community.windows.win_rds_cap module – Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server
Note
This module is part of the community.windows collection (version 1.13.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.windows.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.windows.win_rds_cap.
Synopsis
Creates, removes and configures a Remote Desktop connection authorization policy (RD CAP).
A RD CAP allows you to specify the users who can connect to a Remote Desktop Gateway server.
Requirements
The below requirements are needed on the host that executes this module.
Windows Server 2008R2 (6.1) or higher.
The Windows Feature “RDS-Gateway” must be enabled.
Parameters
Parameter |
Comments |
|---|---|
Specifies whether connections are allowed only to Remote Desktop Session Host servers that enforce Remote Desktop Gateway redirection policy. Choices:
|
|
Specifies how the RD Gateway server authenticates users. When a new CAP is created, the default value is Choices:
|
|
A list of computer groups that is allowed to connect to the Remote Gateway server. |
|
Specifies the time interval, in minutes, after which an idle session is disconnected. A value of zero disables idle timeout. |
|
Name of the connection authorization policy. |
|
Evaluation order of the policy. The CAP in which order is set to a value of ‘1’ is evaluated first. By default, a newly created CAP will take the first position. If the given value exceed the total number of existing policies, the policy will take the last position but the evaluation order will be capped to this number. |
|
Allow clipboard redirection. Choices:
|
|
Allow disk drive redirection. Choices:
|
|
Allow Plug and Play devices redirection. Choices:
|
|
Allow printers redirection. Choices:
|
|
Allow serial port redirection. Choices:
|
|
The maximum time, in minutes, that a session can be idle. A value of zero disables session timeout. |
|
The action the server takes when a session times out.
Choices:
|
|
The state of connection authorization policy. If If If If Choices:
|
|
A list of user groups that is allowed to connect to the Remote Gateway server. Required when a new CAP is created. |
See Also
See also
- community.windows.win_rds_cap
Manage Connection Authorization Policies (CAP) on a Remote Desktop Gateway server.
- community.windows.win_rds_rap
Manage Resource Authorization Policies (RAP) on a Remote Desktop Gateway server.
- community.windows.win_rds_settings
Manage main settings of a Remote Desktop Gateway server.
Examples
- name: Create a new RDS CAP with a 30 minutes timeout and clipboard redirection enabled
community.windows.win_rds_cap:
name: My CAP
user_groups:
- BUILTIN\users
session_timeout: 30
session_timeout_action: disconnect
allow_only_sdrts_servers: yes
redirect_clipboard: yes
redirect_drives: no
redirect_printers: no
redirect_serial: no
redirect_pnp: no
state: enabled
Authors
Kevin Subileau (@ksubileau)