win_rds_rap – Manage Resource Authorization Policies (RAP) on a Remote Desktop Gateway server

New in version 2.8.

Synopsis

  • Creates, removes and configures a Remote Desktop resource authorization policy (RD RAP).
  • A RD RAP allows you to specify the network resources (computers) that users can connect to remotely through a Remote Desktop Gateway server.

Requirements

The below requirements are needed on the host that executes this module.

  • Windows Server 2008R2 (6.1) or higher.
  • The Windows Feature “RDS-Gateway” must be enabled.

Parameters

Parameter Choices/Defaults Comments
allowed_ports
list
List of port numbers through which connections are allowed for this policy.
To allow connections through any port, specify 'any'.
computer_group
string
The computer group name that is associated with this resource authorization policy (RAP).
This is required when computer_group_type is rdg_group or ad_network_resource_group.
computer_group_type
string
    Choices:
  • rdg_group
  • ad_network_resource_group
  • allow_any
The computer group type:
rdg_group: RD Gateway-managed group
ad_network_resource_group: Active Directory Domain Services network resource group
allow_any: Allow users to connect to any network resource.
description
string
Optional description of the resource authorization policy.
name
- / required
Name of the resource authorization policy.
state
string
    Choices:
  • absent
  • disabled
  • enabled
  • present ←
The state of resource authorization policy.
If absent will ensure the policy is removed.
If present will ensure the policy is configured and exists.
If enabled will ensure the policy is configured, exists and enabled.
If disabled will ensure the policy is configured, exists, but disabled.
user_groups
list
List of user groups that are associated with this resource authorization policy (RAP). A user must belong to one of these groups to access the RD Gateway server.
Required when a new RAP is created.

Examples

- name: Create a new RDS RAP
  win_rds_rap:
    name: My RAP
    description: Allow all users to connect to any resource through ports 3389 and 3390
    user_groups:
      - BUILTIN\users
    computer_group_type: allow_any
    allowed_ports:
      - 3389
      - 3390
    state: enabled

Status

Authors

  • Kevin Subileau (@ksubileau)

Hint

If you notice any issues in this documentation you can edit this document to improve it.