Creating a Simple DSC Configuration File Via PowerShell
So the last time we chatted we showed you a new feature in Windows PowerShell called “Desired State Configuration”. We’ll stick to calling it “DSC” because to be quite honest I LOVE PowerShell but I really hate typing… and it’s a mouthful to say!
So today we’re going to break a DSC file down and show you where to get the information.
I mean honestly, the first time I looked at it I thought, “Ok that’s pretty cool, but where do I get the actual information and values I can plug in?”
Let’s look at the example from last time
Configuration MySampleFileServer
{
Node CONTOSO-FPS
{
WindowsFeature FileStorage
{
Ensure = "Present"
Name = "FileAndStorage-Services"
}
WindowsFeature PrinterSharing
{
Ensure = "Present"
Name = "Print-Services"
}
}
}
The actual name in the Configuration is really up to you. It should make sense as whenever you’re going to apply that Configuration you’re going to reference it.
You could name it “DefaultWebServerDMZ” or “BaseSQLServer”. It should make sense but it doesn’t necessarily have to. You could name the configuration “FlyingPinkBunnyRabbit” but I’d bet you’d be hard pressed to remember exactly what it did six months later.
I’m also pretty certain you wouldn’t want to explain it to a CEO or Director later on.
The Node is also pretty obvious, a NetBios or FQDN of the target server. So we’ll skip going into details there.
But next we have the various Resources we need to ensure are on the computer. The Wording makes sense, but well…. Just where did I get it? Did I flip a coin and just make it up?
That would be a fun answer but not the correct answer. The correct answer is I used this resource on Technet; Bulit-in Windows PowerShell Desired State Configuration Resources.
Accessing this link you can see there are (at time of this article) Twelve (12) built in resources you can have DSC apply to a Node.
They are (Details borrowed directly from the Technet page)
Archive |
Unpacks archive (.zip) files at specific paths on target nodes. |
Environment |
Manages system environment variables on target nodes. |
File |
Manages files and directories on target nodes. |
Group |
Manages local groups on target nodes. |
Log |
Logs configuration messages. |
Package |
Installs and manages packages, such as Windows Installer and setup.exe packages, on target nodes. |
Process |
Configures Windows processes on target nodes. |
Registry |
Manages registry keys and values on target nodes. |
Role |
Adds or removes Windows features and roles on target nodes. |
Script |
Runs Windows PowerShell script blocks on target nodes. |
Service |
Manages services on target nodes. |
User |
Manages local user accounts on target nodes. |
If you were to click on any of the Resource links on this page you’d see a description of the Syntax and the various Properties and Values they can accept.
So for fun, let’s make a File resource on our same CONTOSO-FPS. We’ll ensure that every Contoso File server we deploy has a file called “CompanyPolicy.docx” at the root of our folder called “D:\Users”. This could be a scenario where each file server has a Private User folder but at the base is a file they can all read indicating how all of their MP3’s, Cat Videos and ill gotten gains from playing online Poker will be summarily deleted by the Systems Administrator at the end of the day….
No? You don’t have HR backing you in this? Then let’s work with “It’s our Standard Acceptable Use Policy” left there for everybody to read.
So let’s just create the part in DSC which will have the resource defined. According to the web site this particular resource is called “File”.
File AcceptableUsePolicyFile
{
}
Now we have a resource. It won’t DO anything, but we’ve at least defined it.
Then we define the parameters of this resource
Ensure = “Present”
Type = “File”
SourcePath = “\\CONTOSO-Source\DocShare\Acceptableuse.docx”
DestinationPath = “D:\Users\AcceptableUse.docx”
Putting that resource together it will look like this.
File AcceptableUsePolicyFile
{
Ensure = “Present”
Type = “File”
SourcePath = “\\CONTOSO-Source\DocShare\Acceptableuse.docx”
DestinationPath = “D:\Users\AcceptableUse.docx”
}
Within your Desired State Configuration (Our Previous one for Contoso-FPS) it would look like this added to the list.
Configuration MySampleFileServer
{
Node CONTOSO-FPS
{
WindowsFeature FileStorage
{
Ensure = "Present"
Name = "FileAndStorage-Services"
}
WindowsFeature PrinterSharing
{
Ensure = "Present"
Name = "Print-Services"
}
File AcceptableUsePolicyFile
{
Ensure = “Present”
Type = “File”
SourcePath = “\\CONTOSO-Source\DocShare\Acceptableuse.docx”
DestinationPath = “D:\Users\AcceptableUse.docx”
}
}
}
It’s that easy to add on and determine the types of resources. You can have as many DSC configurations as you have Server configurations. These lends well both Lab Deployment Scenario and even Disaster Recovery. This brings recovery to specifically the Operating System and less about “We have a Fabrikam Model Uber Zap Server”
Come back again and I’ll show you what you need to leverage this Technology to spin up a sample Web Server in a DMZ (Non domain Joined) Configuration.
Until then
Remember, the Power of Shell is in YOU
Sean
the Energized Tech
Windows PowerShell MVP
Honorary Scripting Guy