YAML Guide#

Playbooks are primarily written in YAML, a markup language typically used to store sets of data.

We use YAML for what we call tasks, which can include a set of actions, or include other tasks.

Getting Started#

To start using YAML with your Playbook, begin by creating a Configuration folder in the root of your Playbook, then create a file named custom.yml within.

This file will be where AME Wizard begins parsing your Playbook configration.

Next, we’ll add some example configuration files for custom.yml to include later. Start by creating a new folder within Configuration called tasks, or any name of choice, as long as it is consistent with the file references used in step Writing The YAML.

Inside the new tasks directory, create some more files with the .yml file extension, and name them according to what types of actions they will perform. See the below directory structure example for inspiration.

- Configuration
    - custom.yml
    - tasks
        - registry.yml
        - services.yml
        - appx.yml
        - software.yml

Writing The YAML#

With our directory structure and files prepared, we can now begin writing the YAML itself. For this task, we recommend using Sublime Text, or Visual Studio Code if you are unable to acquire Sublime Text.

Using your text editor of choice, open your Playbook’s root directory, and navigate to custom.yml.

Inside this file, add the following lines:

title: Custom
description: Custom configuration
privilege: Admin
actions: []
- tasks\registry.yml
- tasks\services.yml
- tasks\appx.yml
- tasks\software.yml

Change the included tasks to match the file names you created before, if different.

Implementing Actions#

With that out of the way, we can dive into using actions.

Navigate to your tasks directory, and begin modifying a task file of choice. For this example, we will edit registry.yml.

title: Registry Edits
description: Performs registry edits
privilege: TrustedInstaller

    # Remove SecurityHealth from startup
  - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', value: 'SecurityHealth', operation: delete}
  - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run', value: 'SecurityHealth', operation: delete}
    # Disables SmartScreen
  - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer', value: 'SmartScreenEnabled', type: REG_SZ, data: 'Off'}
    # Disable Windows Error Reporting
  - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting', value: 'Disabled', type:  REG_DWORD, data: '1'}
    # Disable Users On Login Screen
  - !registryValue: {path: 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', value: 'dontdisplaylastusername', type: REG_DWORD, data: '1'}


For strings, we highly recommend using single quotes, like in this example. Single quoted strings are read literally, whereas normally quoted strings can try to interpret certain characters like backslashes. Note that any single quotes inside must be doubled up.

Past this point, you can begin reading our documentation on actions, and implement them into your Playbook as you please. Feel free to use other Playbooks as guidance.


At the current time, tasks should not switch between Admin and TrustedInstaller privileges more than once, as this can cause issues with AME Wizard.
We recommend simply using TrustedInstaller for every task, as it has the highest permission level, and using the Admin permission level provides no real benefits.