win_rds_cap – Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server

New in version 2.8.

Synopsis
Requirements
Parameters
See Also
Examples
Status

Synopsis

Creates, removes and configures a Remote Desktop connection authorization policy (RD CAP).
A RD CAP allows you to specify the users who can connect to a Remote Desktop Gateway server.

Requirements

The below requirements are needed on the host that executes this module.

Windows Server 2008R2 (6.1) or higher.
The Windows Feature “RDS-Gateway” must be enabled.

Parameters

Parameter	Choices/Defaults	Comments
allow_only_sdrts_servers boolean	no yes	Specifies whether connections are allowed only to Remote Desktop Session Host servers that enforce Remote Desktop Gateway redirection policy.
auth_method string	both none password smartcard	Specifies how the RD Gateway server authenticates users. When a new CAP is created, the default value is `password`.
computer_groups list		A list of computer groups that is allowed to connect to the Remote Gateway server.
idle_timeout integer		Specifies the time interval, in minutes, after which an idle session is disconnected. A value of zero disables idle timeout.
name string / required		Name of the connection authorization policy.
order integer		Evaluation order of the policy. The CAP in which order is set to a value of '1' is evaluated first. By default, a newly created CAP will take the first position. If the given value exceed the total number of existing policies, the policy will take the last position but the evaluation order will be capped to this number.
redirect_clipboard boolean	no yes	Allow clipboard redirection.
redirect_drives boolean	no yes	Allow disk drive redirection.
redirect_pnp boolean	no yes	Allow Plug and Play devices redirection.
redirect_printers boolean	no yes	Allow printers redirection.
redirect_serial boolean	no yes	Allow serial port redirection.
session_timeout integer		The maximum time, in minutes, that a session can be idle. A value of zero disables session timeout.
session_timeout_action string	disconnect ← reauth	The action the server takes when a session times out. `disconnect`: disconnect the session. `reauth`: silently reauthenticate and reauthorize the session.
state string	absent enabled disabled present ←	The state of connection authorization policy. If `absent` will ensure the policy is removed. If `present` will ensure the policy is configured and exists. If `enabled` will ensure the policy is configured, exists and enabled. If `disabled` will ensure the policy is configured, exists, but disabled.
user_groups list		A list of user groups that is allowed to connect to the Remote Gateway server. Required when a new CAP is created.

Examples

- name: Create a new RDS CAP with a 30 minutes timeout and clipboard redirection enabled
  win_rds_cap:
    name: My CAP
    user_groups:
      - BUILTIN\users
    session_timeout: 30
    session_timeout_action: disconnect
    allow_only_sdrts_servers: yes
    redirect_clipboard: yes
    redirect_drives: no
    redirect_printers: no
    redirect_serial: no
    redirect_pnp: no
    state: enabled

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Kevin Subileau (@ksubileau)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/win_rds_cap_module.html

win_rds_cap – Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server

win_rds_cap – Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server

Synopsis

Requirements

Parameters

See Also

Examples

Status

Authors