HTTP configuration is not recommended since all communications are done in the clear and configuration data is sensitive. The share should be secured to only allow trusted admins to read and write data.Īlternate methods are HTTP and HTTPS which are identical except for TLS. Simply dropping configurations in the correct format and configuring the LCM will allow clients to pull a configuration from the server. Throughout the script, I use Write-Verbose so that the text is hidden during normal runs of the configuration.Ī DSC Pull Server can be configured using SMB by creating a fileshare that allows the machine account of the clients to read the share. The special $Using:varname syntax is required to expand them at creation time.
Variables are not processed at execution time, they are expanded when the. For the purpose of this example though, it should demonstrate a working script resource. This should really be expanded so that the TestScript section checks each section of the ODBC connection to make sure the server, database and name all match the correct information. This section does the actual work and is not required to return anything.īelow is an example script that I made that will ensure a specific ODBC connection exists. This section is required and should output $false if the SetScript section needs to be run and $true if everything is in order. For instance if you were creating a certificate, you could use Get-Certificate in here and return $true or $false if the certificate exists or not. This is used to test to see if the work that the SetScript section implements is already done. I normally return something to do with the resource or the Result = "Not Implemented" } The value doesn't need to be anything specific as nothing is done with the output. This is required to return a hashtable with a single 'result' key. There are 3 sections which need to be completed for this to work. Further reading on this topic can be found on MSDN here. It is possible to configure this using the Configuration Names method also. In the above configuration, using the same $AllNodes configuration data, the mof files are published to the correct location on the pull server. It is using the same $AllNodes configuration data as the above LCM configuration. The following is a basic test configuration for the machine using the 2 partial configuration names set up in the LCM configuration. ConfigurationID should not be an easily guessable number therefore New-Guid is a good method to generate this. In this example, the LCM on the client is configured to pull 2 configurations from the pull server using the ConfigurationID method. Partial configurations can be set up using push, pull or some combination of both. To handle this, DSC now supports partial configurations. Both teams can run a pull server with their own configurations.
For example, all servers built may follow a single base configuration, with another configuration to install and setup an application.Īnother example could be the 2 or more teams are responsible for the ultimate setup of a server with each team managing some portion of the configuration.
Sometimes, having multiple configurations for a single server could be beneficial. Part 1 - Pushing a configuration and Credentials
This is an additional step to the client configuration script and must be completed for this to work
Server: Windows Server 2012 R2 (I used the RTM disk, fresh installed no updates)Ĭlient: Windows 10 Pro (I used Insider Preview 14965, fresh installed no updates) You will need to check to see if this is secure enough for you. If you've already done this you can remove those lines.īear in mind this uses NTLM encryption (Negotiate authentication) over HTTP. The following steps can be taken to enable WinRM and allow management.Ĭheck the scripts before running them as they will install Hyper-V and the Management tools. Out of the box, it's not possible to manage a non-domain joined Hyper-V 2012 R2 server from Windows 10.