Skip to content

Tag: DSC

Script: Getting, install, or update some default DSC Resources I want to have available

I want to transfer more and more logic away from Group Policies towards Windows PowerShell Desired State Configuration (DSC). There are several reasons why i think that DSC is much better than my old (and complex) group policy constructs, but the main reason (at least for me): I can manage DSC clients that are domain joined, not domain joined, or even Azure Active Directory domain joined the same way.

This is also something I use for Edge servers (like Skype or Exchange); they are not domain joined. And if you have more than one that should do exactly the same, this is where DSC could become a life saver and make your life very easy.

I play around with several DSC Push and Pull server instances, but I wanted to have the same set of DSC resources available on all of them. At least until I know which to keep to reduce my own logic.

I use the DSC Script Resource a lot. I do a lot of checks and implemented a lot of logic and flexibility within a lot of Script Resources.
However, this is the wrong way to use DSC! At least, in my opinion!

There are some very cool ready to use DSC resources available, and this reduces the script resource usage (or what I did: abuse). Why should I keep my own logic when someone else created nearly the same as a central and maintained DSC resource?
I know: I’m lazy!

This content is older than 2 years. It might be outdated.

DSC and Other issues with KB3150513 on Windows 2016 after installation

I installed the KB3150513 on some Windows 2016 Based systems. The Installation doesn’t ask for or enforced a reboot.
A couple of minutes later I pushed an updated DSC configuration and I saw the following Error Message:

The request to list features available on the specified server failed.
A DISM session could not be opened.

This content is older than 2 years. It might be outdated.

How to mitigate the WannaCry risk

A while ago, Microsoft warned about a critical issue with SMBv1. Microsoft also published updates for that Vulnerability.

The WannaCry Ransomware Attack used that Vulnerability in the SMBv1 implementation with an EternalBlue Exploit. I thing there is more to come! so my advice is to deploy critical updates as fast as possible, nothing new! And I told everyone to avoid the SMBv1 usage (by remove the support), like Microsoft did a few weeks ago.

Here is how to do that.

Remove SMBv1 on Windows 10
Remove SMBv1 on Windows 10
Wind0ws Server SMBv1
Remove SMBv1 on Windows Servers
This content is older than 2 years. It might be outdated.