRA --- tasks/remove_onedrive.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tasks/remove_onedrive.yml b/tasks/remove_onedrive.yml index a21346d..6646cfb 100644 --- a/tasks/remove_onedrive.yml +++ b/tasks/remove_onedrive.yml @@ -4,7 +4,8 @@ ansible.windows.win_shell: | Stop-Process -Name "OneDrive" -Force Stop-Process -Name "explorer" -Force - + ignore_errors: true + - name: Find OneDrive installer when: remove_onedrive ansible.windows.win_find: From cedf3f3c2b2b12c912dcf1e9ebb61465e748ceb5 Mon Sep 17 00:00:00 2001 From: Jordan Layfield <77847327+layfield-ccdc@users.noreply.github.com> Date: Mon, 23 Jun 2025 16:45:59 +0100 Subject: [PATCH 8/8] Lint fix NO_JIRA --- tasks/remove_onedrive.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/remove_onedrive.yml b/tasks/remove_onedrive.yml index 6646cfb..2e11ab4 100644 --- a/tasks/remove_onedrive.yml +++ b/tasks/remove_onedrive.yml @@ -5,7 +5,7 @@ Stop-Process -Name "OneDrive" -Force Stop-Process -Name "explorer" -Force ignore_errors: true - + - name: Find OneDrive installer when: remove_onedrive ansible.windows.win_find: