How to test the PowerShell pending reboot module Microsoft Windows PowerShell Integrated Scripting Environment (ISE)
X
Definition

Microsoft Windows PowerShell DSC (Desired State Configuration)

What is Powershell Desired State Configuration?

Desired State Configuration (DSC) is a feature in PowerShell 4.0 and above that helps administrators to automate the configuration of Windows and Linux operating systems (OSes).

DSC provides a set of PowerShell language extensions, cmdlets and a process called declarative scripting. The idea behind DSC is to provide admins with a method for maintaining consistent configuration sets across computers or devices. Admins can write an expression about system configuration, and the system figures out how to make the configuration work.

When used correctly, DSC can help an organization avoid configuration drift, which can occur if an application on one machine modifies a default setting to make its configuration different from its sister machines.

How does PowerShell DSC work?

DSC is a command-line tool that enables admins to use a PowerShell-based scripting language to configure Windows and/or Linux systems. Although it's possible to configure a system without the aid of DSC using nothing but PowerShell cmdlets, DSC is designed to simplify the process. When you script the configuration of a remote system by using PowerShell cmdlets, you're instructing Windows in how to configure the remote system. Conversely, DSC enables you to specify your goals for the configuration and let PowerShell handle all the intricate configuration steps on your behalf. DSC is essentially enabling you to specify what you want done, rather than having to instruct Windows in how to do it.

Once of the nice things about DSC is that it is highly scalable. DSC can be used to automatically configure multiple computers and to ensure that those machines are running identical configurations.

DSC supports two different methods of operation. The simpler of the two methods is the push method, which is sometimes referred to as push mode. In this mode, a configuration file is created and then pushed to target nodes on the network.

The other configuration method that is supported is the pull method, which is also called pull mode. This mode requires admins to set up a server to act as a central repository. Nodes periodically poll the server to see if a configuration file is available and then apply that configuration.

What are the system requirements of DSC?

DSC is included with the Windows OS. As such, the main system requirement is a supported Windows OS. DSC works with the following Windows OSes:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012R2
  • Windows server 2012
  • Windows Server 2008 R2 SP1
  • Windows 10
  • Windows 8.1
  • Windows 7

It's worth noting that the stand-alone Hyper-V Server isn't compatible with DSC.

DSC is supported on Nano Server, but there are three features that aren't supported. These features are the following:

  1. You can decrypt a Microsoft Operations Framework (MOF) document with encrypted password(s).
  2. You can't set up a pull server on Nano Server.
  3. Anything that isn't in the list of features works.

DSC is supported in Microsoft Azure through supplementary components called the Azure Desired State Configuration extension handler and through Azure Automation DSC.

Microsoft also makes a version of DSC available for use in Open Source environments. In order to use DSC with Linux, you must install Open Management Infrastructure (OMI) and several required packages. These packages include the following:

  • GNU C Library (glibc)
  • Python
  • Open SSL Libraries (openssl)
  • Python CTypes library (ctypes)
  • cURL HTTP client library (libcurl)

A supported Linux OS is also required. The currently supported distributions include the following:

  • CentOS 5, 6 and 7 (x86/x64);
  • Debian GNU/Linux 6, 7 and 8 (x86/x64);
  • Oracle Linux 5, 6 and 7 (x86/x64);
  • Red Hat Enterprise Linux (RHEL) Server 5, 6 and 7 (x86/x64);
  • SUSE Linux Enterprise Server (SLES) 10, 11 and 12 (x86/x64); and
  • Ubuntu Server 12.04 LTS, 14.04 LTS and 16.04 LTS (x86/x64).

Installation

DSC is included as a part of Windows Management Framework (WMF). Nothing extra needs to be installed in order to use DSC to manage a Windows computer. If, however, you need to create a Windows Pull Server instance, you must install the DSC resource modules. These resources can be installed through PowerShell by using the following command:

Install-Module 'PSDscResources'

DSC resources

There are many different resources included in the DSC resources modules mentioned in the previous section. Here is a summary of these resources:

Resource Purpose
File The File resource can be used to manage a node's files and folders.
Archive The Archive resource can be used to open a zip file and extract its contents.
Environment The Environment resource is used to manage the OS' environment variables.
Log The Log resource can be used as a tool for writing an entry to the DSC event viewer logs.
Package The Package resource can be used to install or remove a Windows installation package.
Registry The Registry resource is used to manually configure a node's registry keys.
Script The Script resource is used to execute script files on a target node.
Service The Service resource is used to manage the startup state for system services.
User The User resource is used to manage a node's local user accounts.
WindowsFeature The WindowsFeature resource can be used to install or to remove an OS role or feature.
WindowsOptionalFeature The WindowsOptionalFeature resource is used to install or remove optional Windows OS features.
WindowsProcess The WindowsProcess resource is used to control OS processes.
WaitForAll, WaitForAny and WaitForSome The WaitForAll, WaitForAny and WaitForSome resources can be used within a node block as a way of creating dependencies on configurations residing on other nodes.

Syntax examples

A DSC configuration file always starts with the word Configuration, followed by the configuration name, which can be anything that you want. Such a file might also include an instruction to import the DSC resource and the names of the nodes that are to be configured.

Additionally, a configuration file will typically reference the resources that are listed in the previous section. Here is a code example from Microsoft that uses the File resource to create a file named C:\Temp\HelloWorld.txt:

Configuration HelloWorld {
 
    # Import the module that contains the File resource.
    Import-DscResource -ModuleName PsDesiredStateConfiguration
 
    # The Node statement specifies which targets to compile MOF files for, when this configuration is executed.
    Node 'localhost' {
 
        # The File resource can ensure the state of files, or copy them from a source to a destination with persistent updates.
        File HelloWorld {
            DestinationPath = "C:\Temp\HelloWorld.txt"
            Ensure = "Present"
            Contents   = "Hello World from DSC!"
        }
    }
}

How to apply configurations

Applying a configuration file is a two-step process. The first step is to generate one or more MOF files based on your configuration file. If, for example, you wanted to deploy a file called \\SMB\MyFile to a folder named C:\Files on two servers named Server1 and Server2, the command for doing so would look like this:

DeployHostFile -Servers @(“Server1”,”Server2”) -SourceFile “SMB\MyFile” -DestinationFile “C:\Files” -OutputPath “C:\MOF\”

This command doesn't actually copy the MyFile file to the C:\Files folder on the two servers. Instead, it creates two MOF files, one for each server. These MOF files are stored in the specified MOF folder on C:\.

The second step in applying the configuration is to build a configuration based on the MOF files. The command for doing so -- if the push method is being used – is the following:

Start-DscConfiguration -Path C:\MOF\
This was last updated in March 2023

Dig Deeper on IT operations and infrastructure management