0%

0/1 Lessons

Course Introduction

• 5min

0 / 2 lessons complete

Getting Started with Windows PowerShell

• 56min

0 / 8 lessons complete

Getting Help and Finding Commands

• 39min

0 / 6 lessons complete

PowerShell Command Syntax

• 33min

0 / 5 lessons complete

PowerShell Objects and Properties

• 35min

0 / 6 lessons complete

The PowerShell Pipeline

• 24min

0 / 2 lessons complete

PowerShell Providers

• 30min

0 / 5 lessons complete

PowerShell Arrays and Variables

• 28min

0 / 4 lessons complete

PowerShell Loops

• 19min

0 / 3 lessons complete

PowerShell Conditional Statements

• 11min

0 / 1 lessons complete

On Premises Lab Setup

• 36min

0 / 8 lessons complete

Basic Domain Administration with Windows PowerShell

• 2hr 27min

0 / 10 lessons complete

Send Emails with PowerShell

• 22min

0 / 2 lessons complete

PowerShell Desired State Configuration (DSC) Basics

• 1hr 48min

0 / 6 lessons complete

PowerShell Modules

• 58min

0 / 7 lessons complete

Powershell Challenges

• 1hr 55min

0 / 23 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete

Instructions

Q&A (0)

Notes (0)

Resources (0)

Saving Progress...

Resources

There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

To get started, we need to log in to our Domain Controller and open the PowerShell ISE as an Administrator:

Important: If you don’t run the ISE as an administrator, then the DSC commands will fail!

To test these settings, type the following commands:

$TargetServer = "SAMS01"

# Create a CIM session

$Session = New-CimSession $TargetServer

When we execute the script with F5 we should get the following:

If you get an error about the WinRM service or access denied, check the following:

  1. You are running the PowerShell ISE as an administrator
  2. The “Enable PSRemoting” GPO we created earlier is being applied to the target server or workstation

If you have errors, please refer to the lecture for enabling PSRemoting with Group Policy.

Next, we have to configure the Local Configuration Manager or LCM. We can do this with the code below:

# Declare local config manage settings

[DSCLocalConfigurationManager()] configuration LCMConfig {

    Node $TargetServer {

        Settings {

            RefreshMode = "Push"

            ConfigurationMode = "ApplyAndAutoCorrect"

            ConfigurationModeFrequencyMins = 15

            RebootNodeIfNeeded = $false # If you say yes DSC will interrupt users and force a reboot

        }

    }

}

First, we are declaring the configuration object as a DSC local configuration manager object type with the [DSCLocalConfigurationManager()] attribute on line 7. Then we declare the configuration as “LCMConfig”. You can think of configurations similar to a function.

Next, we call the node we want to modify. In this case, it is the variable “$TargetServer” which we have set to “MDWS01”. On line 11 we are declaring the settings we want to apply to the LCM.

  • RefreshMode could be Disabled, Push or Pull
  • ConfigurationMode could be ApplyOnly, ApplyAndMonitor or ApplyAndAutoCorrect
  • ConfigurationModeFrequencyMins can be any integer above 10
  • RebootNodeIfNeeded can be $true or $false

There are many more settings you can modify and learn about in the Microsoft documentation:

https://docs.microsoft.com/en-us/powershell/scripting/dsc/managing-nodes/metaconfig?view=powershell-7

Now we need to take these settings and create a configuration file for the target node. Thankfully PowerShell will do this for us. We just need a folder to store these configuration files. I’m going to make a folder called “DSC” on the C drive:

Back in the PowerShell ISE, let’s create the new LCM configuration file with the following command:

$LCMConfig = LCMConfig -OutputPath “C:\DSC\Config”

This will generate a MOF file with the hostname like MDWS01.meta.mof:

This is the actual DSC config file that is applied to the machine. You can open the file and see the settings that are being applied - but you don’t need to do anything with the file.

Back at the ISE, we need to apply the configuration to the target server. We can do that with the following command:

Set-DscLocalConfigurationManager -Path “C:\DSC\Configs” -ComputerName $TargetServer

This will look inside the LCMConfig folder for a MOF file with the same host name as “$TargetComputer”. In our example, it’s MDWS01. Then it will apply that MOF file to the target host.

Once we execute that command, the settings have been applied to the target computer.

Now we can see what settings are currently being applied with the “Get-DscLocalConfigurationManager -CimSession $Session” command:

We can see the RefreshMode, ConfigurationMode, ConfigurationModeFrequencyMins, and RebootNodeIfNeeded settings that we configured have been applied to the computer.

As a final step I am going to save the script as “GenerateLcmConfiguration.ps1” under “C:\DSC”:

And that’s it! The final script is below incase you want to copy / paste:

$TargetServer = "SAMS01"

# Create a CIM session

$Session = New-CimSession $TargetServer

# Declare local config manage settings

[DSCLocalConfigurationManager()] configuration LCMConfig {

    Node $TargetServer {

        Settings {

            RefreshMode = "Push"

            ConfigurationMode = "ApplyAndAutoCorrect"

            ConfigurationModeFrequencyMins = 30

            RebootNodeIfNeeded = $false # If you say yes DSC will interupt users and force a reboot

        }

    }

}

# Create LCM config for the target node

$LCMConfig = LCMConfig -OutputPath "C:\DSC\Config"

# Apply the new LCM config

Set-DscLocalConfigurationManager -Path “C:\DSC\Config” -ComputerName $TargetServer

# Get the new LCM config

Get-DscLocalConfigurationManager -CimSession $Session

0 0 votes
Lesson Rating
Subscribe
Notify of