{"id":4667,"date":"2025-11-28T10:18:41","date_gmt":"2025-11-28T10:18:41","guid":{"rendered":"https:\/\/www.it-react.com\/?p=4667"},"modified":"2025-11-28T10:20:10","modified_gmt":"2025-11-28T10:20:10","slug":"provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part","status":"publish","type":"post","link":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/","title":{"rendered":"Provisioning a Windows 10 Client from a vSphere Template (2nd part)"},"content":{"rendered":"\n

In the first part<\/a> of this series, we built the foundation of our automation framework: a clean directory structure, proper inventories, OS-specific variable separation, secure Vault usage, and the vCenter settings that glue everything together. Think of it as laying out all tools on the workbench before touching the actual machine.<\/p>\n\n\n\n

Now comes the fun part.<\/p>\n\n\n\n

Before we start provisioning, there\u2019s one important lesson we need to get out of the way \u2014 something you will absolutely run into in any real-world vSphere environment:<\/p>\n\n\n\n

Windows guest customization breaks completely if your template has been manually sysprep\u2019d.<\/strong><\/p>\n\n\n\n

Yes, really.
If you generalize a Windows image yourself and then<\/em> let vCenter try to run its own sysprep during OS Customization, you\u2019ll be greeted with the legendary:<\/p>\n\n\n\n

\u201cThe computer restarted unexpectedly or encountered an unexpected error\u2026\u201d<\/em><\/p>\n\n\n\n

\"\"\n\t\t\t\n\t\t\t\t\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n\n\n\n

And your VM will loop itself into oblivion.
We\u2019ve been there. We\u2019ve stared at it long enough. Trust us \u2014 don\u2019t do manual sysprep for templates that will be cloned with OS customization.<\/p>\n\n\n\n

So, the rule is simple:<\/h2>\n\n\n\n
    \n
  • Template that uses OS Customization \u2192 NO manual sysprep.<\/strong><\/li>\n\n\n\n
  • Template for bare clones\/labs with no OS Customization installation \u2192 manual sysprep is fine.<\/strong><\/li>\n<\/ul>\n\n\n\n

    And one more thing \u2014 your template MUST have VMware Tools installed.<\/strong>
    This is absolutely essential because the customization engine, IP assignment, hostname injection, and later WinRM bootstrapping all rely on VMware Tools being present and working. Without it, nothing moves.<\/p>\n\n\n\n

    In this post, we\u2019ll take that clean Windows 10 template \u2014 with VMware Tools installed, but without<\/em> sysprep \u2014 and automate the full provisioning workflow:<\/p>\n\n\n\n

      \n
    • deploying a new VM from template using vmware_guest<\/code><\/li>\n\n\n\n
    • setting CPU, RAM, datastore, folder, and VM name<\/li>\n\n\n\n
    • applying vSphere Guest Customization with static IP<\/li>\n\n\n\n
    • verifying the VM boots cleanly with the correct hostname and network settings<\/li>\n\n\n\n
    • preparing the machine for the next stage (WinRM bootstrap and domain join in Part 3)<\/li>\n<\/ul>\n\n\n\n

      By the end of this article, we\u2019ll have a reproducible, fully automated Windows 10 provisioning process that works exactly like an enterprise environment \u2014 but without the clicking and praying in the vSphere UI.<\/p>\n\n\n\n

      Let\u2019s get started.<\/p>\n\n\n\n

      Defining the VM Metadata (host_vars)<\/h2>\n\n\n\n

      With the template ready, it\u2019s time to give our new Windows 10 VM an identity.
      One of the reasons we spent time building a clean repository structure in Part 1 is so that each virtual machine can be defined in a simple and predictable way \u2014 without touching the playbooks themselves.<\/p>\n\n\n\n

      In other words:
      playbooks define how<\/em> provisioning works, and host_vars define what<\/em> we want to provision.<\/strong><\/p>\n\n\n\n

      This separation is what allows the setup to scale later into CI\/CD pipelines. A pipeline doesn\u2019t need to know anything about VM names, IPs, templates, or network settings. It simply notices that a new host_vars<\/code> file appeared and runs the provisioning workflow for that machine. Clean, elegant, and future-proof.<\/p>\n\n\n\n

      For our first Windows 10 client, we create a metadata file inside:<\/p>\n\n\n\n

      inventories\/lab\/host_vars\/HAM01AP001.yml<\/code><\/pre>\n\n\n\n
      The structure is straightforward:<\/p>\n\n\n\n
      # Windows 10 client metadata\n# Everything Ansible needs for provisioning and post-configuration\n\n# Basic VM identity\nvm_name: \"HAM01AP001\"\ncomputer_name: \"HAM01AP001\"\n\n# Placement in vSphere\nvm_datacenter: \"Datacenter1\"\nvm_cluster: \"Cluster1\"\nvm_folder: \"HAM-Test\"\nvm_datastore: \"DatastoreESXi0_1\"\nvm_network: \"Production\"\n\n\n# Hardware configuration\nvm_cpu: 2\nvm_memory_mb: 4096\nvm_disk_gb: 60\n\n# Template selection (from template mapping defined in group_vars)\nos_family: \"win_client\"\nvm_template: \"{{ win_client_template }}\"\n\n# Static network configuration (used by vSphere Guest Customization)\nip_address: \"192.168.1.60\"\nip_subnet_mask: \"255.255.255.0\"\nip_gateway: \"192.168.1.1\"\ndns_servers:\n  - \"192.168.1.90\"\n  - \"192.168.1.91\"\n\n# Windows local administrator (stored securely in Vault)\nwindows_admin_user: \"Admin\"\nwin_local_admin_password: \"{{ vault_win_admin_password }}\"\n\n# Ansible connection settings (activated after WinRM bootstrap)\nansible_host: \"{{ ip_address }}\"\nansible_connection: winrm\nansible_port: 5985\nansible_user: \"{{ windows_admin_user }}\"\nansible_password: \"{{ win_local_admin_password }}\"\nansible_winrm_transport: ntlm\nansible_winrm_server_cert_validation: ignore<\/code><\/pre>\n\n\n\n
      This single file fully describes the VM from start to finish.
      When the provisioning playbook runs, Ansible loads this metadata and passes it to vCenter via the vmware_guest<\/code> module. After the VM boots and WinRM is enabled through our bootstrap process, the same file already contains everything needed for post-configuration tasks.<\/p>\n\n\n\n
      By keeping all host-specific data in one place, we avoid hard-coding anything in our playbooks and maintain a structure that is clean, scalable, and CI\/CD-friendly.<\/p>\n\n\n\n
      This is the exact pattern used by production automation frameworks:
      machine-specific data lives in inventory, automation logic lives in the playbooks.<\/strong><\/p>\n\n\n\n
      Updating the Inventory for Provisioning<\/h2>\n\n\n\n
      With the VM metadata defined, the inventory only needs to do one thing:
      declare that this machine exists and assign it to the correct group.<\/strong><\/p>\n\n\n\n
      That\u2019s it.
      No IP address, no credentials, no WinRM details \u2014 those all live in host_vars<\/code>, where they belong.<\/p>\n\n\n\n
      Our inventory structure from Part 1 already includes the groups we need:<\/p>\n\n\n\n
        \n
      • windows<\/code>
        \u2514\u2500\u2500 win_clients<\/code>
        \u2514\u2500\u2500 win_servers<\/code><\/li>\n<\/ul>\n\n\n\n
        For a Windows 10 workstation, we simply add the hostname under win_clients<\/code>:<\/p>\n\n\n\n
        inventories\/lab\/inventory.yml\n<\/code><\/pre>\n\n\n\n
        all:\n  children:\n\n    windows:\n      children:\n        win_clients:\n          hosts:\n            HAM01AP001:\n\n        win_servers:\n          hosts: {}\n\n    vcenter:\n      hosts:\n        vcsa.racklab.local:\n<\/code><\/pre>\n\n\n\n
        This is intentionally minimal.
        The inventory\u2019s job is only to:<\/p>\n\n\n\n
          \n
        • declare the host\u2019s logical name<\/strong> (HAM01AP001)<\/li>\n\n\n\n
        • place it in the correct functional group<\/strong> (win_clients)<\/li>\n\n\n\n
        • let Ansible load its matching host_vars\/HAM01AP001.yml<\/code> file<\/li>\n<\/ul>\n\n\n\n
          Notice what\u2019s missing:
          There is no ansible_host<\/strong>, no IP address, no connection settings.<\/p>\n\n\n\n
          Why?<\/p>\n\n\n\n
          Because the VM does not exist yet.<\/p>\n\n\n\n
          In our workflow:<\/p>\n\n\n\n
            \n
          1. During provisioning, Ansible talks only to vCenter.<\/li>\n\n\n\n
          2. vCenter configures the machine\u2019s static IP through Guest Customization.<\/li>\n\n\n\n
          3. After bootstrap enables WinRM, the VM becomes reachable \u2014 using the connection settings stored in host_vars<\/code>.<\/li>\n<\/ol>\n\n\n\n
            This design keeps the inventory clean, predictable, and easy to scale.
            If you add 10 new host_vars files tomorrow, you simply list their logical names in win_clients<\/code>, and everything just works.<\/p>\n\n\n\n
            Playbooks remain generic.
            host_vars contain all host-specific details.
            The inventory remains the lightweight index that ties everything together.<\/p>\n\n\n\n
            Next, we finally get to the interesting part:<\/p>\n\n\n\n
            The Windows 10 Provisioning Playbook<\/h2>\n\n\n\n
            With the inventory in place and all VM-specific metadata defined in host_vars<\/code>, we can finally build the playbook responsible for creating our Windows 10 virtual machine in vSphere. This is the first point where Ansible interacts with vCenter and actually produces a VM.<\/p>\n\n\n\n
            The goal of this playbook is simple:<\/p>\n\n\n\n
              \n
            • clone the VM from the correct template<\/li>\n\n\n\n
            • apply the static IP configuration<\/li>\n\n\n\n
            • set the hostname<\/li>\n\n\n\n
            • choose the cluster, datastore, and folder<\/li>\n\n\n\n
            • attach the correct network<\/li>\n\n\n\n
            • and ensure the VM starts successfully<\/li>\n<\/ul>\n\n\n\n
              All the values come from the host_vars file; the playbook itself contains zero host-specific values<\/strong>.
              This is exactly what makes it reusable.<\/p>\n\n\n\n
              Create the file:<\/p>\n\n\n\n
              playbooks\/provision\/vmware_windows_client.yml\n<\/code><\/pre>\n\n\n\n
              Here is the full playbook:<\/p>\n\n\n\n
              ---\n# Provision Windows 10 client VMs from vSphere templates\n# All VM-specific data comes from host_vars for hosts in the win_clients group.\n\n- name: Provision Windows 10 clients from template\n  hosts: vcenter\n  gather_facts: false\n  collections:\n    - community.vmware\n\n  vars_files:\n    - \"..\/..\/inventories\/lab\/group_vars\/vcenter.yml\"\n\n  tasks:\n    - name: Collect Windows client hosts from inventory\n      set_fact:\n        win_client_hosts: \"{{ groups['win_clients'] | default([]) }}\"\n\n    - name: Fail if no Windows client hosts are defined\n      fail:\n        msg: \"No hosts found in win_clients group. Nothing to provision.\"\n      when: win_client_hosts | length == 0\n\n    - name: Clone Windows 10 VM(s) from template with static IP and customization\n      vmware_guest:\n        # vCenter connection\n        hostname: \"{{ vcenter_hostname }}\"\n        username: \"{{ vcenter_username }}\"\n        password: \"{{ vcenter_password }}\"\n        validate_certs: \"{{ vcenter_validate_certs | default(false) }}\"\n\n        # vSphere placement (per host)\n        datacenter: \"{{ hostvars[vm_name].vm_datacenter }}\"\n        cluster: \"{{ hostvars[vm_name].vm_cluster }}\"\n        folder: \"{{ hostvars[vm_name].vm_folder }}\"\n        datastore: \"{{ hostvars[vm_name].vm_datastore }}\"\n\n        # VM identity and template\n        name: \"{{ hostvars[vm_name].vm_name }}\"\n        template: \"{{ hostvars[vm_name].vm_template }}\"\n\n        # Hardware configuration\n        hardware:\n          memory_mb: \"{{ hostvars[vm_name].vm_memory_mb }}\"\n          num_cpus: \"{{ hostvars[vm_name].vm_cpu }}\"\n\n        # Disk configuration\n        disk:\n          - size_gb: \"{{ hostvars[vm_name].vm_disk_gb }}\"\n            type: thin\n            datastore: \"{{ hostvars[vm_name].vm_datastore }}\"\n\n        # Network with static IP (vSphere Guest Customization)\n        networks:\n          - name: \"{{ hostvars[vm_name].vm_network }}\"\n            type: static\n            ip: \"{{ hostvars[vm_name].ip_address }}\"\n            netmask: \"{{ hostvars[vm_name].ip_subnet_mask }}\"\n            gateway:\n              - \"{{ hostvars[vm_name].ip_gateway }}\"\n            dns_servers: \"{{ hostvars[vm_name].dns_servers }}\"\n\n        # Windows guest customization\n        customization:\n          hostname: \"{{ hostvars[vm_name].computer_name }}\"\n          joinworkgroup: \"WORKGROUP\"\n          fullname: \"Automation\"\n          orgname: \"Lab\"\n          timezone: 110\n\n        state: poweredon\n        wait_for_ip_address: false\n        wait_for_customization: true\n\n      loop: \"{{ win_client_hosts }}\"\n      loop_control:\n        loop_var: vm_name\n      register: win10_vms\n\n    - name: Show resulting VM info\n      debug:\n        var: win10_vms\n<\/code><\/pre>\n\n\n\n
              \n\n\n\n
              What this playbook actually does<\/h3>\n\n\n\n
              This is a full provisioning workflow using VMware\u2019s SOAP API:<\/p>\n\n\n\n
                \n
              • Clones<\/strong> from the template defined in host_vars<\/code><\/li>\n\n\n\n
              • Applies a static IP address<\/strong> via Guest Customization<\/li>\n\n\n\n
              • Injects the hostname<\/strong><\/li>\n\n\n\n
              • Attaches the VM to the correct portgroup<\/strong><\/li>\n\n\n\n
              • Defines CPU, RAM, and disk settings<\/li>\n\n\n\n
              • Places the VM in the correct folder, datastore, and cluster<\/li>\n\n\n\n
              • Starts the VM automatically<\/li>\n\n\n\n
              • Waits until customization is complete<\/li>\n<\/ul>\n\n\n\n
                And the key part:<\/p>\n\n\n\n
                All the parameters come from:<\/p>\n\n\n\n
                host_vars\/HAM01AP001.yml\n<\/code><\/pre>\n\n\n\n
                The playbook remains static and generic.<\/p>\n\n\n\n
                \n\n\n\n
                Why is this important?<\/h3>\n\n\n\n
                In enterprise automation, you never duplicate logic.
                A single provisioning playbook should be capable of deploying:<\/p>\n\n\n\n
                  \n
                • 1 Windows 10 workstation<\/li>\n\n\n\n
                • 5 Windows Server domain controllers<\/li>\n\n\n\n
                • 100 application servers<\/li>\n\n\n\n
                • or 2000 machines in a VDI rollout<\/li>\n<\/ul>\n\n\n\n
                  \u2026simply by adding metadata files in host_vars.<\/p>\n\n\n\n
                  This is the entire philosophy behind Ansible\u2019s inventory architecture.<\/p>\n\n\n\n
                  \n\n\n\n
                  Running the playbook<\/h3>\n\n\n\n
                  From your Ansible environment (virtualenv active):<\/p>\n\n\n\n
                  cd ~\/infra-ansible\nsource .venv\/bin\/activate\n\nansible-playbook -i inventories\/lab\/inventory.yml \\\n  playbooks\/provision\/vmware_windows_client.yml \\\n  --ask-vault-pass<\/code><\/pre>\n\n\n\n
                  If everything is configured correctly, your VM appears in vSphere after 2\u20133 minutes with:<\/p>\n\n\n\n
                    \n
                  • the correct name<\/li>\n\n\n\n
                  • the correct static IP<\/li>\n\n\n\n
                  • the correct DNS<\/li>\n\n\n\n
                  • the correct gateway<\/li>\n\n\n\n
                  • and fully completed guest customization without errors<\/li>\n<\/ul>\n\n\n\n
                    No manual sysprep.
                    No UI clicking.
                    No guessing.<\/p>\n\n\n\n
                    Just clean automation.<\/p>\n\n\n\n
                    Bootstrapping WinRM Through VMware Tools<\/h2>\n\n\n\n
                    After provisioning the VM, we have a fully customized Windows 10 machine running in vSphere \u2014 with a hostname, static IP, DNS settings, and VMware Tools operational. However, we still cannot manage it directly from Ansible, because Windows does not come with WinRM enabled by default.<\/p>\n\n\n\n
                    We want Ansible to continue the workflow without any manual steps, so the solution must:<\/p>\n\n\n\n
                      \n
                    • run inside<\/strong> the guest OS<\/li>\n\n\n\n
                    • without requiring WinRM yet<\/li>\n\n\n\n
                    • without requiring credentials over the network<\/li>\n\n\n\n
                    • and without logging into the Windows console<\/li>\n<\/ul>\n\n\n\n
                      Luckily, VMware gives us exactly what we need.<\/p>\n\n\n\n
                      Using vmware_vm_shell<\/code><\/h3>\n\n\n\n
                      This module executes commands inside the VM through VMware Tools<\/strong>, not over WinRM or SSH. That means:<\/p>\n\n\n\n
                        \n
                      • the VM doesn\u2019t need to be reachable on the network<\/li>\n\n\n\n
                      • firewall rules don\u2019t matter yet<\/li>\n\n\n\n
                      • WinRM can be activated entirely offline<\/li>\n\n\n\n
                      • everything happens through the vSphere API<\/li>\n<\/ul>\n\n\n\n
                        This is the ideal method for preparing Windows machines for remote management.<\/p>\n\n\n\n
                        In our case, we will use PowerShell to:<\/p>\n\n\n\n
                          \n
                        1. enable WinRM<\/li>\n\n\n\n
                        2. configure HTTP listener<\/li>\n\n\n\n
                        3. open firewall rules<\/li>\n\n\n\n
                        4. set up basic authentication<\/li>\n\n\n\n
                        5. restart the WinRM service<\/li>\n<\/ol>\n\n\n\n
                          Once these steps are completed, the VM becomes accessible to Ansible through classic WinRM modules (ansible.windows.win_ping<\/code>, win_command<\/code>, win_feature<\/code>, etc.).<\/p>\n\n\n\n
                          \n\n\n\n
                          The WinRM Bootstrap Playbook<\/h3>\n\n\n\n
                          Create the file:<\/p>\n\n\n\n
                          playbooks\/provision\/bootstrap_winrm.yml\n<\/code><\/pre>\n\n\n\n
                          And add the following content:<\/p>\n\n\n\n
                          ---\n# Enable WinRM inside Windows VMs using VMware Tools\n# All VM-specific data is taken from host_vars for hosts in win_clients.\n\n- name: Bootstrap WinRM on Windows VM via VMware Tools\n  hosts: vcenter\n  gather_facts: false\n  collections:\n    - community.vmware\n\n  vars_files:\n    - \"..\/..\/inventories\/lab\/group_vars\/vcenter.yml\"\n\n  tasks:\n\n    - name: Collect Windows client hosts from inventory\n      set_fact:\n        win_client_hosts: \"{{ groups['win_clients'] | default([]) }}\"\n\n    - name: Fail if no Windows client hosts are defined\n      fail:\n        msg: \"No hosts found in win_clients group. Nothing to bootstrap.\"\n      when: win_client_hosts | length == 0\n\n    - name: Enable WinRM and open firewall via VMware Tools\n      vmware_vm_shell:\n        hostname: \"{{ vcenter_hostname }}\"\n        username: \"{{ vcenter_username }}\"\n        password: \"{{ vcenter_password }}\"\n        validate_certs: \"{{ vcenter_validate_certs | default(false) }}\"\n\n        vm_id: \"{{ hostvars[vm_name].vm_name }}\"\n        vm_username: \"{{ hostvars[vm_name].windows_admin_user }}\"\n        vm_password: \"{{ hostvars[vm_name].win_local_admin_password }}\"\n\n        vm_shell: \"C:\\\\Windows\\\\System32\\\\WindowsPowerShell\\\\v1.0\\\\powershell.exe\"\n        vm_shell_args: >\n          -NoProfile -NonInteractive -ExecutionPolicy Bypass\n          -Command \"winrm quickconfig -force;\n                    winrm set winrm\/config\/service\/auth '@{Basic=\\\"true\\\"}';\n                    Set-Item WSMan:\\\\localhost\\\\service\\\\AllowUnencrypted -Value true;\n                    netsh advfirewall firewall add rule name='WinRM 5985' dir=in action=allow protocol=TCP localport=5985;\n                    Restart-Service winrm\"\n\n        wait_for_process: true\n      loop: \"{{ win_client_hosts }}\"\n      loop_control:\n        loop_var: vm_name\n      register: winrm_bootstrap\n\n    - name: Show vmware_vm_shell result\n      debug:\n        var: winrm_bootstrap<\/code><\/pre>\n\n\n\n
                          \n\n\n\n
                          What this playbook actually does<\/h3>\n\n\n\n
                          When executed, Ansible connects to vCenter \u2014 not to Windows.
                          vCenter then uses VMware Tools to run a PowerShell command inside<\/strong> the VM:<\/p>\n\n\n\n
                            \n
                          • WinRM is enabled<\/li>\n\n\n\n
                          • Basic auth is allowed<\/li>\n\n\n\n
                          • The plaintext listener is permitted (lab-friendly)<\/li>\n\n\n\n
                          • Firewall rules are created<\/li>\n\n\n\n
                          • WinRM service is restarted<\/li>\n<\/ul>\n\n\n\n
                            Once finished, the VM is ready for remote management.<\/p>\n\n\n\n
                            cd ~\/infra-ansible\nsource .venv\/bin\/activate\n\nansible-playbook -i inventories\/lab\/inventory.yml \\\n  playbooks\/provision\/bootstrap_winrm.yml \\\n  --ask-vault-pass<\/code><\/pre>\n\n\n\n
                            \n\n\n\n
                            Testing WinRM Connectivity<\/h3>\n\n\n\n
                            After the bootstrap is complete, you can test it directly:<\/p>\n\n\n\n
                            ansible -i inventories\/lab\/inventory.yml HAM01AP001 -m win_ping --ask-vault-pass<\/code><\/pre>\n\n\n\n
                            If everything is configured correctly, you should see:<\/p>\n\n\n\n
                            HAM01AP001 | SUCCESS => {\n    \"changed\": false,\n    \"ping\": \"pong\"\n}<\/code><\/pre>\n\n\n\n
                            This confirms that:<\/p>\n\n\n\n
                              \n
                            • the VM is reachable<\/li>\n\n\n\n
                            • WinRM is functional<\/li>\n\n\n\n
                            • credentials from host_vars are correct<\/li>\n\n\n\n
                            • Ansible is ready for post-provisioning steps<\/li>\n<\/ul>\n\n\n\n
                              At this point, the machine is fully manageable through Ansible.<\/p>\n\n\n\n
                              \n\n\n\n
                              Why this approach is ideal<\/h3>\n\n\n\n
                              This method avoids:<\/p>\n\n\n\n
                                \n
                              • logging into the VM<\/li>\n\n\n\n
                              • running scripts manually<\/li>\n\n\n\n
                              • enabling WinRM via ISO\/USB<\/li>\n\n\n\n
                              • temporary network hacks<\/li>\n\n\n\n
                              • or depending on DHCP connectivity<\/li>\n<\/ul>\n\n\n\n
                                Everything is handled cleanly and remotely through vSphere \u2014 exactly how enterprises automate Windows deployments at scale.<\/p>\n\n\n\n
                                Applying a Baseline Configuration to Windows 10<\/h2>\n\n\n\n
                                Now that WinRM is active and the VM is fully reachable from Ansible, we can finally start applying real configuration. This is where Windows stops being a black box and becomes an automated, predictable part of our infrastructure.<\/p>\n\n\n\n
