voc/win_ansible_role_rdp
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity
win_ansible_role_rdp/tasks/main.yml
L3D c056aa8dd8
disable wddm
2022-12-31 19:10:47 +01:00

55 lines
2 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: Create dir .ansible\status
ansible.windows.win_powershell:
script: '[System.IO.Directory]::CreateDirectory(".ansible\status")'
creates: '.ansible\status'
register: _a
- name: Create dir .ansible\status
ansible.windows.win_powershell:
script: 'attrib +h .ansible'
changed_when: _a.changed
- name: Touch a file (creates if not present, updates modification time if present)
ansible.windows.win_copy:
dest: .ansible\status\rdp.txt
content: 'Ansible opened RDP on this host'
register: _a
# https://exchangepedia.com/2016/10/enable-remote-desktop-rdp-connections-for-admins-on-windows-server-2016.html
- name: Enable Remote Desktop connections
ansible.windows.win_powershell:
script: 'Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\ -Name “fDenyTSConnections” -Value 0'
changed_when: _a.changed
- name: Enable Network Level Authentication
ansible.windows.win_powershell:
script: 'Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ -Name “UserAuthentication” -Value 1'
changed_when: _a.changed
- name: Enable Remote Desktop connections
ansible.windows.win_powershell:
script: 'Enable-NetFirewallRule -DisplayGroup “Remote Desktop”'
changed_when: _a.changed
- name: Firewall rule to allow RDP on TCP port 3389
community.windows.win_firewall_rule:
name: Remote Desktop
localport: 3389
action: allow
direction: in
protocol: tcp
profiles: private
state: present
enabled: true
- name: "Allow RDP for User {{ win__special_rdp_user }}"
ansible.windows.win_powershell:
script: 'Add-LocalGroupMember -Group "Remote Desktop Users" -Member {{ win__special_rdp_user }}'
when: win__allow_special_rdp_user | bool
changed_when: _a.changed
- name: Windows RDP disable wddm
ansible.windows.win_powershell:
script: 'REG ADD “HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” /v “fEnableWddmDriver” /t REG_DWORD /d 0 /f'
changed_when: _a.changed
Reference in a new issue View git blame Copy permalink