I am testing DSC and trying to do different stuff that is security focused mainly in order to be able to apply and track configurations and i am wondering if DSC is still a valid option?
After trying DSC for a few weeks and being able to generate simple mof.files i am getting to a point where it seems that DSC is lacking documentation and also having a mostly on-prem environment setting up DSC 1.1 (deprecated if i read it right) is not really a future proof option.
Is there any point in moving to DSC if we use it for on-prem stuff only?
Is there a possibility to use DSC 2.0 for on-prem stuff only?
If you have any good documentation of DSC 2.0 for on-prem please let me know as i would like to get deeper into DSC for on-prem operations.
If you have any alternative to DSC that might be more future proof please let me know.
Gpo is all fine, but what about the machines without any connection to an ad?
Workgroup Machines are far better handled via dsc in my understanding, or maybe directly via PowerShell and the registry but then i do not get any reporting on the status for free.
Also, is my understanding right that dsc 1.1 is deprecated and 2.0 as well as 3.0 are for azure connected machines only?
Or is there a way to use 2.0 for on prem?
You could use DSC to establish connection and bring into your domain/entra and then continue with policies where DSC is either too lacking or cumbersome. I think if we are going to be helpful we will need to know what you’re actually trying to do. I used DSC mostly for initial configurations, deployments for SQL, and certificate services. I feel like it never caught on like it should’ve and then when they scrapped to rewrite for 3… we see how well that’s gone thus far.
Handle non-domain servers through dsc
Add security-related stuff using, if possible PowerStig and track changes.
Only use push mode.
Track configuration changes for standard installed resources but that is an add-on
Security for non-domain servers is the main goal.
Edit:
Further info.
The servers are never going to join a domain