                                In this section, we\u2019ll walk through a small but representative baseline:<\/p>\n\n\n\n
                                  \n
                                • creating a directory on C:\\<\/li>\n\n\n\n
                                • installing a Windows optional feature<\/li>\n\n\n\n
                                • (optionally) preparing for domain join later<\/li>\n<\/ul>\n\n\n\n
                                  This keeps the example simple, but demonstrates the entire end-to-end flow:<\/p>\n\n\n\n
                                  Ansible \u2192 WinRM \u2192 Windows \u2192 Expected Result<\/p>\n\n\n\n
                                  If this works, anything else you add later (software installs, registry changes, DSC, domain joins, compliance enforcement) will also work.<\/p>\n\n\n\n
                                  \n\n\n\n
                                  The Baseline Playbook<\/h3>\n\n\n\n
                                  Create the file:<\/p>\n\n\n\n
                                  playbooks\/configure\/win10_baseline.yml<\/code><\/pre>\n\n\n\n
                                  And add:<\/p>\n\n\n\n
                                  ---\n# Baseline configuration for Windows 10 clients\n\n- name: Apply baseline configuration to Windows 10 client\n  hosts: win_clients\n  gather_facts: false\n  collections:\n    - ansible.windows\n  vars_files:\n    - \"..\/..\/inventories\/lab\/group_vars\/all\/vault.yml\"\n\n  tasks:\n\n    - name: Verify WinRM connectivity\n      win_ping:\n\n    - name: \"Create tools directory on C:\"\n      win_file:\n        path: \"C:\\\\Tools\"\n        state: directory\n\n    - name: \"Create marker file in C:\\\\Tools with timestamp\"\n      win_shell: |\n        $ts = Get-Date -Format \"yyyy-MM-dd HH:mm:ss\"\n        \"Baseline applied via Ansible on $ts\" | Out-File -FilePath \"C:\\Tools\\baseline.txt\" -Encoding UTF8\n\n    - name: \"Ensure WinRM service is running and set to Automatic\"\n      win_service:\n        name: WinRM\n        start_mode: auto\n        state: started\n<\/code><\/pre>\n\n\n\n
                                  \n\n\n\n
                                  What This Playbook Demonstrates<\/h3>\n\n\n\n
                                  This baseline might look simple, but it proves the most important things:<\/p>\n\n\n\n
                                  \u2022 Ansible can reach the VM over WinRM<\/strong>
                                  Connectivity works, credentials work, and firewall\/WinRM configuration is solid.<\/p>\n\n\n\n
                                  \u2022 Windows responds reliably to automation<\/strong>
                                  Creating directories, writing files, running PowerShell \u2014 all executed cleanly.<\/p>\n\n\n\n
                                  \u2022 The VM is now a fully manageable node<\/strong>
                                  From here you can layer anything:<\/p>\n\n\n\n
                                  \u2013 install applications
                                  \u2013 tune Windows settings
                                  \u2013 join the VM to Active Directory
                                  \u2013 enforce baselines and compliance
                                  \u2013 deploy scripts or agents
                                  \u2013 prepare golden images<\/p>\n\n\n\n
                                  And all future work uses the same structure \u2014 host_vars \u2192 playbook \u2192 results.<\/p>\n\n\n\n
                                  \n\n\n\n
                                  Running the Baseline<\/h3>\n\n\n\n
                                  From the project root:<\/p>\n\n\n\n
                                  cd ~\/infra-ansible\nsource .venv\/bin\/activate\n\nansible-playbook -i inventories\/lab\/inventory.yml playbooks\/configure\/win10_baseline.yml --ask-vault-pass<\/code><\/pre>\n\n\n\n
                                  Here\u2019s what you should expect when running it:<\/p>\n\n\n\n
                                  \u2022 The WinRM connectivity check<\/em> succeeds (ok<\/code>).
                                  \u2022 The C:\\Tools<\/code> directory is created (changed<\/code> on the first run).
                                  \u2022 A baseline.txt<\/code> marker file appears inside C:\\Tools<\/code> (changed<\/code>).
                                  \u2022 The WinRM service is confirmed to be running and set to Automatic (ok<\/code> or changed<\/code>).<\/p>\n\n\n\n
                                  The exact formatting may vary depending on your Ansible callback plugin,
                                  but the key point is that the play finishes cleanly and the expected files show up on the VM.<\/p>\n\n\n\n
                                  From here, expanding the baseline is straightforward \u2014 installing applications, joining the domain, applying security policies, running scripts, or building consistent Windows images all follow the same structure.<\/p>\n\n\n\n
                                  Joining Windows 10 to Active Directory<\/h2>\n\n\n\n
                                  Once our Windows 10 VM is provisioned, bootstrapped, and reachable over WinRM, the next natural step is to integrate it into the domain. In an enterprise environment, this is where a \u201cmachine\u201d officially becomes a \u201cworkstation\u201d. Without domain join, you\u2019re practically stuck in standalone-land \u2014 no policies, no central credentials, no management.<\/p>\n\n\n\n
                                  Fortunately, Ansible makes this step predictable and repeatable.<\/p>\n\n\n\n
                                  In this chapter we\u2019ll:<\/p>\n\n\n\n
                                    \n
                                  • extend the host_vars<\/code> with domain credentials<\/li>\n\n\n\n
                                  • create a dedicated playbook for domain join<\/li>\n\n\n\n
                                  • reboot automatically after completion<\/li>\n\n\n\n
                                  • verify that the join succeeded<\/li>\n<\/ul>\n\n\n\n
                                    This completes the workflow from raw VM \u2192 fully integrated domain member.<\/p>\n\n\n\n
                                    \n\n\n\n
                                    Extending host_vars With Domain Credentials<\/h2>\n\n\n\n
                                    Add the following to your VM\u2019s variable file:<\/p>\n\n\n\n
