If you’ve been following Microsoft management news, you’ve no doubt heard of Desired State Configuration. You might be wondering what it is.
Let’s start with what it’s not. Many believe that DSC is a feature of PowerShell v4, but this is actually a misconception, as the feature really stems from the Windows Management Framework, but implemented using PowerShell, WMI and WMF. You can use it on any OS compatible with WMF 4.0, which currently includes Server 2008 R2 SP1, Server 2012, 2012 R2, Windows 7 SP1 and Windows 8.1 but not Windows 8, for some reason.
Well, what is it? I hope to explain that and by the end give you a practical example that isn’t the typical ‘install a web server’ sample you’ve probably seen elsewhere. I’m writing this to expand my own knowledge, and to help share with any who may stumble upon this. If you catch an error I’ve made, please let me know.
[Desired State Configuration is] Microsoft’s Fresh Start for Configuration… -Don Jones
When Don Jones makes a pronouncement like this, I tend to listen. The idea behind DSC is to simplify the configuration of Windows, and to eliminate the overlap that exists between GPO, SCCM’s Desired Configuration Manager, Logon Scripts, and other options, and to make it all easy. In the end, ensuring your server configuration doesn’t deviate away from the company standard should be easy, and should be reliable.
In the end, instead of having five or ten GPOs to look through when trying to determine how a particular setting is being inherited, there is one configuration file. This configuration file is an industry standard Managed Object Framework document, commonly referred to as a MOF file. Reading and creating MOF files should be an easy and accessible task even for junior level IT people.
It’s as important as Group Policy – Don Jones
DSC extends very deeply into the operating system. It is still quite new, so as time goes on the possibilities for configuration will become greater and greater. Eventually you’ll be able to configure your servers cradle-to-grave with DSC, and roll out complex products with it too. Out of the box, you can use the following DSC Resources to control various aspects of your systems.
What do the default DSC Resources allow you to configure?
|Registry||Ensure that a registry key is present, or not|
|Script||Provides a mechanism to run scripts and evaluate conditions|
|Archive||Zip or unzip files|
|File||Ensure files are present or not|
|WindowsFeature||Ensure that Windows Features are or are not present|
|Package||Install or remove an Application, MSI or Setup.exe|
|Environment||Set Environmental variables|
|Group||Make changes to localgroups|
|User||Make changes to local users|
|Log||Provides a mechanism to log changes enacted by DSC|
|Service||Ensures a service is or is not running|
|WindowsProcess||Ensures that a process is or is not running|
In the last few weeks, the PowerShell team has been churning out more and more configuration possibilities. Just two weeks ago, this new Module hit TechNet, allowing for the configuration of VHDs, VM switches and all aspects of Hyper-V. If you’d like to see more, check out the DSC Resource Kit Wave #2, which expands the options even further, allowing for the configuration of Domain Controllers, installation of SQL and much, much more.
Stephen’s Practical Example
Now that I’ve hopefully got some of the explanation out of the way, let’s get into a practical example of the power of DSC.