1#!/usr/local/bin/python3.8 2# -*- coding: utf-8 -*- 3 4# Copyright: (c) 2018, Kevin Subileau (@ksubileau) 5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 7DOCUMENTATION = r''' 8--- 9module: win_rds_cap 10short_description: Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server 11description: 12 - Creates, removes and configures a Remote Desktop connection authorization policy (RD CAP). 13 - A RD CAP allows you to specify the users who can connect to a Remote Desktop Gateway server. 14author: 15 - Kevin Subileau (@ksubileau) 16options: 17 name: 18 description: 19 - Name of the connection authorization policy. 20 type: str 21 required: yes 22 state: 23 description: 24 - The state of connection authorization policy. 25 - If C(absent) will ensure the policy is removed. 26 - If C(present) will ensure the policy is configured and exists. 27 - If C(enabled) will ensure the policy is configured, exists and enabled. 28 - If C(disabled) will ensure the policy is configured, exists, but disabled. 29 type: str 30 choices: [ absent, enabled, disabled, present ] 31 default: present 32 auth_method: 33 description: 34 - Specifies how the RD Gateway server authenticates users. 35 - When a new CAP is created, the default value is C(password). 36 type: str 37 choices: [ both, none, password, smartcard ] 38 order: 39 description: 40 - Evaluation order of the policy. 41 - The CAP in which I(order) is set to a value of '1' is evaluated first. 42 - By default, a newly created CAP will take the first position. 43 - If the given value exceed the total number of existing policies, 44 the policy will take the last position but the evaluation order 45 will be capped to this number. 46 type: int 47 session_timeout: 48 description: 49 - The maximum time, in minutes, that a session can be idle. 50 - A value of zero disables session timeout. 51 type: int 52 session_timeout_action: 53 description: 54 - The action the server takes when a session times out. 55 - 'C(disconnect): disconnect the session.' 56 - 'C(reauth): silently reauthenticate and reauthorize the session.' 57 type: str 58 choices: [ disconnect, reauth ] 59 default: disconnect 60 idle_timeout: 61 description: 62 - Specifies the time interval, in minutes, after which an idle session is disconnected. 63 - A value of zero disables idle timeout. 64 type: int 65 allow_only_sdrts_servers: 66 description: 67 - Specifies whether connections are allowed only to Remote Desktop Session Host servers that 68 enforce Remote Desktop Gateway redirection policy. 69 type: bool 70 user_groups: 71 description: 72 - A list of user groups that is allowed to connect to the Remote Gateway server. 73 - Required when a new CAP is created. 74 type: list 75 computer_groups: 76 description: 77 - A list of computer groups that is allowed to connect to the Remote Gateway server. 78 type: list 79 redirect_clipboard: 80 description: 81 - Allow clipboard redirection. 82 type: bool 83 redirect_drives: 84 description: 85 - Allow disk drive redirection. 86 type: bool 87 redirect_printers: 88 description: 89 - Allow printers redirection. 90 type: bool 91 redirect_serial: 92 description: 93 - Allow serial port redirection. 94 type: bool 95 redirect_pnp: 96 description: 97 - Allow Plug and Play devices redirection. 98 type: bool 99requirements: 100 - Windows Server 2008R2 (6.1) or higher. 101 - The Windows Feature "RDS-Gateway" must be enabled. 102seealso: 103- module: community.windows.win_rds_cap 104- module: community.windows.win_rds_rap 105- module: community.windows.win_rds_settings 106''' 107 108EXAMPLES = r''' 109- name: Create a new RDS CAP with a 30 minutes timeout and clipboard redirection enabled 110 community.windows.win_rds_cap: 111 name: My CAP 112 user_groups: 113 - BUILTIN\users 114 session_timeout: 30 115 session_timeout_action: disconnect 116 allow_only_sdrts_servers: yes 117 redirect_clipboard: yes 118 redirect_drives: no 119 redirect_printers: no 120 redirect_serial: no 121 redirect_pnp: no 122 state: enabled 123''' 124 125RETURN = r''' 126''' 127