Using ConfigMgmt to add WindowsCapability

I am trying to use an ansible-playbook to install ServerCore.AppCampatiblity

- name: Add FOD |
       Import-Module -Name DISM -SkipEditionCheck
       Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~

    amazon-ebs: TASK [Add FOD (Features on Demand)] ********************************************
    amazon-ebs: fatal: [default]: FAILED! => {"changed": true, "cmd": "Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~", 
"delta": "0:00:18.641505", "end": "2021-09-13 10:24:37.593684", "msg": 
"non-zero return code", "rc": 1, "start": "2021-09-13 10:24:18.952178", "stderr":
 "Add-WindowsCapability : Access is denied.\r\nAt line:1 char:65\r\n+ ... ing $false; 
Add-WindowsCapability -Online -Name ServerCore.AppCompati ...\r\n+       
+ CategoryInfo          : NotSpecified: (:) [Add-WindowsCapability], COMException\r\n
    + FullyQualifiedErrorId : 
Microsoft.Dism.Commands.AddWindowsCapabilityCommand", "stderr_lines": ["Add-
WindowsCapability : Access is denied.", "At line:1 char:65", "+ ... ing $false; Add-WindowsCapability -Online -Name ServerCore.AppCompati ...", "+     
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", " 
   + CategoryInfo          : NotSpecified: (:) [Add-WindowsCapability], COMException", "   
 + FullyQualifiedErrorId : Microsoft.Dism.Commands.AddWindowsCapabilityCommand"], "stdout": "", "stdout_lines": []}

I thought if I could find how Windowscapability is configured with DSC, I could get past this issue.

Since the error message says Access Denied, can you try with ansible become with a higher privileged user ?

Do you know if DSC can be used to install WindowsCapablity features? Is there a resource for this? It seems to me if I can get this to work with DSC, I can get it to deploy. This playbook runs 15 other configurations fine, including add Window Features.

I may have misunderstood your need but shouldn’t Add-WindowsCapability be enough for this purpose?

That is what I ran above, and it did not work.

Ooops … I missed that … sorry. :wink: But why does it have to be used with DSC. Can’t you run it just by itself? … with sufficient rights to the target system of course …

All of the other PowerShell cmdlets run fine. It preforms over 15 other configurations fine. I did find this article saying they were having issue running the remote.

I thought Ansible run as admin as default, that is the account that it connects with.

It appears the resource you’re looking for is part of the ComputerManagementDsc module.\DSC_WindowsCapability\DSC_WindowsCapability.psm1

It was just an idea because the error message states “Access is denied”. Unfortunately I don’t have any experience with Ansible. Sorry.

Here is the correct answer that runs properly.

### Barried somewhere in here are all the pieces of this with no example or clear explanation:


- hosts: all
  gather_facts: no
  become_method: runas

  - name: Create directory structure
      path: C:\vsts\IA
      state: directory

  - name: Add FOD |
      Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~
    become: yes
    become_user: administrator

  - name: Test FOD |
      $WinCapObj = Get-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~
      Write-Output -InputObject "Current State of FOD:: $($WinCapObj.State)"

  - name: Reboot if required