ansible.builtin.win_rds_cap (v2.9.27) — module

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

Creates, removes and configures a Remote Desktop connection authorization policy (RD CAP).

A RD CAP allows you to specify the users who can connect to a Remote Desktop Gateway server.

Requirements

• Windows Server 2008R2 (6.1) or higher.
• The Windows Feature "RDS-Gateway" must be enabled.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Create a new RDS CAP with a 30 minutes timeout and clipboard redirection enabled
  win_rds_cap:
    name: My CAP
    user_groups:
      - BUILTIN\users
    session_timeout: 30
    session_timeout_action: disconnect
    allow_only_sdrts_servers: yes
    redirect_clipboard: yes
    redirect_drives: no
    redirect_printers: no
    redirect_serial: no
    redirect_pnp: no
    state: enabled

Inputs

    
name:
    description:
    - Name of the connection authorization policy.
    required: true
    type: str

order:
    description:
    - Evaluation order of the policy.
    - The CAP in which I(order) is set to a value of '1' is evaluated first.
    - By default, a newly created CAP will take the first position.
    - If the given value exceed the total number of existing policies, the policy will
      take the last position but the evaluation order will be capped to this number.
    type: int

state:
    choices:
    - absent
    - enabled
    - disabled
    - present
    default: present
    description:
    - The state of connection authorization policy.
    - If C(absent) will ensure the policy is removed.
    - If C(present) will ensure the policy is configured and exists.
    - If C(enabled) will ensure the policy is configured, exists and enabled.
    - If C(disabled) will ensure the policy is configured, exists, but disabled.
    type: str

auth_method:
    choices:
    - both
    - none
    - password
    - smartcard
    description:
    - Specifies how the RD Gateway server authenticates users.
    - When a new CAP is created, the default value is C(password).
    type: str

user_groups:
    description:
    - A list of user groups that is allowed to connect to the Remote Gateway server.
    - Required when a new CAP is created.
    type: list

idle_timeout:
    description:
    - Specifies the time interval, in minutes, after which an idle session is disconnected.
    - A value of zero disables idle timeout.
    type: int

redirect_pnp:
    description:
    - Allow Plug and Play devices redirection.
    type: bool

computer_groups:
    description:
    - A list of computer groups that is allowed to connect to the Remote Gateway server.
    type: list

redirect_drives:
    description:
    - Allow disk drive redirection.
    type: bool

redirect_serial:
    description:
    - Allow serial port redirection.
    type: bool

session_timeout:
    description:
    - The maximum time, in minutes, that a session can be idle.
    - A value of zero disables session timeout.
    type: int

redirect_printers:
    description:
    - Allow printers redirection.
    type: bool

redirect_clipboard:
    description:
    - Allow clipboard redirection.
    type: bool

session_timeout_action:
    choices:
    - disconnect
    - reauth
    default: disconnect
    description:
    - The action the server takes when a session times out.
    - 'C(disconnect): disconnect the session.'
    - 'C(reauth): silently reauthenticate and reauthorize the session.'
    type: str

allow_only_sdrts_servers:
    description:
    - Specifies whether connections are allowed only to Remote Desktop Session Host servers
      that enforce Remote Desktop Gateway redirection policy.
    type: bool

See also

• win_rds_cap
• win_rds_rap
• win_rds_settings