-
Notifications
You must be signed in to change notification settings - Fork 97
/
Copy pathrdesktop.yml
143 lines (126 loc) · 4.44 KB
/
rdesktop.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
- hosts: all:!netwerk:!wifi
tasks:
- name: Test system connection
wait_for_connection:
timeout: 30
- setup:
- name: Ensure we are on a private network
win_shell: |
Set-NetConnectionProfile -NetworkCategory Private -InterfaceAlias "LAN-Verbinding" -ErrorAction SilentlyContinue
Set-NetConnectionProfile -NetworkCategory Private -InterfaceAlias "Local Area Connection" -ErrorAction SilentlyContinue
Set-NetConnectionProfile -NetworkCategory Private -InterfaceAlias "Ethernet" -ErrorAction SilentlyContinue
Set-NetConnectionProfile -NetwerkCategory Private -InterfaceAlias "Draadloze netwerkverbinding" -ErrorAction SilentlyContinu
Set-NetConnectionProfile -NetworkCategory Private -InterfaceAlias "Wi-Fi" -ErrorAction SilentlyContinue
ignore_errors: yes
tags: private
# Only do this for non-Pro versions
- name: Only run this for Home edition
when: ansible_os_name not in ( "Microsoft Windows 10 Pro", "Microsoft Windows 7 Professional" )
block:
- name: Copy rfxvmt.dll from network share
win_copy:
src: '\\DISKSTATION01\ictadmin\Windows\Windows 10\{{ ansible_distribution_version }}.{{ ansible_architecture }}\rfxvmt.dll'
dest: C:\Windows\Temp\rfxvmt.dll
remote_src: yes
become: yes
ignore_errors: yes
- name: Replace rfxvmt.dll to C:\Windows\System32
win_copy:
src: C:\Windows\Temp\rfxvmt.dll
dest: C:\Windows\System32\rfxvmt.dll
remote_src: yes
ignore_errors: yes
- name: Ensure rdpwrap is installed
win_chocolatey:
name: rdpwrapper
state: present
# state: '{{ "absent" if ansible_os_name == "Windows 10 Pro" else "present" }}'
ignore_errors: yes
- name: Run install.bat
win_shell: cmd.exe /C C:\ProgramData\chocolatey\lib\rdpwrapper\tools\install.bat
changed_when: no
ignore_errors: yes
- name: Run update.bat
win_shell: cmd.exe /C C:\ProgramData\chocolatey\lib\rdpwrapper\tools\update.bat
changed_when: no
ignore_errors: yes
# Only do this for non-Pro versions
- name: Update rdpwrap config
win_psexec:
command: C:\ProgramData\chocolatey\lib\rdpwrapper\tools\RDPWInst.exe -w
system: yes
changed_when: no
ignore_errors: yes
when: ansible_os_name != "Microsoft Windows 10 Pro"
tags: update
- name: Ensure RDPWInst.exe is run daily
win_scheduled_task:
name: RDPWinst
description: Update RDPwrap config
executable: C:\ProgramData\chocolatey\lib\rdpwrapper\tools\RDPWInst.exe
arguments: -w
time: 5pm
frequency: daily
enabled: yes
user: SYSTEM
# Reimplement RDPConf.exe in Ansible
- name: Configure RDP firewall rule
win_firewall_rule:
name: Remote Desktop - User Mode (TCP-In)
localport: 3389
action: allow
direction: in
protocol: tcp
profiles: private
state: present
enabled: yes
#ignore_errors: yes
register: fw
tags: firewall
# Do this for all Windows 10 systems
- name: Enable Terminal Server
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server
name: '{{ item.name }}'
data: '{{ item.data }}'
type: dword
with_items:
- { name: fDenyTSConnections, data: 0 }
- { name: fSingleSessionPerUser, data: 0 }
tags: registry
- name: Set RDP/tcp settings
win_regedit:
path: HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
name: '{{ item.name }}'
data: '{{ item.data }}'
type: dword
with_items:
- { name: PortNumber, data: 3389 }
- { name: SecurityLayer, data: 1 }
- { name: UserAuthentication, data: 0 }
- { name: Shadow, data: 1 }
tags: registry
- name: Set Terminal Services Shadow
win_regedit:
path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
name: Shadow
data: 1
type: dword
tags: registry
- name: Set normal user selection on boot
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
name: dontdisplaylastusername
data: 0
type: dword
tags: registry
- name: Ensure Terminal Services is running
win_service:
name: TermService
startmode: auto
state: started
force: yes
force_dependent_services: yes
tags: service
# Reboot is not required
# - win_reboot: