community.windows.win_pssession_configuration module – Manage PSSession Configurations
Note
This module is part of the community.windows collection (version 1.10.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.windows
.
To use it in a playbook, specify: community.windows.win_pssession_configuration
.
Synopsis
Register, unregister, and modify PSSession Configurations for PowerShell remoting.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
---|---|
Controls whether the session configuration allows connection from the Choices:
|
|
A dict that defines aliases for each session. |
|
The assemblies that should be loaded into each session. |
|
Sets a delay in seconds between each check of the asynchronous execution status. Replicates the functionality of the Has no effect in check mode. async_poll=0 is not supported. Default: 1 |
|
Sets a timeout for how long in seconds to wait for asynchronous module execution and waiting for the connection to recover. Replicates the functionality of the Has no effect in check mode. Default: 300 |
|
The author of the session configuration. This value is metadata and does not affect the functionality of the session configuration. If not set, a value may be generated automatically. See also lenient_config_fields. |
|
The company that authored the session configuration. This value is metadata and does not affect the functionality of the session configuration. If not set, a value may be generated automatically. See also lenient_config_fields. |
|
The copyright statement of the session configuration. This value is metadata and does not affect the functionality of the session configuration. If not set, a value may be generated automatically. See also lenient_config_fields. |
|
The description of the session configuration. This value is metadata and does not affect the functionality of the session configuration. See also lenient_config_fields. |
|
A dict that defines environment variables for each session. |
|
The execution policy controlling script execution in the PowerShell session. Choices:
|
|
Paths to format definition files to process for each session. |
|
A dict that defines functions for each session. |
|
If the session will run as a group managed service account (gMSA) then this is the name. Do not use run_as_credential_username and run_as_credential_password to specify a gMSA. |
|
The GUID (UUID) of the session configuration file. This value is metadata, so it only matters if you use it externally. If not set, a value will be generated automatically. Acceptable GUID formats are flexible. Any string of 32 hexadecimal digits will be accepted, with all hyphens See also lenient_config_fields. |
|
Determines the language mode of the PowerShell session. Choices:
|
|
Some fields used in the session configuration do not affect its function, and are sometimes auto-generated when not specified. To avoid unnecessarily changing the configuration on each run, the values of these options will only be enforced when they are explicitly specified. Default: [“guid”, “author”, “company_name”, “copyright”, “description”] |
|
Sets the maximum received data size per command in MB. Must fit into a double precision floating point value. |
|
Sets the maximum object size in MB. Must fit into a double precision floating point value. |
|
A list of modules that should be imported into the session. Any valid PowerShell module spec can be used here, so simple str names or dicts can be used. If a dict is used, no snake_case conversion is done, so the original PowerShell names must be used. |
|
If Choices:
|
|
The name of the session configuration to manage. |
|
The minimum required PowerShell version for this session. Must be a valid .Net System.Version string. |
|
The processor architecture of the session (32 bit vs. 64 bit). Choices:
|
|
For JEA sessions, defines conditional access rules about which groups a connecting user must belong to. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/session-configurations#conditional-access-rules. |
|
A dict defining the roles for JEA sessions. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/session-configurations#role-definitions. |
|
The password for run_as_credential_username. |
|
Used to set a RunAs account for the session. All commands executed in the session will be run as this user. To use a gMSA, see group_managed_service_account. To use a virtual account, see run_as_virtual_account and run_as_virtual_account_groups. Status will always be |
|
If Do not use run_as_credential_username and run_as_credential_password to specify a virtual account. Choices:
|
|
If run_as_virtual_account=yes this is a list of groups to add the virtual account to. |
|
The schema version of the session configuration file. If not set, a value will be generated automatically. Must be a valid .Net System.Version string. |
|
A list of paths to script files ending in |
|
An SDDL string that controls which users and groups can connect to the session. If role_definitions is specified the security descriptor will be set based on that. If this option is not specified the default security descriptor will be applied. |
|
Controls what type of session this is. Choices:
|
|
A script that gets run on session startup. |
|
The desired state of the configuration. Choices:
|
|
The apartment state for the PowerShell session. Choices:
|
|
Sets thread options for the session. Choices:
|
|
Automatic session transcripts will be written to this directory. |
|
Paths to type definition files to process for each session. |
|
If Choices:
|
|
The maximum size of the user drive in bytes. Must fit into an Int64. |
|
A list of dicts where each elements defines a variable for each session. |
|
The aliases that can be used in the session. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/role-capabilities. |
|
The cmdlets that can be used in the session. The elements can be simple names or complex command specifications. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/role-capabilities. |
|
The external commands and scripts that can be used in the session. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/role-capabilities. |
|
The functions that can be used in the session. The elements can be simple names or complex command specifications. For more information see https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/role-capabilities. |
Notes
Note
This module will restart the WinRM service on any change. This will terminate all WinRM connections including those by other Ansible runs.
Internally this module uses
async
when not in check mode to ensure things go smoothly when restarting the WinRM service.The standard
async
andpoll
keywords cannot be used; instead use the async_timeout and async_poll options to control asynchronous execution.Options that don’t list a default value here will use the defaults of
New-PSSessionConfigurationFile
andRegister-PSSessionConfiguration
.If a value can be specified in both a session config file and directly in the session options, this module will prefer the setting be in the config file.
See Also
See also
- C(New-PSSessionConfigurationFile) Reference
Details and defaults for options that end up in the session configuration file.
- C(Register-PSSessionConfiguration) Reference
Details and defaults for options that are not specified in the session config file.
- PowerShell Just Enough Administration (JEA)
Refer to the JEA documentation for advanced usage of some options
- About Session Configurations
General information about session configurations.
- About Session Configuration Files
General information about session configuration files.
Examples
- name: Register a session configuration that loads modules automatically
community.windows.win_pssession_configuration:
name: WebAdmin
modules_to_import:
- WebAdministration
- IISAdministration
description: This endpoint has IIS modules pre-loaded
- name: Set up an admin endpoint with a restricted execution policy
community.windows.win_pssession_configuration:
name: GloboCorp.Admin
company_name: Globo Corp
description: Admin Endpoint
execution_policy: restricted
- name: Create a complex JEA endpoint
community.windows.win_pssession_configuration:
name: RBAC.Endpoint
session_type: restricted_remote_server
run_as_virtual_account: True
transcript_directory: '\\server\share\Transcripts'
language_mode: no_language
execution_policy: restricted
role_definitions:
'CORP\IT Support':
RoleCapabilities:
- PasswordResetter
- EmployeeOffboarder
'CORP\Webhosts':
RoleCapabilities: IISAdmin
visible_functions:
- tabexpansion2
- help
visible_cmdlets:
- Get-Help
- Name: Get-Service
Parameters:
- Name: DependentServices
- Name: RequiredServices
- Name: Name
ValidateSet:
- WinRM
- W3SVC
- WAS
visible_aliases:
- gsv
state: present
- name: Remove a session configuration
community.windows.win_pssession_configuration:
name: UnusedEndpoint
state: absent
- name: Set a sessions configuration with tweaked async values
community.windows.win_pssession_configuration:
name: MySession
description: A sample session
async_timeout: 500
async_poll: 5
Authors
Brian Scholer (@briantist)