DXfoto.com - Fotolia

Tip

Use Windows PowerShell DSC to construct file servers from scratch

Administrators can take control over the deployment of common resources, such as Windows-based file servers, using PowerShell Desired State Configuration.

It's no secret that automation gives administrators a speedy way to tackle routine tasks while reducing errors from mistyped commands or errant mouse clicks. Desired State Configuration is a powerful extension to Windows PowerShell that goes a step beyond automation.

Windows PowerShell Desired State Configuration (DSC) aims to simplify server deployments through declarative syntax, meaning the administrator tells the system what the server configuration should be rather than constructing every feature.

Using Desired State Configuration, administrators can create a configuration for every server role. By defining servers into roles, administrators can treat a web server or file server as a single entity that contains many different Windows features, security settings, configuration item and so on. Rather than worrying about applying these settings every time, the administrators just need to reference a server role configuration. Other configuration management tools provide automation from a third-party vendor, while Windows PowerShell DSC is a native Microsoft product.

Here's how to build a Windows PowerShell DSC script to provision a file server -- one of various tasks that Windows administrators can automate with the tool.

Determine the configuration

Before embarking on a scripting project, define the plan and make sure all team members understand it. For the purpose of this article, provisioning a file server means:

  • Installing the File Services feature;
  • Creating two file shares; and
  • Setting appropriate permissions on the file shares.

First, install the latest version of Windows Management Framework both on the computer that will create the configuration and on the server being configured.

Next, create a Windows PowerShell DSC template in a file called C:\FileServer.ps1 that will designate the resources to use and will create the node's Managed Object Format file. Name the file server MEMBERSRV1. In this example, we are specifying the server name for the purposes of provisioning a single file server. For organizations that want to prepare multiple file servers, see the instructions for using the ConfigurationData parameter.

## Create the configuration

Configuration FileServer

{

     Import-DscResource -Module PSDesiredStateConfiguration

    

     Node 'MEMBERSRV1'

     {

          

     }

}

Next, add resource references into the configuration. First, install the File Services feature by using the built-in WindowsFeature DSC resource.

Configuration FileServer

{

     Import-DscResource -Module PSDesiredStateConfiguration

    

     Node 'MEMBERSRV1'

     {

           WindowsFeature 'FileServices'

           {

                Ensure = 'Present'

                Name = 'File-Services'

           }

     }

}

Before embarking on a scripting project, define the plan and make sure all team members understand it.

Next, add the file shares. To start, create two folders on the server and then create file shares from them. Do this with the built-in File DSC resource and the xSmbShare module. Because the xSmbShare module for setting up and configuring a Server Message Block (SMB) shared folder is not a default resource, we download it from the PowerShell Gallery. To do that, create a remote session to the server and install the module containing the resource.

Invoke-Command –ComputerName MEMBERSRV1 –ScriptBlock {Install-Module xSmbShare}

With that module installed, we can create the resources in the configuration to build the folders and file shares.

File 'Share1Folder'

{

     Ensure = 'Present'

     Type = 'Directory'

     DestinationPath = 'C:\FileShare1'

}

 

File 'Share2Folder'

{

     Ensure = 'Present'

     Type = 'Directory'

     DestinationPath = 'C:\FileShare2'

}

 

xSmbShare 'Share1'

{

     Ensure = 'Present'

     Name   = UserShare

     Path = 'C:\FileShare1'

     FullAccess = 'Everyone'

     DependsOn = '[File]Share1Folder'

}

 

xSmbShare 'Share2'

{

     Ensure = 'Present'

     Name   = UserShare

     Path = 'C:\FileShare2'

     FullAccess = 'Everyone'

     DependsOn = '[File]Share2Folder'

}

Add the xSmbShare module reference to the top of the configuration.

Import-DscResource -Module PSDesiredStateConfiguration,xSmbShare

Next, set permissions on the file shares with NT file system (NTFS)  Associating Access Control Lists. To do this, download another useful DSC module from the PowerShell Gallery: cNtfsAccessControl. It's available via the same access method used for xSmbShare. Include this additional module in the Import-DscResource line.

Import-DscResource -Module PSDesiredStateConfiguration,xSmbShare,cNtfsAccessControl

Next, tailor permissions to the file shares. We will give the domain's authenticated users read-only access to the base folder for each file share. To do that, reference the cNtfsPermissionEntry resource, specify the principal of Authenticated Users, the path to the folder and the specific rights to give this identity.

cNtfsPermissionEntry 'FileShare1' {

     Ensure = 'Present'

     DependsOn = "[File]Share1Folder"

     Principal = 'Authenticated Users'

     Path = 'C:\FileShare1'

     AccessControlInformation = @(

           cNtfsAccessControlInformation

           {

                AccessControlType = 'Allow'

                FileSystemRights = 'Read'

                Inheritance = 'ThisFolderSubfoldersAndFiles'

                NoPropagateInherit = $false

           }

     )

}

 

cNtfsPermissionEntry 'FileShare2' {

     Ensure = 'Present'

     DependsOn = "[File]Share2Folder"

     Principal = 'Authenticated Users'

     Path = 'C:\FileShare2'

     AccessControlInformation = @(

           cNtfsAccessControlInformation

           {

                AccessControlType = 'Allow'

                FileSystemRights = 'Read'

                Inheritance = 'ThisFolderSubfoldersAndFiles'

                NoPropagateInherit = $false

           }

     )

}

Now that all these instructions are set, run this Windows PowerShell DSC configuration on the soon-to-be file server. This will run the instructions on the remote server and provision the file server.

Start-DscConfiguration –Wait –Force –Path C:\FileServer.ps1 –ComputerName MEMBERSRV1 –Verbose

To download the complete script, click here.

Next Steps

Learning the basics behind Windows PowerShell DSC

How Microsoft refined PowerShell DSC in Windows Server 2016

Create a Hyper-V host using PowerShell DSC

New features and bug fixes in Windows Management Framework 5.1

Dig Deeper on Microsoft messaging and collaboration