                                    inventories\/lab\/host_vars\/HAM01AP001.yml<\/code><\/pre>\n\n\n\n
                                    # Active Directory domain to join\ndomain_name: \"corp.local\"\ndomain_admin_user: \"CORP\\\\Administrator\"\n\n# Password stored securely in Vault\ndomain_admin_password: \"{{ vault_domain_join_password }}\"<\/code><\/pre>\n\n\n\n
                                    These settings are host-specific, which is why they belong in host_vars.<\/p>\n\n\n\n
                                    All sensitive values continue to live inside Vault (vault_domain_join_password<\/code>).<\/p>\n\n\n\n
                                    \n\n\n\n
                                    The AD Join Playbook<\/h2>\n\n\n\n
                                    Create:<\/p>\n\n\n\n
                                    playbooks\/configure\/win10_domain_join.yml<\/code><\/pre>\n\n\n\n
                                    And add:<\/p>\n\n\n\n
                                    ---\n# Join Windows 10 client to Active Directory\n\n- name: Join Windows 10 client to Active Directory\n  hosts: win_clients\n  gather_facts: false\n  collections:\n    - microsoft.ad\n    - ansible.windows\n  vars_files:\n    - \"..\/..\/inventories\/lab\/group_vars\/all\/vault.yml\"\n\n  tasks:\n\n    - name: Verify WinRM connectivity before attempting domain join\n      win_ping:\n\n    - name: \"Ensure C:\\\\Tools exists (safety check)\"\n      win_file:\n        path: \"C:\\\\Tools\"\n        state: directory\n\n    - name: Join machine to domain\n      microsoft.ad.membership:\n        hostname: \"{{ computer_name }}\"\n        dns_domain_name: \"{{ domain_name }}\"\n        domain_admin_user: \"{{ domain_admin_user }}\"\n        domain_admin_password: \"{{ domain_admin_password }}\"\n        state: domain\n        reboot: false\n      register: domain_join_result\n\n    - name: Reboot if domain join requires it\n      win_reboot:\n        msg: \"Rebooting to complete domain join\"\n        timeout: 600\n      when: domain_join_result.reboot_required | default(false)<\/code><\/pre>\n\n\n\n
                                    \n\n\n\n
                                    Why This Works Reliably<\/h3>\n\n\n\n
                                    1. microsoft.ad.membership is the replacement for the deprecated win_domain_membership module.<\/strong>
                                    It\u2019s fully maintained and works on Windows 10, 11, and all supported Windows Server versions.<\/p>\n\n\n\n
                                    2. Domain join logic is fully idempotent.<\/strong>
                                    If the machine is already joined, the playbook reports ok<\/code> instead of triggering a join.<\/p>\n\n\n\n
                                    3. Automatic reboot handling.<\/strong>
                                    Windows almost always needs a reboot after joining a domain \u2014 Ansible detects this and reboots only when necessary.<\/p>\n\n\n\n
                                    \n\n\n\n
                                    Running the AD Join<\/h3>\n\n\n\n
                                    From the project root:<\/p>\n\n\n\n
                                    cd ~\/infra-ansible\nsource .venv\/bin\/activate\n\nansible-playbook -i inventories\/lab\/inventory.yml playbooks\/configure\/win10_domain_join.yml --ask-vault-pass<\/code><\/pre>\n\n\n\n
                                    Expected output:<\/p>\n\n\n\n
                                      \n
                                    • TASK [Verify WinRM connectivity before attempting domain join] \u2192 ok: [HAM01AP001]<\/li>\n\n\n\n
                                    • TASK [Ensure C:\\Tools exists (safety check)] \u2192 ok: [HAM01AP001]<\/li>\n\n\n\n
                                    • TASK [Join machine to domain] \u2192 changed: [HAM01AP001]<\/li>\n\n\n\n
                                    • TASK [Reboot if domain join requires it] \u2192 changed: [HAM01AP001] (if a reboot is needed)<\/li>\n<\/ul>\n\n\n\n
                                      After reboot, you should be able to log in with a domain account (e.g., CORP\\User).<\/p>\n\n\n\n
                                      This completes the transformation from:<\/p>\n\n\n\n
                                      freshly deployed VM \u2192 domain-integrated workstation<\/strong>
                                      with no manual interaction.<\/p>\n\n\n\n
                                      Bringing It All Together: The Full Windows 10 Provisioning Runbook<\/h2>\n\n\n\n
                                      Up to this point in our automation journey, we built everything in small, clean blocks:<\/p>\n\n\n\n
                                        \n
                                      • we provisioned a Windows 10 VM from a vSphere template<\/li>\n\n\n\n
                                      • we bootstrapped WinRM using VMware Tools<\/li>\n\n\n\n
                                      • we applied a baseline configuration<\/li>\n\n\n\n
                                      • we joined the machine to Active Directory<\/li>\n<\/ul>\n\n\n\n
                                        Each piece worked individually \u2014 great for development, testing, and debugging.<\/p>\n\n\n\n
                                        But in real infrastructure, nobody wants to run four playbooks by hand.
                                        What we want is the DevOps equivalent of a lightsaber<\/em>: press one button, and the whole workflow slices through everything from zero to a fully configured domain workstation.<\/p>\n\n\n\n
                                        So let\u2019s build exactly that.<\/p>\n\n\n\n
                                        A runbook<\/strong>.<\/p>\n\n\n\n
                                        Think of it as the orchestrator: it doesn\u2019t do the work itself, but it knows which sub-playbooks to call, in what order, and under what conditions.<\/p>\n\n\n\n
                                        \n\n\n\n
                                        Why a Runbook?<\/h3>\n\n\n\n
                                        A runbook gives you:<\/p>\n\n\n\n
                                          \n
                                        • one entry point for your entire provisioning workflow<\/li>\n\n\n\n
                                        • a clean separation between logic (runbook) and implementation (playbooks)<\/li>\n\n\n\n
                                        • the ability to drop it into CI\/CD with zero changes<\/li>\n\n\n\n
                                        • consistency: every VM goes through the same steps, the same way, every time<\/li>\n\n\n\n
                                        • easier debugging \u2014 each step is still its own playbook<\/li>\n<\/ul>\n\n\n\n
                                          It\u2019s how large automation frameworks stay maintainable over time.<\/p>\n\n\n\n
                                          \n\n\n\n
                                          The Windows 10 Full Provisioning Runbook<\/h3>\n\n\n\n
                                          Create the file:<\/p>\n\n\n\n
                                          playbooks\/runbooks\/win10_full_deploy.yml<\/code><\/pre>\n\n\n\n
                                          And add:<\/p>\n\n\n\n
                                          ---\n# Full provisioning runbook for Windows 10 clients\n# Steps:\n#   1. Provision VM in vSphere\n#   2. Bootstrap WinRM via VMware Tools\n#   3. Apply baseline configuration\n#   4. Join to Active Directory\n\n- name: Provision Windows 10 VM\n  import_playbook: \"..\/provision\/vmware_windows_client.yml\"\n\n- name: Bootstrap WinRM on newly deployed Windows VM\n  import_playbook: \"..\/provision\/bootstrap_winrm.yml\"\n\n- name: Apply Windows 10 baseline configuration\n  import_playbook: \"..\/configure\/win10_baseline.yml\"\n\n- name: Join Windows 10 to Active Directory\n  import_playbook: \"..\/configure\/win10_domain_join.yml\"<\/code><\/pre>\n\n\n\n
                                          Yes \u2014 that\u2019s everything.
                                          Simple on the outside, powerful on the inside.<\/p>\n\n\n\n
                                          Each component stays testable and reusable, but when combined, they form a complete, end-to-end Windows provisioning pipeline.<\/p>\n\n\n\n
                                          \n\n\n\n
                                          Running the Runbook<\/h3>\n\n\n\n
                                          From the project root:<\/p>\n\n\n\n
                                          cd ~\/infra-ansible\nsource .venv\/bin\/activate\n\nansible-playbook -i inventories\/lab\/inventory.yml playbooks\/runbooks\/win10_full_deploy.yml --ask-vault-pass<\/code><\/pre>\n\n\n\n
                                          What happens next:<\/p>\n\n\n\n
                                            \n
                                          1. A brand-new VM is created in vSphere<\/li>\n\n\n\n
                                          2. VMware Tools executes a PowerShell script to activate WinRM<\/li>\n\n\n\n
                                          3. Ansible connects via WinRM and applies baseline configuration<\/li>\n\n\n\n
                                          4. The VM joins the domain and reboots<\/li>\n\n\n\n
                                          5. You log in with a domain account, and everything \u201cjust works\u201d<\/li>\n<\/ol>\n\n\n\n
                                            This is the moment where the project stops being just a bunch of playbooks\u2026
                                            and becomes real operational automation.<\/p>\n\n\n\n
                                            Wrap-Up: Windows Provisioning Fully Automated<\/h2>\n\n\n\n
                                            In this part, we completed the entire lifecycle of deploying a Windows 10 VM using Ansible and VMware:<\/p>\n\n\n\n
                                              \n
                                            • cloned the VM from a vSphere template using OS customization<\/li>\n\n\n\n
                                            • bootstrapped WinRM remotely through VMware Tools<\/li>\n\n\n\n
                                            • verified full remote execution via Ansible<\/li>\n\n\n\n
                                            • applied a baseline configuration<\/li>\n\n\n\n
                                            • joined the machine to Active Directory<\/li>\n\n\n\n
                                            • confirmed that everything works end-to-end<\/li>\n<\/ul>\n\n\n\n
                                              At this point, Windows provisioning is no longer a manual task \u2014 it\u2019s fully automated, reproducible, and ready to scale.<\/p>\n\n\n\n
                                              So what\u2019s next?<\/p>\n\n\n\n
                                              In the next article, we\u2019ll extend the framework beyond Windows and start provisioning and configuring Linux systems<\/strong> (Debian and RedHat). We\u2019ll look at SSH key injection, cloud-init-like setups, OS-specific roles, and how to reuse the same repository structure for multiple platforms.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                              In the first part of this series, we built the foundation of our automation framework: a clean directory structure, proper inventories, OS-specific variable separation, secure Vault usage, and the vCenter settings that glue everything together. Think of it as laying out all tools on the workbench before touching the actual machine. Now comes the fun […]<\/p>\n","protected":false},"author":1,"featured_media":4707,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_FSMCFIC_featured_image_caption":"","_FSMCFIC_featured_image_nocaption":"","_FSMCFIC_featured_image_hide":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-4667","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"\nProvisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Provisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT\" \/>\n<meta property=\"og:description\" content=\"In the first part of this series, we built the foundation of our automation framework: a clean directory structure, proper inventories, OS-specific variable separation, secure Vault usage, and the vCenter settings that glue everything together. Think of it as laying out all tools on the workbench before touching the actual machine. Now comes the fun […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/\" \/>\n<meta property=\"og:site_name\" content=\"IT-REACT\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-28T10:18:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-28T10:20:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"540\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ioan Penu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ioan Penu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/\"},\"author\":{\"name\":\"Ioan Penu\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#\\\/schema\\\/person\\\/bf08cffeb4b02ee6baff5d56ab17c8f0\"},\"headline\":\"Provisioning a Windows 10 Client from a vSphere Template (2nd part)\",\"datePublished\":\"2025-11-28T10:18:41+00:00\",\"dateModified\":\"2025-11-28T10:20:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/\"},\"wordCount\":2518,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#\\\/schema\\\/person\\\/bf08cffeb4b02ee6baff5d56ab17c8f0\"},\"image\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.it-react.