Compile and apply DSC Configurations

We will now explain how to compile and apply DSC configurations.

Getting Started

Software Dependencies

Please make sure to have the followings PowerShell modules installed before proceeding:

  • BaselineManagement
  • WindowsDefender
  • PowerShellAccessControl

If necessary install them:

  1. Download “PowerShellAccessControl” by following this link and copy the downloaded folder in the following local path: “C:\Program Files\WindowsPowerShell\Modules”

  2. To install the other modules simply type the commands in the PowerShell:

    Install-Module Baselinemanagement
    Install-Module WindowsDefender
    

    Possible notifications in PowerShell:

    NuGet provider is required to continue PowerShellGet requires NuGet provider version “2.8.5.201” or newer to interact with NuGet-based repositories. The NuGet provider must be available in ‘C:\Program Files\PackageManagement\ProviderAssemblies’ or “C:\Users$env:UserName\AppData\Local\PackageManagement\ProviderAssemblies”. You can also install the NuGet provider by running “Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force”. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes [N] No [S] Suspend [?] Help (default is “Y”):

    Press “Y” and move on.


    Untrusted repository You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from “PSGallery”? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”):

    Press “A” and move on.

Compile DSC Configuration

Once you have successfully ensured that you got all necessary dependencies locally you can safely generate a DSC configuration document by invoking your self-written configuration script, because before you can enact a configuration, you have to compile it into a MOF document.

A DSC configuration script resembles this structure:

configuration "*CONFIGURATIONNAME*" {
    Import-DSCResource -ModuleName "*MODULENAME*"
    Node "*COMPUTERNAME*"
    {
        ...
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        ...
    }
}
*CONFIGURATIONNAME*

Our default configuration script

To call a configuration script, the function must be in global scope (as with any other PowerShell function). You can make this happen either by “dot-sourcing” the script, or by running the configuration script by using F5 or clicking on the Run Script button in the PowerShell ISE. To dot-source the script, run the command . .\myConfig.ps1 where myConfig.ps1 is the name of the script file that contains your configuration.

In our scenario that would be simply:

.\CONFIGURATIONNAME.ps1

Write a configuration yourself

As we remember, a DSC configuration script resembles this structure:

configuration "*CONFIGURATIONNAME*" {
    Import-DSCResource -ModuleName "*MODULENAME*"
    Node "*COMPUTERNAME*"
    {
        ...
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        *DSC_RESOURCE* "DSC_RESOURCE_NAME"{...}
        ...
    }
}
*CONFIGURATIONNAME*

but now you got to write it yourself, so try it out and use eligible DSC resources.

To check eligible dsc resources write:

Get-DscResource

and read about the resources here.

After writing your own configuration script, invoke it and generate a DSC configuration document.

In the same folder path of our used script there will be a new directory created called “CONFIGURATIONNAME” afterwards and PowerShell will prompt:

    Directory: *path of default script*\*CONFIGURATIONNAME*


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        3/29/2020   7:35 PM         564704 localhost.mof

The MOF file contains all of the configuration information for the target node. Configuration documents (MOF files) can be applied to the machine using the Start-DscConfiguration cmdlet.

Apply the configuration

Now that you have the compiled MOF, you can apply the configuration to the target node (in this case, the local computer) by calling the Start-DscConfiguration cmdlet.

Start-DscConfiguration -Path "*path of default script*\CONFIGURATIONNAME" -Force -Wait -Computername localhost

If the cmdlet runs without any errors everything went fine and according to plan.