Powershell : A simple use of DSC

0 Flares Filament.io 0 Flares ×

I’m a great PowerShell fan, I think it’s the second best (or maybe first one) thing Microsoft bring to IT world – for me still the one and best is MS Exchange.
Some time ago MS introduced a thing called Desired State Configuration, as I’m correct it was with PS 3.0, for sure with PS 4.0.
You can read a lot of DSC just to google it or go to MS site. I won’t explain how DSC works and what is the pull server, how to enforce configuration compliance, etc …

For my compliance I’m using SCCM, however I found Powershell DSC really useful for my initial server configuration, so I’d like to share how easy and handy is to build some initial server configurations – “Make it smart, make it simpe” – from this starting point one can go wherever … sky is the limit ๐Ÿ™‚One can do really a lot with built-in DSC resources – you want to set some files/folders, registry keys, services – DSC awaits you.
Let’s consider a simple example.

  • I want to disable SSL v 3.0 on my Windows Server
  • I also want to set “Windows Updates” service to be started automatically
  • moreover I need to have D:\Logs\ folder created
  • and finally I need to have a telnet client installed

All these things can be easily scripted with Powershell, VBS, even batch scripting or set with GPO.

However withย  DSC it’s very, very simple and DSC syntax is very self explanatory, so it can be easily explained to other non-IT people.
So first thing is to disable SSL v. 3.0 is described in MS document here. Document says that 2 registry keys need to be set

and

with value name ‘Enabled’ and value 0 of type ‘DWORD’, so let’s see the code for DSC

Now a quick explanation, in the first line I’m defining configuration I want to apply/build, for me it has name “ServerInitialConfig”. In the configuration I can define the nodes where I want to apply the configuration, by node name or other conditional expressions – believe me this can be topic for a book chapter. As long these are my personal feeling, so I will focus on the topic, so I want to set some settings on server locally, so in my case the node name is local host. Then for SSL v.3.0 – I’m making use of “Registry” DSC resource creating 2 registry keys with values defined in Microsoft KB. As you can see in the code the keywords the syntax and key words are very intuitive.

Second line from the bottom is real build of the configuration file, which is transformed into “.mof” file with this command and last line of the script is real applying of the configuration on the server. I found it very easy for my use cases, that’s why I wanted to share it in this post. So let’s have a look for the remaining configuration requirements so “I also want to set “Windows Updates” service to be started automatically”. Here I will make use of “Service” DSC resource

This is pretty easy to understand, I want t operate on service ‘wuauserv’ which is the service name for “Windows Updates’ and I want to have startup type of service to be Automatic and service itself to be started. There is not much more to explain here.

Third thing was to make sure that d:\Logs folder exists. In this case I will use “File” DSC resource.

And last thing is to have a telnet client installed. In this case I’m gonna make use of WindowsFeature DSC resource

This simple lines will install a telnet-client windows feature. So lets combine it all together

And that’s it. When you save it as .ps1 file and run it locally – registry keys will be created and set, Windows update service will be set to start automatically and will be started, D:\logs folder will be created – of couse if you have a D: drive ๐Ÿ™‚ and finally telnet client will be installed.
This post is maybe not a rocket science, but I really wanted to share, how easy is to build a server configuration baselines with powershell DSC. From here next step is to enforce these settings with the pull server or just build a whole DEV environment including AD, certificates. I’ve just needed some basic settings for initial build of the server, however I see the potential in DSC and I see no limit ๐Ÿ™‚

0 Flares LinkedIn 0 Google+ 0 Facebook 0 Twitter 0 Filament.io 0 Flares ×

Leave a Reply

Your email address will not be published. Required fields are marked *