---
- name: Create dir .ansible\status
  ansible.windows.win_powershell:
    script: '[System.IO.Directory]::CreateDirectory(".ansible\status")'
    creates: '.ansible\status'
  register: _a

- name: Create dir .ansible\status
  ansible.windows.win_powershell:
    script: 'attrib +h .ansible'
  changed_when: _a.changed

- name: Touch a file (creates if not present, updates modification time if present)
  ansible.windows.win_copy:
    dest: .ansible\status\rdp.txt
    content: 'Ansible opened RDP on this host'
  register: _a

# https://exchangepedia.com/2016/10/enable-remote-desktop-rdp-connections-for-admins-on-windows-server-2016.html
- name: Enable Remote Desktop connections
  ansible.windows.win_powershell:
    script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0'
  changed_when: _a.changed

- name: Enable Network Level Authentication
  ansible.windows.win_powershell:
    script: 'Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1'
  changed_when: _a.changed

- name: Enable Remote Desktop connections
  ansible.windows.win_powershell:
    script: 'Enable-NetFirewallRule -DisplayGroup “Remote Desktop”'
  changed_when: _a.changed

- name: Firewall rule to allow RDP on TCP port 3389
  community.windows.win_firewall_rule:
    name: Remote Desktop
    localport: 3389
    action: allow
    direction: in
    protocol: tcp
    profiles: private
    state: present
    enabled: true

- name: "Allow RDP for User {{ win__special_rdp_user }}"
  ansible.windows.win_powershell:
    script: 'Add-LocalGroupMember -Group "Remote Desktop Users" -Member {{ win__special_rdp_user }}'
  when: win__allow_special_rdp_user | bool
  changed_when: _a.changed

- name: Windows RDP disable wddm
  ansible.windows.win_powershell:
    script: 'REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” /v “fEnableWddmDriver” /t REG_DWORD /d 0 /f'
  changed_when: _a.changed