Rolling Update Windows-like systems — Ansible module win_updates

How to automate the Windows Update process and rebook if needed on Windows-like systems using Ansible Playbook and win_updates module.

Ansible Pilot
5 min readMar 16, 2022


How to perform Rolling Update with Ansible on Windows-like systems?

Every System Administrator knows how important is to maintain an up-to-date fleet in a consistent state.
I’m going to show you a live demo with some simple Ansible code.
I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible Rolling Update Windows-like systems

  • ``
  • Download and install Windows updates

Today we’re talking about the Ansible module `win_updates`.

The full name is ` `, which means that is part of the collection of modules specialized to interact with Windows target host.

It’s a module pretty stable and out for years.

It works in Windows and Windows Server operating systems.

It downloads and installs Windows updates.

For Linux target use the `yum` module for RedHat-like systems, `apt` for Debian-like, and `zypper` for Suse-like.


  • category_names string — CriticalUpdates, DefinitionUpdates, DeveloperKits, FeaturePacks, SecurityUpdates, ServicePacks, UpdateRollups
  • state string — searched / downloaded / installed
  • reboot boolean /reboot_timeout — no/yes
  • log_path path — append log file
  • accept_list / reject_list list — titles or KB to whitelist or blacklist

The parameter list is pretty wide but today we are focused only on the relevant for our use case.

The most important is “category_names”. The options are a lot here. The default is to enable only “CriticalUpdates”…



Ansible Pilot

I help creative Automation DevOps, Cloud Engineer, System Administrator, and IT Professional to succeed with Ansible Technology to automate more things everyday