2022-12-30 01:32:02 +01:00
|
|
|
|
---
|
|
|
|
|
|
- name: Create dir .ansible\status
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: '[System.IO.Directory]::CreateDirectory(".ansible\status")'
|
|
|
|
|
|
creates: '.ansible\status'
|
|
|
|
|
|
register: _a
|
|
|
|
|
|
|
|
|
|
|
|
- name: Create dir .ansible\status
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'attrib +h .ansible'
|
|
|
|
|
|
changed_when: _a.changed
|
|
|
|
|
|
|
|
|
|
|
|
- name: Touch a file (creates if not present, updates modification time if present)
|
2022-12-30 01:52:49 +01:00
|
|
|
|
ansible.windows.win_copy:
|
|
|
|
|
|
dest: .ansible\status\rdp.txt
|
|
|
|
|
|
content: 'Ansible opened RDP on this host'
|
2022-12-30 01:32:02 +01:00
|
|
|
|
register: _a
|
|
|
|
|
|
|
|
|
|
|
|
# https://exchangepedia.com/2016/10/enable-remote-desktop-rdp-connections-for-admins-on-windows-server-2016.html
|
|
|
|
|
|
- name: Enable Remote Desktop connections
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0'
|
|
|
|
|
|
changed_when: _a.changed
|
|
|
|
|
|
|
|
|
|
|
|
- name: Enable Network Level Authentication
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1'
|
|
|
|
|
|
changed_when: _a.changed
|
|
|
|
|
|
|
2022-12-31 15:50:03 +01:00
|
|
|
|
- name: Enable Remote Desktop connections
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'Enable-NetFirewallRule -DisplayGroup “Remote Desktop”'
|
|
|
|
|
|
changed_when: _a.changed
|
|
|
|
|
|
|
2022-12-30 01:32:02 +01:00
|
|
|
|
- name: Firewall rule to allow RDP on TCP port 3389
|
|
|
|
|
|
community.windows.win_firewall_rule:
|
|
|
|
|
|
name: Remote Desktop
|
|
|
|
|
|
localport: 3389
|
|
|
|
|
|
action: allow
|
|
|
|
|
|
direction: in
|
|
|
|
|
|
protocol: tcp
|
|
|
|
|
|
profiles: private
|
|
|
|
|
|
state: present
|
|
|
|
|
|
enabled: true
|
2022-12-30 01:52:49 +01:00
|
|
|
|
|
|
|
|
|
|
- name: "Allow RDP for User {{ win__special_rdp_user }}"
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'Add-LocalGroupMember -Group "Remote Desktop Users" -Member {{ win__special_rdp_user }}'
|
|
|
|
|
|
when: win__allow_special_rdp_user | bool
|
2022-12-30 01:53:31 +01:00
|
|
|
|
changed_when: _a.changed
|
2022-12-31 19:10:47 +01:00
|
|
|
|
|
|
|
|
|
|
- name: Windows RDP disable wddm
|
|
|
|
|
|
ansible.windows.win_powershell:
|
|
|
|
|
|
script: 'REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” /v “fEnableWddmDriver” /t REG_DWORD /d 0 /f'
|
|
|
|
|
|
changed_when: _a.changed
|
