I want to transfer more and more logic away from Group Policies towards Windows PowerShell Desired State Configuration (DSC). There are several reasons why i think that DSC is much better than my old (and complex) group policy constructs, but the main reason (at least for me): I can manage DSC clients that are domain joined, not domain joined, or even Azure Active Directory domain joined the same way.
This is also something I use for Edge servers (like Skype or Exchange); they are not domain joined. And if you have more than one that should do exactly the same, this is where DSC could become a life saver and make your life very easy.
I play around with several DSC Push and Pull server instances, but I wanted to have the same set of DSC resources available on all of them. At least until I know which to keep to reduce my own logic.
I use the DSC Script Resource a lot. I do a lot of checks and implemented a lot of logic and flexibility within a lot of Script Resources. However, this is the wrong way to use DSC! At least, in my opinion!
There are some very cool ready to use DSC resources available, and this reduces the script resource usage (or what I did: abuse). Why should I keep my own logic when someone else created nearly the same as a central and maintained DSC resource? I know: I’m lazy!
So I created myself the following initial script:
#requires -Version 2.0 -Modules PowerShellGet -RunAsAdministrator
<#
.SYNOPSIS
Install some DSC Resources
.DESCRIPTION
Getting, install, or update DSC Resources I want to have.
It could be used to install every Module from the Gallery.
However, this is something I do with DSC afterwards!
.EXAMPLE
PS C:\> .\invoke-GetDSCResources.ps1
.EXAMPLE
PS C:\> .\invoke-GetDSCResources.ps1 -verbose
VERBOSE: Populating RepositorySourceLocation property for module PSDscResources.
VERBOSE: Try to update PSDscResources
VERBOSE: Updated PSDscResources
.NOTES
Small script I created for myself.
I have to prepare DSC systems from time to time, and I want to have the same set of DSC resources on all of them.
Mainly because I'm lazy, but I'm an old-school Unix guy: Never type something more than two times: AUTOMATE.
I install the resources system wide!
That is why we have the Elevated Shell requirement (#Requires -RunAsAdministrator).
If you want to use it just for the current user, change the Scope in $paramInstallModule from 'AllUsers' to 'CurrentUser'.
TODO: Pester Test is missing
DONE: Make it more robust
Disclaimer: The code is provided 'as is,' with all possible faults, defects or errors, and without warranty of any kind.
Author: Joerg Hochwald
License: http://unlicense.org
.LINK
Author http://jhochwald.com
.Link
License http://unlicense.org
#>
[CmdletBinding()]
param ()
begin
{
# Define some defaults
$STP = 'Stop'
$SC = 'SilentlyContinue'
# Suppressing the PowerShell Progress Bar
$script:ProgressPreference = $SC
# Create a list of the DSC Resources I want
$NewDSCModules = @(
'PSDscResources',
'xNetworking',
'xPSDesiredStateConfiguration',
'xWebAdministration',
'xCertificate',
'xComputerManagement',
'xActiveDirectory',
'SystemLocaleDsc',
'xRemoteDesktopAdmin',
'xPendingReboot',
'xSmbShare',
'xWindowsUpdate',
'xDscDiagnostics',
'xCredSSP',
'xDnsServer',
'xWinEventLog',
'xDhcpServer',
'xHyper-V',
'xStorage',
'xWebDeploy'
'xRemoteDesktopSessionHost',
'xDismFeature',
'xSystemSecurity',
'WebAdministrationDsc',
'OfficeOnlineServerDsc',
'AuditPolicyDsc',
'xDFS',
'SecurityPolicyDsc',
'xReleaseManagement',
'xExchange',
'xDefender',
'xWindowsEventForwarding',
'cHyper-V'
)
}
process
{
foreach ($NewDSCModule in $NewDSCModules)
{
# Cleanup
$ModuleIsAvailable = $null
# Check: Do I have the resource?
$paramGetModule = @{
ListAvailable = $true
Name = $NewDSCModule
ErrorAction = $SC
WarningAction = $SC
}
$ModuleIsAvailable = (Get-Module @paramGetModule)
if (-not ($ModuleIsAvailable))
{
# Nope: Install the resource
try
{
Write-Verbose -Message "Try to install $NewDSCModule"
$paramInstallModule = @{
Name = $NewDSCModule
Scope = AllUsers
Force = $true
ErrorAction = $STP
WarningAction = $SC
}
$null = (Install-Module @paramInstallModule)
Write-Verbose -Message "Installed $NewDSCModule"
}
catch
{
# Whoopsie
$paramWriteWarning = @{
Message = "Sorry, unable to install $NewDSCModule"
ErrorAction = $SC
}
Write-Warning @paramWriteWarning
}
}
else
{
try
{
Write-Verbose -Message "Try to update $NewDSCModule"
# TODO: Implement the check from invoke-ModuleUpdates.ps1 to prevent the unneeded update tries.
$paramUpdateModule = @{
Name = $NewDSCModule
Confirm = $false
ErrorAction = $STP
WarningAction = $SC
}
$null = (Update-Module @paramUpdateModule)
Write-Verbose -Message "Updated $NewDSCModule"
}
catch
{
# Whoopsie
$paramWriteWarning = @{
Message = "Sorry, unable to update $NewDSCModule"
ErrorAction = $SC
}
Write-Warning @paramWriteWarning
}
}
}
}
end
{
# No longer suppressing the PowerShell Progress Bar
$script:ProgressPreference = 'Continue'
}
You could use the same logic to install nearly all modules from the Gallery (or any another valid PowerShellGet Source).
This is something I do via DSC later and based upon the group that the DSC client belongs to; this could be a long list, or even a very short one.
Disclaimer: The code is provided ‘as is,’ with all possible faults, defects or errors, and without warranty of any kind.