From c3a8c3ab3519ddf0e223d21f192a316b9851db52 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Fri, 30 Dec 2022 01:32:02 +0100
Subject: [PATCH] Create rdp rulez

---
 LICENSE        |  2 +-
 tasks/main.yml | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 tasks/main.yml

diff --git a/LICENSE b/LICENSE
index 2071b23..22cd01f 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) <year> <copyright holders>
+Copyright (c) 2022 L3D <l3d@c3woc.de>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..b4b58a7
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Create dir .ansible\status
+  ansible.windows.win_powershell:
+    script: '[System.IO.Directory]::CreateDirectory(".ansible\status")'
+    creates: '.ansible\status'
+  register: _a
+
+- name: Create dir .ansible\status
+  ansible.windows.win_powershell:
+    script: 'attrib +h .ansible'
+  changed_when: _a.changed
+
+- name: Touch a file (creates if not present, updates modification time if present)
+  ansible.windows.win_file:
+    path: .ansible\status\rdp.txt
+    state: touch
+  register: _a
+
+# https://exchangepedia.com/2016/10/enable-remote-desktop-rdp-connections-for-admins-on-windows-server-2016.html
+- name: Enable Remote Desktop connections
+  ansible.windows.win_powershell:
+    script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0'
+  changed_when: _a.changed
+
+- name: Enable Network Level Authentication
+  ansible.windows.win_powershell:
+    script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1'
+  changed_when: _a.changed
+
+- name: Firewall rule to allow RDP on TCP port 3389
+  community.windows.win_firewall_rule:
+    name: Remote Desktop
+    localport: 3389
+    action: allow
+    direction: in
+    protocol: tcp
+    profiles: private
+    state: present
+    enabled: true