Create rdp rulez

This commit is contained in:
L3D 2022-12-30 01:32:02 +01:00
parent 0b2a706fa7
commit c3a8c3ab35
Signed by: l3d
GPG key ID: CD08445BFF4313D1
2 changed files with 40 additions and 1 deletions

View file

@ -1,6 +1,6 @@
MIT License
Copyright (c) <year> <copyright holders>
Copyright (c) 2022 L3D <l3d@c3woc.de>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

39
tasks/main.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Create dir .ansible\status
ansible.windows.win_powershell:
script: '[System.IO.Directory]::CreateDirectory(".ansible\status")'
creates: '.ansible\status'
register: _a
- name: Create dir .ansible\status
ansible.windows.win_powershell:
script: 'attrib +h .ansible'
changed_when: _a.changed
- name: Touch a file (creates if not present, updates modification time if present)
ansible.windows.win_file:
path: .ansible\status\rdp.txt
state: touch
register: _a
# https://exchangepedia.com/2016/10/enable-remote-desktop-rdp-connections-for-admins-on-windows-server-2016.html
- name: Enable Remote Desktop connections
ansible.windows.win_powershell:
script: 'Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\ -Name “fDenyTSConnections” -Value 0'
changed_when: _a.changed
- name: Enable Network Level Authentication
ansible.windows.win_powershell:
script: 'Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ -Name “UserAuthentication” -Value 1'
changed_when: _a.changed
- name: Firewall rule to allow RDP on TCP port 3389
community.windows.win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
profiles: private
state: present
enabled: true