How to create & manage file shares on windows with ansible

Veröffentlicht von

Managing Windows file shares is always a tedious work to keep all the required shares up to date, remove no longer needed shares, keep permission settings in the desired state.

Today i will show you how you can easily create & manage your file shares with ansible.

We will use the following ansible modules:

We will use a CSV file to specify a list of shares we want to create and manage. But keep in mind that it is not needed. You can also define your shares in host_var file or directly in the play.

In this example CSV we will create 2 shares including the proper Share and NTFS permission. On Share1 we will also enable Access-Based Enumeration.

Name;Description;Path;Visible;ShareReadAccess;ShareFullAccess;NTFSReadAccess;NTFSFullAccess
Share1;Share 1;E:\Shares\1;no;share1_read;share1_full;share1_read;share1_full
Share2;Share 2;E:\Shares\2;yes;share2_read;share2_full;share2_read;share2_full

First of all we need read the CSV and return a dict/list, which we will later use to loop trough.

- name: Create & Manage Windows Shares with ansible
  hosts: localhost
  gather_facts: no
  tasks:
  - name: Read shares from CSV file and return a dictionary
    read_csv:
      path: /mnt/d/Shares.csv
      delimiter: ';'
    register: shares
    delegate_to: localhost

You can use „debug“ to output the data we received from the CSV. As you can see in our code, we will loop through the list and set „share“ as loop_var for each entry, which holds our values.

  - debug:
      msg:  "{{ share.Name }}"
    loop: "{{ shares.list }}"
    loop_control:
      loop_var: share

In the next step we will loop through our list and create the directory structure for each file share specified on our file server.

As our „shares“ variable had been created on localhost, we have to pass it to our file server play.

- name: Create & Manage Windows Shares with ansible
  hosts: test
  gather_facts: no
  tasks:
  - name: Create directory structure
    win_file:
      path: "{{ share.Path }}"
      state: directory
    loop: "{{ hostvars['localhost']['shares'].list }}"
    loop_control:
      loop_var: share

Now it is time to create shares and add the required permissions.

  - name: Create shares
    win_share:
      name: "{{ share.Name }}"
      description: "{{ share.Description }}"
      path: "{{ share.Path }}"
      list: "{{ share.Visible }}"
      full: "{{ share.ShareFullAccess }}"
      read: "{{ share.ShareReadAccess }}"
    loop: "{{ hostvars['localhost']['shares'].list }}"
    loop_control:
      loop_var: share

Lets have a look on the windows server:

As you can see, shares have been created and share permissions were set as defined in the CSV.

So lets keep continue with the NTFS Permissions. We will split this in two tasks

  - name: Set NTFS Full Permissions
    win_acl:
      path: "{{ share.Path }}"
      user: "{{ share.NTFSFullAccess }}"
      rights: FullControl
      type: allow
      state: present
      inherit: ContainerInherit, ObjectInherit
      propagation: 'None'
    loop: "{{ hostvars['localhost']['shares'].list }}"
    loop_control:
      loop_var: share

  - name: Set NTFS Read Permissions
    win_acl:
      path: "{{ share.Path }}"
      user: "{{ share.NTFSReadAccess }}"
      rights: ReadAndExecute
      type: allow
      state: present
      inherit: ContainerInherit, ObjectInherit
      propagation: 'None'
    loop: "{{ hostvars['localhost']['shares'].list }}"
    loop_control:
      loop_var: share

When we review the NTFS permission on the server, they should be look like this.

As you see the process is very simple and straight forward.

Happy coding!
Christoph