How to copy files from a UNC path using DSC?

DSC
1

I’m trying to write up a small DSC PoC (vs Ansible), and as part of that, I want to copy required DSC Resources to the Windows 2016 server I’m running it on.
The server doesn’t have internet access, so I can’t download them directly from the Gallery.
Configuration Data:

$ConfigurationData = @{
	AllNodes = @(
		@{
			NodeName="*"
			PSDscAllowPlainTextPassword=$True
			PSDscAllowDomainUser=$True
		}
	);
}

The Configuration:

Configuration DSCPOCCopyDSCResources {
	param (
		[Parameter()]
		[PSCredential]$Credential
	)
	Node 'localhost' {
		File DirectoryCopy
		{
			SourcePath = "\\Share\Common\DevSupport\PowerShell.DSC.Resources"
			DestinationPath = "C:\Program Files\WindowsPowerShell\Modules"
			Recurse = $True
			Type = "Directory"
			Ensure = "Present"
			PSDSCRunAsCredential = $Credential
		}
	}
}

Then I run:

$Cred = (Get-Credential)
DSCPOCCopyDSCResources -OutputPath C:\Temp\ -ConfigurationData $ConfigurationData -Credential (Get-Credential)

I then get this output/error:

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = SendConfigurationApply,'className' = MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer SRV-PSDSC03 with user sid S-1-5-21-3324808359-1710566943-1674697894-74334.
VERBOSE: [SRV-PSDSC03]: LCM:  [ Start  Set      ]
VERBOSE: [SRV-PSDSC03]: LCM:  [ Start  Resource ]  [[File]DirectoryCopy]
VERBOSE: [SRV-PSDSC03]: LCM:  [ Start  Test     ]  [[File]DirectoryCopy]
VERBOSE: [SRV-PSDSC03]:                            [[File]DirectoryCopy] Access is denied.
VERBOSE: [SRV-PSDSC03]:                            [[File]DirectoryCopy] The related file/directory is: \\Share\Common\DevSupport\PowerShell.DSC.Resources.
VERBOSE: [SRV-PSDSC03]:                            [[File]DirectoryCopy] The path cannot point to the root directory or to the root of a net share.
VERBOSE: [SRV-PSDSC03]:                            [[File]DirectoryCopy] The related file/directory is: \\Share\Common\DevSupport\PowerShell.DSC.Resources.
VERBOSE: [SRV-PSDSC03]:                            [[File]DirectoryCopy] SourcePath must be specified if you want to configure the destination directory recursively. Make sure that SourcePath is a directory and that it
is accessible.
SourcePath must be specified if you want to configure the destination directory recursively. Make sure that SourcePath is a directory and that it is accessible.
    + CategoryInfo          : InvalidArgument: (:) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : localhost

I first tried Credential instead of PSDSCRunAsCredential, but same error.
The user sid corresponds to my admin account.

Any ideas what I am doing wrong?
I have also tried opening the share in Explorer as well as running Test-Path, both successful…

2

you have to pass $Credential to DSCPOCCopyDSCResources while compiling the MOF. You can have a Credential parameter for DSCPOCCopyDSCResources and pass it while compiling the mof.

The credential used with Start-DSCConfiguration is used to push the configuration, but not to apply the configuration.

3

[quote quote=170059]you have to pass $Credential to DSCPOCCopyDSCResources while compiling the MOF. You can have a Credential parameter for DSCPOCCopyDSCResources and pass it while compiling the mof.

The credential used with Start-DSCConfiguration is used to push the configuration, but not to apply the configuration.[/quote]

Thanks, I overlooked that. My code in the OP has been changed t show what it is now, and now I sadly get a different error:

PSDesiredStateConfiguration\Configuration : System.InvalidOperationException error processing property 'PSDSCRunAsCredential' OF TYPE 'File': Converting and storing encrypted passwords as plain text is not recommended. For more
information on securing credentials in MOF file, please refer to MSDN blog: http://go.microsoft.com/fwlink/?LinkId=393729
At line:32 char:3
+   File
At line:25 char:1
+ Configuration DSCPOCCopyDSCResources {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Write-Error], InvalidOperationException
    + FullyQualifiedErrorId : FailToProcessProperty,Configuration

And no MOF is generated.

4

Below blog posts will help you to resolve this.

5

[quote quote=170137]Below blog posts will help you to resolve this.

Safely using PSCredentials in a Powershell DSC Configuration
<iframe class="wp-embedded-content" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="" src="https://blogs.infosupport.com/safely-using-pscredentials-in-a-powershell-dsc-configuration/embed/#?secret=LsVIwCfn0U" width="600" height="338" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" sandbox="allow-scripts" data-secret="LsVIwCfn0U" data-mce-fragment="1"></iframe>

https://blogs.technet.microsoft.com/ashleymcglone/2015/12/18/using-credentials-with-psdscallowplaintextpassword-and-psdscallowdomainuser-in-powershell-dsc-configuration-data/

[/quote]
Marvellous, thanks, I’ll give that a whirl on Monday when I’m back at the grindstone… :wink:

6

So, it turns out that the real problem was using 

NodeName=“*”
instead of 
NodeName=“localhost”
in my $ConfigurationData.
Changing that so my $ConfigurationData now reads like this, fixed it:

$ConfigurationData = @{
	AllNodes = @(
		@{
			NodeName="localhost"
			PSDscAllowPlainTextPassword=$True
			PSDscAllowDomainUser=$True
		}
	)
}

However!
I now have a similar struggle, in that I can’t create a new file on a share -__-
Super annoying, and tempted to make a new post…

7

Always welcome,you can make a new post with the new issue…