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/\",\"url\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/\",\"name\":\"Provisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.it-react.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg\",\"datePublished\":\"2025-11-28T10:18:41+00:00\",\"dateModified\":\"2025-11-28T10:20:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.it-react.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg\",\"contentUrl\":\"https:\\\/\\\/www.it-react.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg\",\"width\":1024,\"height\":540,\"caption\":\"Photo by Marek Piwnicki on Unsplash\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/index.php\\\/2025\\\/11\\\/28\\\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.it-react.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Provisioning a Windows 10 Client from a vSphere Template (2nd part)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#website\",\"url\":\"https:\\\/\\\/www.it-react.com\\\/\",\"name\":\"it-react\",\"description\":\"Ctrl\u2022Alt\u2022Automate\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#\\\/schema\\\/person\\\/bf08cffeb4b02ee6baff5d56ab17c8f0\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.it-react.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.it-react.com\\\/#\\\/schema\\\/person\\\/bf08cffeb4b02ee6baff5d56ab17c8f0\",\"name\":\"Ioan Penu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g\",\"caption\":\"Ioan Penu\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Provisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/","og_locale":"en_US","og_type":"article","og_title":"Provisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT","og_description":"In the first part of this series, we built the foundation of our automation framework: a clean directory structure, proper inventories, OS-specific variable separation, secure Vault usage, and the vCenter settings that glue everything together. Think of it as laying out all tools on the workbench before touching the actual machine. Now comes the fun […]","og_url":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/","og_site_name":"IT-REACT","article_published_time":"2025-11-28T10:18:41+00:00","article_modified_time":"2025-11-28T10:20:10+00:00","og_image":[{"width":1024,"height":540,"url":"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg","type":"image\/jpeg"}],"author":"Ioan Penu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ioan Penu","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#article","isPartOf":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/"},"author":{"name":"Ioan Penu","@id":"https:\/\/www.it-react.com\/#\/schema\/person\/bf08cffeb4b02ee6baff5d56ab17c8f0"},"headline":"Provisioning a Windows 10 Client from a vSphere Template (2nd part)","datePublished":"2025-11-28T10:18:41+00:00","dateModified":"2025-11-28T10:20:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/"},"wordCount":2518,"commentCount":0,"publisher":{"@id":"https:\/\/www.it-react.com\/#\/schema\/person\/bf08cffeb4b02ee6baff5d56ab17c8f0"},"image":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#primaryimage"},"thumbnailUrl":"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/","url":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/","name":"Provisioning a Windows 10 Client from a vSphere Template (2nd part) - IT-REACT","isPartOf":{"@id":"https:\/\/www.it-react.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#primaryimage"},"image":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#primaryimage"},"thumbnailUrl":"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg","datePublished":"2025-11-28T10:18:41+00:00","dateModified":"2025-11-28T10:20:10+00:00","breadcrumb":{"@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#primaryimage","url":"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg","contentUrl":"https:\/\/www.it-react.com\/wp-content\/uploads\/2025\/11\/marek-piwnicki-4kyb_KApK1E-unsplash-e1764323839352.jpg","width":1024,"height":540,"caption":"Photo by Marek Piwnicki on Unsplash"},{"@type":"BreadcrumbList","@id":"https:\/\/www.it-react.com\/index.php\/2025\/11\/28\/provisioning-a-windows-10-client-from-a-vsphere-template-2nd-part\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.it-react.com\/"},{"@type":"ListItem","position":2,"name":"Provisioning a Windows 10 Client from a vSphere Template (2nd part)"}]},{"@type":"WebSite","@id":"https:\/\/www.it-react.com\/#website","url":"https:\/\/www.it-react.com\/","name":"it-react","description":"Ctrl\u2022Alt\u2022Automate","publisher":{"@id":"https:\/\/www.it-react.com\/#\/schema\/person\/bf08cffeb4b02ee6baff5d56ab17c8f0"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.it-react.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.it-react.com\/#\/schema\/person\/bf08cffeb4b02ee6baff5d56ab17c8f0","name":"Ioan Penu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g","caption":"Ioan Penu"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/2a2a1b6be0f322a113eea11669895227e284c6091424d65be6c3c706c2822975?s=96&d=mm&r=g"}}]}},"_links":{"self":[{"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/posts\/4667","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/comments?post=4667"}],"version-history":[{"count":26,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/posts\/4667\/revisions"}],"predecessor-version":[{"id":4714,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/posts\/4667\/revisions\/4714"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/media\/4707"}],"wp:attachment":[{"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/media?parent=4667"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/categories?post=4667"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.it-react.com\/index.php\/wp-json\/wp\/v2\/tags?post=4667"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}