I’m dealing with a unique situation: I manage three separate domains that cannot communicate with each other and have no general internet access, but they can all access GitHub. I’m exploring the idea of using GitHub as a central source of truth to manage Group Policy across these domains.
The plan is to use Desired State Configuration (DSC) to define and enforce Group Policy settings on the domain controllers in each domain, with GitHub serving as the repository for these configurations. Here’s how I envision the workflow:
- Store DSC configurations and
.mof
files in a private GitHub repository, organized for each domain. - Configure the domain controllers to pull the relevant configurations directly from GitHub, either on-demand or on a schedule.
- Apply the configurations locally to enforce consistent Group Policy settings across all sites.
While the concept seems viable, I’m curious:
- Has anyone implemented something similar using GitHub as the source of truth for DSC configurations?
- What’s the best way to securely authenticate domain controllers to GitHub in a restricted environment?
- Any advice on automating this process, validating configurations, or troubleshooting DSC-related issues?
If you’ve navigated a similar setup or have insights to share, I’d love to hear your suggestions!