---
wintse-firewall-rule:
  win_firewall.add_rule:
    - localport: 3389
    - protocol: tcp
    - action: allow

wintse-enable:
  cmd.run:
    - name: |
       REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurentControlSet\Control\Terminal Server" /v
       fDenyTSConnections /t REG_DWORD /d 0 /f