Context - we have Cloudform, that spins up windows machine and joins it to domain, now I need to add user to the local “Remote Desktop user” group on target windows machine. I hoping to achieve that using win_group_membership module, now my questions are -
what type of protocol does it work with eg: winrm?
Type of auth/permissions/privileges needed?
simple example would be great
You can currently only use the winrm connection plugin with Ansible to talk to Windows hosts. WinRM allows you to connect using both domain and local accounts and usually you need administrative rights on that host to both connect and manipulate group membership. WinRM allows you to authenticate using various protocol such as;
vmware_guest module allows you to run scripts in ‘runonce’ section, so you can run the configure for remoting script as part of this, and any other steps you need.
I use a playbook like the following to create vm from template. Before using you have to add a hostname to the ‘domainmember’ group and allocate it an ip address in your inventory, like this
Quick question on ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert -DisableBasicAuth, does this mean we can use any auth protocol as below expect Basic(not secure), correct? I am more inclined toward kerberos auth.
With -DisableBasicAuth set then you can only use the defaults which NTLM and Kerberos. You can always check by running winrm get winrm/config/service and look at the values under the Auth section.