View & Reset Disconnected RDP Sessions

This is an interactive task for auditing & resetting disconnected RDP sessions on a Windows Server.

It requires a local or domain account with the permissions to view & reset RDP sessions.

Playbook Files

Requires PPA version 2.10.0 or newer

# The task was built to work with these plugin versions.
plugins:
  ppa: ~6
  ppa_tools: ~6
  hashicorp_vault: ~5
  windows_server: ~7

set:
  use_ssl: true  # Set to false if using WinRM over HTTP.
  validate_cert: true  # Set to false if your Windows Server uses self-signed certificates.

steps:

  - name: Greeting
    actions:

      - ppa.ui.output_markdown:
          doc: >
            {{ globals.icons.ppa.full }}


            #### Windows Server - Reset Disconnected RDP Sessions


            Use this task to view & reset disconnected RDP sessions on a Windows Server.


            You will need to:


            - Select the RDP sessions to reset (if any)


            - Confirm the selection


      - ppa.ui.input_accept:
          text: Start

  - name: Get Secrets
    actions:

      - hashicorp_vault.key_value.read_secret_keys:
          secret: windows_server
          keys:
            - name: address
            - name: username
            - name: password
              sensitive: true
          reason: Getting Windows Server details
          create_missing: true
        save: windows_secrets

      # Now update the server details with the security configuration defined in the "set" section at the top.
      - ppa_tools.dictionaries.create:
        load:
          address: windows_secrets.address
          username: windows_secrets.username
          password: windows_secrets.password
          use_ssl: use_ssl
          validate_cert: validate_cert
        save: windows_server

  - name: Get Disconnected RDP Sessions
    actions:

      - ppa.ui.output_progress:
          text: Finding disconnected RDP sessions...
          percent: null
          element_id: get_session_list

      - windows_server.rdp_sessions.get_disconnected:
        load:
          windows_server: windows_server
        save: session_list

      - ppa.ui.output_progress:
          text: Found {{ session_list | length }} disconnected RDP session(s)
          percent: 100
          element_id: get_session_list


  - name: Exit if No Sessions
    when: not session_list
    actions:

      - ppa.ui.output_info:
          text: There are no disconnected RDP sessions!

      - exit:
          exit_code: 0


  - name: Select Sessions to Reset
    actions:

      - windows_server.rdp_sessions.input_table:
          text: Select RDP Sessions to Reset
        load:
          session_list: session_list
        save: selected_sessions

      - ppa.ui.output_info:
          text: No RDP sessions selected, goodbye!
        when: not selected_sessions

      - exit:
          exit_code: 0
        when: not selected_sessions

      - windows_server.rdp_sessions.output_table:
          text: Selected RDP Sessions
        load:
          session_list: selected_sessions

      - ppa.ui.input_confirm:
          text: Please choose an option
          confirm: Reset
          cancel: Cancel
        save: confirm

      - ppa.ui.output_info:
          text: No sessions will be reset, goodbye!
        when: not confirm

      - exit:
          exit_code: 0
        when: not confirm


  - name: Reset Sessions
    for_each:
      items: selected_sessions
      name: session
    actions:

      - ppa.ui.output_progress:
          text: Resetting session {{ step_counter }} of {{ selected_sessions | length }}
          percent: null
          element_id: resetting_sessions

      - windows_server.rdp_sessions.reset:
        load:
          session_id: session.id
          windows_server: windows_server

      - ppa.ui.output_progress:
          text: Successfuly reset {{ selected_sessions | length }} RDP session(s)
          percent: 100
          element_id: resetting_sessions
        when: step_counter == len(selected_sessions)


  - name: Ask View Updated Disconnected Sessions
    actions:

      - ppa.ui.output_info:
          text: All the selected RDP sessions were reset.

      - ppa.ui.input_confirm:
          text: View the updated list of disconnected RDP sessions?
          confirm: Yes
          cancel: No
        save: view_updated


  - name: Get Updated Disconnected Sessions
    when: view_updated
    actions:

      - ppa.ui.output_progress:
          text: Finding disconnected RDP sessions...
          percent: null
          element_id: get_updated_session_list

      - windows_server.rdp_sessions.get_disconnected:
        load:
          windows_server: windows_server
        save: updated_session_list

      - ppa.ui.output_progress:
          text: Found {{ updated_session_list | length }} disconnected RDP session(s)
          percent: 100
          element_id: get_updated_session_list

      - ppa.ui.output_info:
          text: There are no disconnected RDP sessions!
        when: not updated_session_list

      - exit:
          exit_code: 0
        when: not updated_session_list

      - windows_server.rdp_sessions.output_table:
          text: Disconnected RDP Sessions
        load:
          session_list: updated_session_list

Running this Playbook

Click download playbook
Import the downloaded file via the Playbooks page on PPA
Build the playbook from the Edit & Build tab
Run the playbook from the Preview & Deploy tab

* Requires PPA v2.9.x or newer

Integrations

PPA User Interface
Hashicorp Vault Key-Value engine
Windows Server RDP Sessions

Required Vault Details

Windows Server

IP/DNS address of a Windows Server
Username
Password

As this is a privileged task, the credentials used must have permission to view & reset RDP sessions.

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.

vault-config-wizard

Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

What the Task Does

Once started, this task allows the operator to:

View disconnected RDP sessions
Choose sessions to reset (if any)
Confirm the selection & reset the sessions
View an updated list of disconnected RDP sessions (optional)

Powershell Remoting (WinRM)

This task uses Powershell Remoting over WinRM to connect to the Windows Server.

See this Microsoft article for more information on how to securely enable WinRM.

Connection Settings

By default this playbook will:

Use SSL when connecting to the Windows server
Validate the Windows server certificate

You can change these settings on lines 8 & 9 of the playbook:

  use_ssl: true  # Set to false if using WinRM over HTTP.
  validate_cert: true  # Set to false if your Windows Server uses self-signed certificates.

See our other playbooks

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express

Documentation

Installation Guide
See how easy it is to get started with our installation guide
Playbooks
View our task writing reference guide
Plugins
See how to integrate with different systems using our plugins reference guide.