Using PowerShell Desired State Configuration (DSC)

I’m just starting to scratch the surface with Windows PowerShell Desired State Configuration (DSC). This seems to be the proper way to accurately configure multiple servers with the identical configuration. Using DSC (Desired State Configuration) to configure servers is as simple as generating a base template that you want to use to setup the servers, and then run it against a list or single server. The templates can be setup to deploy and configure the following:

  • Adding or removing Windows server roles and features
  • Managing registry settings
  • Managing files and directories
  • Starting, stopping, and managing processes and services
  • Managing groups and user accounts
  • Deploying new software
  • Managing environment variables
  • Running Windows PowerShell scripts
  • Fixing a configuration that has drifted away from the desired state
  • Discovering the actual configuration state on a given node

To start a configuration template for DSC, you’ll just have to have PowerShell ISE open and press CTRL+J in the script window.

DSC-Simple-Configuration
CTRL+J is used to open this menu

Then select DSC Configuration (simple), and this will auto fill the required components for the beginning of the configuration.

NOTE: To use DSC, WMF 5.0 must be installed to get access to these features

configuration Name
{
    # One can evaluate expressions to get the node list
    # E.g: $AllNodes.Where("Role -eq Web").NodeName
    node ("Node1","Node2","Node3")
    {
        # Call Resource Provider
        # E.g: WindowsFeature, File
        WindowsFeature FriendlyName
        {
           Ensure = "Present"
           Name   = "Feature Name"
        }

        File FriendlyName
        {
            Ensure          = "Present"
            SourcePath      = $SourcePath
            DestinationPath = $DestinationPath
            Type            = "Directory"
            DependsOn       = "[WindowsFeature]FriendlyName"
        }       
    }
}

There are many different Resource Providers that can be used with DSC, and more that can be added with downloading additional modules from a PSRepository (PS Gallery). To find all of the available DSC resources within PowerShell ISE type the following.

Find-DscResource

**At the time of the writing of this post there are currently 557 unique resource provider available within 148 modules on PSGallery.

I have configured a simple DSC that checks for the existence of 3 windows features; InkAndHandwritingServices, Server-Media-Foundation, and Desktop-Experience. So using the DSC Configuration that was auto-generated, I modified it to meet my needs:

configuration Remove3WindowsFeatures
{
	Import-DscResource –ModuleName 'PSDesiredStateConfiguration'
    node localhost
    {
        WindowsFeature InkAndHandwritingServices
        {
           Ensure = 'Absent'
           Name   = "InkAndHandwritingServices"
        }

        WindowsFeature Server-Media-Foundation
        {
           Ensure = 'Absent'
           Name   = "Server-Media-Foundation"
        }
        
        WindowsFeature Desktop-Experience
        {
           Ensure = 'Absent'
           Name   = "Desktop-Experience"
        }
    }
}

Once the DSC configuration has been set, I’ll need to run so it will generate a *.MOF file. Then call it by the configuration name, as in my example Remove3WindowsFeatures.

Creation of MOF file
Running the DSC template to generate the MOF file

Since we have the desired configuration, I can test it against my servers.

Test-DscConfiguration -ReferenceConfiguration .\Remove3WindowsFeatures\localhost.mof -ComputerName (Get-content C:\scripts\PSServer.txt)
Results of Test-DscConfiguration
Results of Test-DscConfiguration

As seen in the output from the script, it shows that only 1 of the 13 servers are in the desired state.

Now to get the servers into the desired state we will need to run the command against all of them by using Start-DscConfiguration.
**When you run the DSC against a server it will need to have its own *.MOF file in order for it to set the desired configuration. So you will need to change the DSC configuration to include the node names of the servers you are running this against.

Start-DscConfiguration -ComputerName (Get-Content C:\scripts\PSServer.txt) -Path .\Remove3WindowsFeatures -Wait

-Stuart

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.