I do not understand the concept of building a new computer using DSC

Can someone please help me understand the following

I believe DSC requires the LCM and the LCM is part of the OS (for recent versions of Windows) so in other words if I had Server 2012 R2 then it would have DSC/LCM out of the box

what I do not understand is, I have seen a number of posts which said people build an new computer (e.g. from .iso image) using DSE. How can you this be done if you start of with a computer with no OS (as DSC/LMC is ‘part of the OS’) so no OS no DSC/LCM

I understand how you can PXE a server get a DHCP address (and related settings like DNS) then build from a build Server like WDS as this will install a pre-execution environment to carry on the full build

But creating brand new computers (e.g. hardware with physical disks and network cards but no OS) using DSE, when the LCM is not present on the computer (as no OS installed) seems like a chicken and egg situation to me

can someone please explain


Sorry typos above, when I said DSE I meant to type DSC

AFAIK, there is nothing in DSC that will give you this specifically. You must have some type of boot loader to get all the hardware talking and thinking. From there the boot loader will lay down the image of the OS, then DSC can take over and perform the configuration.

As long as we are dealing with virtualized hardware, then this link comes into play for the “auto pilot” portion. If we are speaking about an enterprise level deployment, typically the vast majority of your hosts will be virtualized.

Hope this helps,

Thanks very much for the clarification Jim, much appreciated.

I do not think the recipe described in the link works anymore(injecting MOF in the target) since MOF have to be encrypted by the LCM itself now to be read.

I am currently fiddling with Ansible to create the VM’s(working great so far) and then inject a script that will configure the LCM agent in pull mode to go get it’s mof(getting close, but still having some problems). Or maybe use ansible + WinRM to simply push the mof using Start-DSCconfiguration(so that way the mof will get encrypted on reception). We’re still unsure about the push or pull approach though.

Hello Syl
Thanks very much for taking the time to reply, much appreciated

My boss would like to use one computer configuration tool (to stop build drift)

Ideally the boss want the computer be to in a known state ‘before’ connecting to the network e.g. NIC before card enabled for example

So I just has the following idea
Build a server, set it up how you want it (install AV etc), next setup DSE/LCM with Pull Server (so the Server knows where to find the pull server). So at this point the computer is configured correctly and DSE is enforcing the configuration

Then SysPrep the server (to remove from Domain and its Windows ID) then creating an .ios or other image type
use this .ios/image when standing up a new computer (admin how is setting up computer enters information removed by SysPrep)

I am hoping (do not have a LAB to test at the moment), that when the Server comes up the LCM will check/enforce is local configuration from information held under C:\Windows\System32\confiuration folder, ?

I am thinking the last part of the DSE (e.g. depends on AV running etc) check to see if the NIC is Enabled and if not Enabled the NIC. I am hoping the LCM on the computer will connect to the pull server to pickup the latest DSE configurations that may apply to it.

I know each computer (being managed by the LCM) has a GUID which is held in the pull servers database, therefore I am not sure if SysPrep the computer would in somehow also affect this LCM GUID ?


I’ll typically have my automation register the machine to the pull server, apply the configuration; and when it’s compliant, reset the LCM to defaults (with a new mof) and start the sysprep/imaging process. You could also just apply the configuration manually if you like to look busy watch text scroll (-Wait -Verbose).

You could also pull the configuration in a task sequence.

I actually have runbooks in Azure designed to build out managed images for the first scenario. I get a lot of clients that want to have their own ‘Company Branded’ image in the cloud. It just makes things easier to leverage DSC to do that.

What I’m working on currently is standing up a Hyper-V Virtual Machine and doing the following:

  1. Setup VM

2.Unattended Windows Install

  1. Join AD Domain

  2. Add people as Local Admins

  3. Initialize any storage disks I need

  4. Perform a DSC Push config to the box

After that, we intended to setup a Pull Server (currently starting to work on that) and the machines will be swapped to a pull setup instead.