Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
System Center

What Can I Configure Using Desired State Configuration?

As we continue to investigate Desired State Configuration, you may be wondering what you can do with DSC. In short, quite a lot. But the true potential lies in the ability to extend the reach of the tool. Today I’ll go over what you can configure with Desired State Configuration, the resources offered, and we’ll combine these to create a configuration which we can then apply to our nodes to put them in a desired state.

Editor’s note: Need to catch up? Check out our previous articles in this series:

Desired State Configuration and Resource Providers

With the initial release of DSC, Microsoft have included in the package a number of Resource Providers, which define some of the settings which can be managed by the system. Each Resource Provider has a specific purpose, with 12 of these available to be used in our configurations. One of these, the Script provider, allows us to extend the reach of our configuration even further through some simple PowerShell commands:

Resource Name Description
Log Resource to enable easy posting of messages to Logs
Environment Manage environmental variables on the system
Registry Manipulate the local registry settings of the node
File Manipulates files and directories
Archive Unpacks an archive file (.zip) to a specified location.
Package Install and Manage packages, including .MSI and .EXE
Service Change the configuration of services
Process Manage processes on the node
WindowsFeature Manage Windows Roles and Features
Group Manage and Update Local Computer Groups
User Manage and Update Local Computer User Accounts
Script Execute a Windows PowerShell script block – extending the abilities

Using a Provider

To get a better understanding of what each of the providers enables us to configure, we will take a closer look at a simple example for each of the different providers, which we can then leverage to help us generate our initial configuration.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Log

​ Log SampleMessage
{
   # Write a message to Microsoft-Windows-Desired State Configuration/Analytic log
   Message = "This Message is to simply confirm I was here!"
}

Environment

​ Environment MyPath
{
   # Update my Environment Path
   Ensure = "Present"  # You can also set Ensure to "Absent"
   Name = "Path"
   Value = "C:\Windows;C:\Windows\System32;C:\MyPath"
}

Registry

​ Registry IEEnhanchedSecurity
{
   # When "Present" then "IE Enhanced Security" will be "Disabled"
   Ensure = "Present"
   Key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
   ValueName = "IsInstalled"
   ValueType = "DWord"
   ValueData = "0"
}

File

​ File DirectoryCopy
{
   # Copy Directory content from Source to target
   Ensure = "Present"
   Type = "Directory" 
   Recurse = $true
   SourcePath = "\\Server\Share\MyData"
   DestinationPath = "C:\Installs\MyData"    
}

Archive

​ Archive ZoomItArch
{
   # Unzip the ZoomIT Archive to the Installs Folder on the Node
   Ensure = "Present"
   Path = "\\Server\Share\ZoomIT.zip"
   Destination = "C:\Installs\ZoomIT"
}

Package

​ Package DellOMSABinaries {
   # Ensure that the Dell OpenManage Software is Installed to the Server
   Ensure    = "Present"
   Path      = "\\Server\Share\DellOSMA.msi"
   Name      = "Dell OpenManage Systems Management Software (64-Bit)"
   ProductID = "12345678-1234-12345678-12345678"
   Arguments = "ADDLOCAL=ALL"
}

Service

​ Service RemoteDesktopService
{
   # Ensure the Remote Desktop Service is Set to Automatic and is Running
   Ensure = Present
   Name = "TermService"
   StartupType = "Automatic"
   State = "Running"
}

WindowsFeature

​ WindowsFeature snmp
{
   # Ensure the Windows Feature for SNMP is Installed
   Ensure = "Present"
   Name = 'SNMP-Service'
}

Group

​ Group GroupExample
{
   # Ensure that our user is a member of the group
   Ensure = "Present"
   Name = "Administrators"
   MemberToInclude = "Domain\MyUser"
}

User

​ User UserExample
{
   Ensure = "Present"  # To ensure the user account does not exist, set Ensure to "Absent"
   UserName = "SomeName"
   Password = $passwordCred
}

Script

​ Script InstallZoomIt
{
   DependsOn  = '[Archive]ZoomItArch'
   SetScript  = { & c:\Install\ZoomIT\ZoomIT.exe }
   TestScript = { Test-Path "C:\Program Files (x86)\ZoomIT\ZoomIT.exe" }
   GetScript  = { return @{Name="C:\Program Files (x86)\ZoomIT\ZoomIT.exe"} }
}

Combining the Resources

With a good idea of what we can do, and with the resources offered for our use, all we need to do now is combine these to create a configuration that we can then apply to our nodes and put them in a desired state.

As a quick and simple example:

​ Configuration MyQuickSample
{
   Node LocalHost
   {
      WindowsFeature snmp
      {
         # Ensure the Windows Feature for SNMP is Installed
         Ensure = "Present"
         Name = 'SNMP-Service'
      }

      Package DellOMSABinaries {
         # Ensure that the Dell OpenManage Software is Installed to the Server
         Ensure    = "Present"
         Path      = "\\Server\Share\DellOSMA.msi"
         Name      = "Dell OpenManage Systems Management Software (64-Bit)"
         ProductID = "12345678-1234-12345678-12345678"
         Arguments = "ADDLOCAL=ALL"
      } 
   }
}

There you have it! Join me for the next installment in this series, in which I show you how to create a Desired State Configuration.

Related Topics:

Live on Tuesday, September 28th, at 9:30 AM ET!

GET-IT: EndPoint Management 1-Day Virtual Conference

The management of endpoints is complicated and the risks associated with having unsecured devices roaming outside the firewall are quickly becoming a targeted vector for malicious users. In this Petri one-day virtual conference, we will be diving deep into how you can improve the way you manage your endpoints and learn from industry experts and MVPs about best practices, available tools to streamline your operations, and what's coming soon with Windows 11.

RSVP Now!

Sponsored By

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: