Hey guys,
i’m not trying to push or pull PSDesiredStateConfiguration
PS C:\Windows\system32> $PSVersionTable
Name Value
---- -----
PSVersion 5.0.10586.117
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.10586.117
CLRVersion 4.0.30319.34014
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
foreach ($item in $nodes) {
[DSCLocalConfigurationManager()]
configuration PullClientConfigID
{
Node $item
{
Settings
{
AllowModuleOverWrite = $true
RefreshMode = 'Pull'
RefreshFrequencyMins = 30
RebootNodeIfNeeded = $true
Debugmode = "All"
}
ConfigurationRepositoryWeb INGD-PullSrv
{
ServerURL = 'https://pullserver:8080/PSDSCPullServer.svc'
RegistrationKey = 'key'
AllowUnsecureConnection = $false
CertificateID = (get-childitem -path Cert:\LocalMachine\My | ?{$_.subject -like "*$item*"}).Thumbprint
ConfigurationNames = @("$item")
}
ReportServerWeb ClientD-ReportSrv
{
ServerURL = 'https://pullserver:8080/PSDSCPullServer.svc'
RegistrationKey = 'key'
CertificateID = (get-childitem -path Cert:\LocalMachine\My | ?{$_.subject -like "*$item*"}).Thumbprint
}
}
}
PullClientConfigID -verbose
Set-DSCLocalConfigurationManager –Path .\PullClientConfigID –Verbose -force -ComputerName $item
}
#Pull Servers.
$nodes = "SRV1","SRV2"
$ConfigurationData = @{
AllNodes = @(
@{
Role = @('Web', 'PullServer','Soe')
NodeName = "SRV1"
groupname = "Local Admins - SRV1"
Description = PULL Server - Web Farm'
PSDscAllowPlainTextPassword = $True
PSDscAllowDomainUser = $true
#Thumbprint = ""
#CertificateFile = "C:\inetpub\wwwroot\DSC\Keys\DscPublicKey.cer"
Domain = "$env:USERDNSDOMAIN"
PullServerEndPointName = 'PullServer'
PullserverPort = 8080
PullserverPhysicalPath = "C:\inetpub\wwwroot\DSC\PSDSCPullServer\"
PullserverModulePath = "\\SOFS\DSC\AU\Modules\"
PullServerConfigurationPath = "\\SOFS\DSC\AU\Configuration\"
RegistrationKeyPath = "\\SOFS\DSC\AU\Registration_Key\"
PullServerThumbPrint = "09D84548A44A4A415B9CA8C22B7C9ED8D8B37742"
ComplianceServerEndPointName = 'PSDSCComplianceServer'
ComplianceServerPort = 9080
ComplianceServerPhysicalPath = "C:\inetpub\wwwroot\DSC\Compliance\PSDSCPullServer"
ComplianceServerThumbPrint = 'AllowUnencryptedTraffic'
}
@{
Role = @('Web', 'PullServer','Soe')
NodeName = "SRV2"
groupname = "Local Admins - SRV2"
Description = 'TG AU DSC PULL Server - Web Farm'
PSDscAllowPlainTextPassword = $false
PSDscAllowDomainUser = $true
#Thumbprint = ""
#CertificateFile = "C:\inetpub\wwwroot\DSC\Keys\SRV2.cer"
Domain = "$env:USERDNSDOMAIN"
PullServerEndPointName = 'PULLServer'
PullserverPort = 8080
PullserverPhysicalPath = "C:\inetpub\wwwroot\DSC\PSDSCPullServer\"
PullserverModulePath = "\\SOFS\DSC\AU\Modules\"
PullServerConfigurationPath = "\\SOFSDSC\AU\Configuration\"
PullServerThumbPrint = "thumbprint "
RegistrationKeyPath = "\\SOFS\DSC\AU\Registration_Key\"
ComplianceServerEndPointName = 'PSDSCComplianceServer'
ComplianceServerPort = 9080
ComplianceServerPhysicalPath = "C:\inetpub\wwwroot\DSC\Compliance\PSDSCPullServer"
ComplianceServerThumbPrint = 'AllowUnencryptedTraffic'
}
);
}
Configuration PullServer
{
Param(
[PsCredential]$DomainAdminCredential
)
Import-DscResource -name iComputerDescription, iadgroup ,iServiceOwnProcess, idisk, iWaitForDisk, xSystemVirtualMemory, xComputer,iSccmSite,iLocalAccounts, idvddrive, xWebsite
Import-DscResource -Module xPSDesiredStateConfiguration -ModuleVersion 3.9.0.0
Import-DscResource –ModuleName PSDesiredStateConfiguration
Node $AllNodes.where{$_.Role -eq 'SOE'}.NodeName {
LocalConfigurationManager
{
ConfigurationMode = 'ApplyAndAutoCorrect'
RebootNodeIfNeeded = $true
DebugMode = 'ALL'
ActionAfterReboot = 'ContinueConfiguration'
RefreshMode = 'push'
CertificateId = "AllowUnencryptedTraffic"
}
windowsfeature RSATADPowerShell
{
name = 'RSAT-AD-PowerShell'
Ensure = 'Present'
}
iComputerDescription description
{
Name = $node.Description
Ensure = 'Present'
}
idvddrive Z
{
Name = "Z:"
Ensure = "Present"
}
xComputer Domain
{
Name = $node.nodename
Credential = $DomainAdminCredential
DomainName = $node.domain
}
iServiceOwnProcess WinRM
{
Name = 'WinRM'
Ensure = 'Present'
}
iWaitForDisk DiskP
{
DiskNumber= 0
RetryCount = 10
RetryIntervalSec = 20
}
idisk Page
{
DiskNumber = 1
DriveLetter = 'P'
Dependson = '[iWaitForDisk]DiskP'
}
xSystemVirtualMemory Page
{
ConfigureOption = 'CustomSize'
DriveLetter = 'P:'
InitialSize = '2048'
MaximumSize = '8096'
Dependson = '[idisk]Page'
}
iadgroup localadmins
{
GroupName = $node.groupname
Credential = $DomainAdminCredential
}
group Localadmins
{
GroupName = 'Administrators'
Ensure = 'Present'
MembersToInclude = @("$($env:USERDOMAIN)\$($node.groupname)")
Credential = $DomainAdminCredential
dependson = '[iadgroup]localadmins'
}
iSccmSite NR1
{
Name = "NR1"
Ensure = "Present"
}
iLocalAccounts ING
{
Name = $node.NodeName
Ensure = 'Present'
}
registry AutoAdminLogon
{
key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
ValueName = "AutoAdminLogon"
Valuedata = "0"
Ensure = "Present"
}
registry DefaultUserName
{
key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
ValueName = "DefaultUserName"
Valuedata = ""
Ensure = "Present"
}
registry DefaultDomainName
{
key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
ValueName = "DefaultDomainName"
Valuedata = ""
Ensure = "Present"
}
registry DefaultPassword
{
key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
ValueName = "DefaultPassword"
Valuedata = ""
Ensure = "Present"
}
registry AutoLogonCount
{
key = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"
ValueName = "AutoLogonCount"
Valuedata = "0"
Ensure = "Present"
}
registry DoNotOpenServerManagerAtLogon
{
key = "HKLM:\Software\Microsoft\ServerManager\"
ValueName = "DoNotOpenServerManagerAtLogon"
Valuedata = "1"
Ensure = "Present"
}
registry DisabledComponents
{
key = "HKLM:\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters\"
ValueName = "DisabledComponents"
valuedata = "4294967295"
Ensure = "Present"
ValueType = "Qword"
}
registry Showalltrayicons
{
key = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"
ValueName = "EnableAutoTray"
valuedata = "0"
Ensure = "Present"
ValueType = "Dword"
}
#End Node Role SOE
###############################################################################
Node $AllNodes.where{$_.Role -eq 'Web'}.NodeName {
# # Install the IIS role
WindowsFeature IIS {
Ensure = "Present"
Name = "Web-Server"
}
# # Make sure the following defaults cannot be removed:
WindowsFeature DefaultDoc {
Ensure = "Present"
Name = "Web-Default-Doc"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature HTTPErrors {
Ensure = "Present"
Name = "Web-HTTP-Errors"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature HTTPLogging {
Ensure = "Present"
Name = "Web-HTTP-Logging"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature StaticContent {
Ensure = "Present"
Name = "Web-Static-Content"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature RequestFiltering {
Ensure = "Present"
Name = "Web-Filtering"
DependsOn = '[WindowsFeature]IIS'
}
# # Install additional IIS components to support the Web Application
WindowsFeature NetExtens4 {
Ensure = "Present"
Name = "Web-Net-Ext45"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature AspNet45 {
Ensure = "Present"
Name = "Web-Asp-Net45"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature ISAPIExt {
Ensure = "Present"
Name = "Web-ISAPI-Ext"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature ISAPIFilter {
Ensure = "Present"
Name = "Web-ISAPI-filter"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature DirectoryBrowsing {
Ensure = "Present"
Name = "Web-Dir-Browsing"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature StaticCompression {
Ensure = "Present"
Name = "Web-Stat-Compression"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature ASP {
Ensure = "Present"
Name = "Web-ASP"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature CGI {
Ensure = "Present"
Name = "Web-CGI"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature IPDomainRestrictions {
Ensure = "Present"
Name = "Web-IP-Security"
DependsOn = '[WindowsFeature]IIS'
}
WindowsFeature Management {
Name = 'Web-Mgmt-Service'
Ensure = 'Present'
}
Registry RemoteManagement { # Can set other custom settings inside this reg key
Key = 'HKLM:\SOFTWARE\Microsoft\WebManagement\Server'
ValueName = 'EnableRemoteManagement'
ValueType = 'Dword'
ValueData = '1'
DependsOn = @('[WindowsFeature]IIS','[WindowsFeature]Management')
}
Service StartWMSVC {
Name = 'WMSVC'
StartupType = 'Automatic'
State = 'Running'
DependsOn = '[Registry]RemoteManagement'
}
xWebsite DefaultSite {
Name = "Default Web Site"
State = "Started"
PhysicalPath = "C:\inetpub\wwwroot"
DependsOn = "[WindowsFeature]IIS"
}
} #End Node Role Web
###############################################################################
Node $AllNodes.where{$_.Role -eq 'PullServer'}.NodeName {
# # This installs both, WebServer and the DSC Service for a pull server
# # You could do everything manually - which I prefer
WindowsFeature DSCServiceFeature {
Ensure = "Present"
Name = "DSC-Service"
}
xDscWebService PSDSCPullServer {
Ensure = "Present"
EndpointName = $Node.PullServerEndPointName
Port = $Node.PullServerPort
PhysicalPath = $Node.PullserverPhysicalPath
CertificateThumbPrint = $node.PullServerThumbPrint
ModulePath = $Node.PullServerModulePath
ConfigurationPath = $Node.PullserverConfigurationPath
RegistrationKeyPath = $node.RegistrationKeyPath
State = "Started"
AcceptSelfSignedCertificates = $False
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer {
Ensure = "Present"
EndpointName = $Node.ComplianceServerEndPointName
Port = $Node.ComplianceServerPort
PhysicalPath = $Node.ComplianceServerPhysicalPath
CertificateThumbPrint = $Node.ComplianceServerThumbPrint
State = "Started"
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
} # End Node PullServer
}
}
$source = '\\SOFS\DSC\AU\Configuration\'
PullServer -OutputPath $source -ConfigurationData $ConfigurationData -DomainAdminCredential (Get-Credential) -Verbose