Hey guys, hope you’re all doing great. I’m new here so please be gentle
I’m using DSC to automate the setup of my local Windows 10 machine (a bit of a different use case to the usual).
I understand that DSC runs as NT AUTHORITY\SYSTEM which is undesirable in my case. What I really want is for DSC to run as my username with elevation. The reasons are as follows:
- I want to ensure all files created by DSC are owned by me
- When running EXE installers, many use environment variables like APPDATA which differ when run as the SYSTEM user
[pre]
Configuration Sample
{
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node ‘localhost’ {
File FileDemo
{
SourcePath = ‘C:\AppleBcInstaller.log’
DestinationPath = ‘C:\wow\bc.log’
}
Script Installation
{
TestScript = { $true }
GetScript = { @{ Result = “whoami says - $(whoami)” } }
SetScript = { }
}
}
}
Sample | Out-Null
Remove-Item c:\wow\bc.log -ErrorAction SilentlyContinue
Attempting to run the entire DSC configuration with my current username (fgimi)
$cred = Get-Credential -UserName fgimi -Message “Gimme your password”
Start-DscConfiguration -Path Sample -Wait -Credential $cred
$fileOwner = (Get-Item -Path C:\wow\bc.log).GetAccessControl().Owner
$scriptResult = (Get-DscConfiguration | where ResourceId -eq ‘[Script]Installation’).Result
Write-Output “The bc.log file has the owner $fileOwner”
Write-Output “The script result is $scriptResult”[/pre]
The output above is still:
[pre]
PS C:\Users\fgimi\OneDrive\Development> .\dsc2.ps1
The bc.log file has the owner NT AUTHORITY\SYSTEM
The script result is whoami says - nt authority\system[/pre]
So clearly passing the Credential to the Start-DscConfiguration cmdlet doesn’t do the trick.
I’m aware that you may pass Credential or PsDscRunAsCredential to individual resources, but I really want to avoid that if I can, and run the entire configuration as me.
Is this possible or can you suggest an alternative approach?
Huge thanks in advance
Fotis