Introducing DSC to my company

I’m a system engineer that supports vendor and homegrown applications(from an operational perspective). I’ve been researching DSC for about a month now, and think it might be a good fit for streamlining the overall support the applications. I have a few things I need to figure out before planning a more official roll out.
1.) Whats the best way to set up a repository for the different versions of the configuration files?
2.) My organization is very SILO’d with different teams handling patching, AD groups, app packaging, etc. Has anyone figured out how to break down those barriers that prevent a more efficient utilization of DSC? As an example, an OS patch recently caused an outage in production. I’m assuming with DSC I could roll back versions of the config file to quickly fix that issue(Please correct me if I’m wrong).

  1. Nobody’s really come up with anything better than a version repo like Git. We tend to not worry about the MOFs, but rather the .PS1 files used to generate the MOFs.

  2. Yeah, fix the organization’s culture LOL. And no, DSC isn’t a “total snapshot” of the machine, and you ordinarily wouldn’t use DSC to manage patch installation anyway. DSC describes how the machine is to be configured - including, for example, ensuring WSUS is turned on to install patches. DSC isn’t a “last known good” state, and its ability to uninstall a patch would be deeply limited. Rather, DSC’s ultimate goal would be to let you trash the affected machine and rebuild it anew, quickly and automatically, back to the state you wanted.

If you’ve not gotten into “The DSC Book,” you might; it covers a lot of the design stuff like this and might help shape your thinking.


Thank you for your timely response! I like the idea of version control of the configuration script rather than the mof file.

I’m assuming if idea of “trashing” and quickly rebuilding would require all configurations/patching/updates to applied through DSC? Otherwise you would have a partially configured/patch server after you do the rebuild.

Hi Brian,

You could look a the custom resource GitHub - dsccommunity/xWindowsUpdate: This module contains DSC resources for configuration of Microsoft Windows Update and installing Windows updates. and see if that would help?


Thank you I’m planning on give that a shot next patch cycle.

In your dev environment yeah :wink: