Ansible Agent Option?
- 
 @Obsolesce said in Ansible Agent Option?: I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is. I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that. MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions. 
- 
 @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) 
- 
 @scottalanmiller I assume that Salt/Ansible have some way of removing software from a computer that you don't is not part of what you have in the state? Same goes for user accounts on the machine. Let's assume the user has local admin rights - they create more accounts - I assume that Salt/Ansible have ways to remove those accounts when their refresh period takes place? 
- 
 @Obsolesce said in Ansible Agent Option?: SO why are you not using SaltStack then? SaltStack and do ANYTHING to a Windows device. How? It can run PowerShell, and it can run scheduled tasks with any configuration. I can think of no case SaltStack wouldn't work for some configuration on a Windows device. SaltStack is like the only exception to the rule, so why not use it? We are, but I want to give Ansible a fair shake and am asking if or how anyone is getting it to overcome this agentless limitation for accessing other machines. From what I've seen Ansible has more momentum and support (IBM bought them now) and more robust Windows handling. So it would be great if I am just missing a way to add an agent to it. That it is agentless by default is great, it's that it would be wonderful if it had an optional agent (native or third party) that is currently supported. Salt does both, but no one talks about the agentless method as the agent is so awesome. I was hoping the inverse was happening here. 
- 
 @Dashrender said in Ansible Agent Option?: I assume that Salt/Ansible have some way of removing software from a computer that you don't is not part of what you have in the state? Absolutely, yes. That's very core to their functionality. 
- 
 @Dashrender said in Ansible Agent Option?: Same goes for user accounts on the machine. Let's assume the user has local admin rights - they create more accounts - I assume that Salt/Ansible have ways to remove those accounts when their refresh period takes place? Yes, again very core. These are specifically some of the functions that we expect to use (and most everyone does.) Nothing weird here, just part of the power that state machines intrinsically provide. 
- 
 @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is. I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that. MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions. In user land there are almost always special cases and exceptions - how do you deal with those with Salt? 
- 
 @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers. Servers are not mobile devices. Nor are Desktops but it would be nice to manage them with the same tool. Intune comes to mind it will do some state management and is getting better with time... Nobody is managing servers with Intune. They are using SaltStack/Ansible/Chef/Puppet/DSC/SCCM for servers. NOT Intune. Also, Intune doesn't even support Server OSs. True. And having tried it some time ago, at least then, it was horribly anemic. Just no power. I'm sure it has improved, but even rudimentary RMM platforms had more configuration management for machines. 
- 
 @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? 
- 
 @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is. I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that. MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions. In user land there are almost always special cases and exceptions - how do you deal with those with Salt? That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps. 
- 
 @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. 
- 
 One of the goals with Salt, Ansible, or presumably an MDM is to manage the machines without ever needing to log in and touch them. 
- 
 @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is. I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that. MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions. In user land there are almost always special cases and exceptions - how do you deal with those with Salt? That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps. OK I guess I see that. 
- 
 @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is. I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that. MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions. In user land there are almost always special cases and exceptions - how do you deal with those with Salt? That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps. OK I guess I see that. One hammer, one kind of nail, but you can build many different houses. 
- 
 @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. 
- 
 @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal. 
- 
 @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal. You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size. I think the last 'new' software I deployed was Citrix-workspace. 
- 
 @Dashrender said in Ansible Agent Option?: @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal. You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size. I think the last 'new' software I deployed was Citrix-workspace. I have people who need things changed daily, yes. 
- 
 @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal. You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size. I think the last 'new' software I deployed was Citrix-workspace. I have people who need things changed daily, yes. I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment. 
- 
 @Dashrender said in Ansible Agent Option?: @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @DustinB3403 said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Dashrender said in Ansible Agent Option?: @scottalanmiller said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: @coliver said in Ansible Agent Option?: @Obsolesce said in Ansible Agent Option?: Why not have an Ansible server on the same network as the devices and reachable by the Ansible server? From an MSP perspective that can get pretty inefficient and heavy. Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for. Even not an MSP, why would anyone want to use anything but state machines for managing their machines? This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space. DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.) By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else? That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis. Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis. That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal. You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size. I think the last 'new' software I deployed was Citrix-workspace. I have people who need things changed daily, yes. I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment. On MAC GPO doesn't apply. 




