[PowerShell] Getting started with Windows PowerShell Desired State Configuration – Part 2 – Pull Server

After the introduction with DSC I got exited of possibilities, so what’s next?

Setting up a PS DSC Pull Server is the next step. I had some issues with the Pull Server installation on Windows 2008 R2, so I try to keep it simple and deployed a Windows 2012 R2 server. Maybe I will try later on to install the DSC Pull Server on Windows 2008 R2, for research purposes.

I meanly used the blog post of Steven Murawski Building a Desired State Configuration Pull Server, but there were some point in there that needed clarification. In the walk-through below I will add the extra steps and command snippets, but I will keep most settings default.

So I split the installation of the DSC Pull Server into 2 phases, Installation and Configuration:

Installation

Step 1) Deploy a Windows 2012 R2 Standard server (in my case a VM with 1 CPU and 2GB of memory)

Step 2) Join domain, set a static IP, and run every Windows Update

Step 3) Install Windows Management Framework 4.0 (Download@MS) and reboot

Step 4) Install DSC-Services: Start PowerShell (as Administrator) and use command below:

Add-WindowsFeature Dsc-Service

Step 5) Enable IIS Manager using the command below:

Get-WindowsFeature|where{$_.name -eq "Web-Mgmt-Tools"} | Add-WindowsFeature

Configuration

Step 1) Create directories:

New-Item C:\inetpub\wwwroot\PSDSCPullServer -type directory
New-Item C:\inetpub\wwwroot\PSDSCPullServer\bin -type directory

Step 2) Copy files:

$DefDSC = “C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\PullServer”
Copy-Item $DefDSC\Global.asax C:\inetpub\wwwroot\PSDSCPullServer
Copy-Item $DefDSC\PSDSCPullServer.mof C:\inetpub\wwwroot\PSDSCPullServer
Copy-Item $DefDSC\PSDSCPullServer.svc C:\inetpub\wwwroot\PSDSCPullServer
Copy-Item $DefDSC\PSDSCPullServer.xml C:\inetpub\wwwroot\PSDSCPullServer
Copy-Item $DefDSC\PSDSCPullServer.config C:\inetpub\wwwroot\PSDSCPullServer\web.config
Copy-Item $DefDSC\Microsoft.Powershell.DesiredStateConfiguration.Service.dll C:\inetpub\wwwroot\PSDSCPullServer\bin
Copy-Item $DefDSC\Devices.mdb $env:programfiles\WindowsPowerShell\DscService

Step 3) Open the IIS Manager and create Application pool that runs under the “LocalSystem” account:

PSDSC-AppPool

Step 4) Open the IIS Manager and create a new site or reuse the default site (as I did), point the root of the site to the PSDSCPullServer and change the Application Pool to the pool and directory we created earlier:

PSDSC-IISconf

Step 5) Unlock the sections of the web config as below:

$appcmd = "$env:windir\system32\inetsrv\appcmd.exe"
& $appCmd unlock config -section:access
& $appCmd unlock config -section:anonymousAuthentication
& $appCmd unlock config -section:basicAuthentication
& $appCmd unlock config -section:windowsAuthentication

Step 6) Update the web.config we copied earlier, put the code in the “appSettings”:

<add key="dbprovider" value="System.Data.OleDb" />
<add key="dbconnectionstr" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Program Files\WindowsPowerShell\DscService\Devices.mdb;" />
<add key="ConfigurationPath" value="C:\Program Files\WindowsPowerShell\DscService\Configuration" />
<add key="ModulePath" value="C:\Program Files\WindowsPowerShell\DscService\Modules" />

 

Now Test

If you navigate to http://localhost/psdscpullserver.svc you will see something like below:

PSDSC-WEB

Now the configuration of the PowerShell Desired Configuration Pull Server is done and you can proceed with creation of the Configurations.

Also see my earlier post on Getting started with Windows PowerShell Desired State Configuration – Part 1

 

Other Links I can recommend:

http://readsource.co.uk/blog/2013/10/1/configuring-powershell-dsc-pull-mode

http://blog.cosmoskey.com/powershell/desired-state-configuration-in-pull-mode-over-smb/

http://shellyourexperience.com/2013/09/12/powershell-v4-desired-state-configuration-my-precio-ops-desired/

[PowerShell] Getting started with Windows PowerShell Desired State Configuration – Part 1

I recently started with PowerShell DSC, this post is to get you up to speed.

Last year Microsoft announced Windows PowerShell Desired State Configuration (DSC) as part of PowerShell v4 during TechEd North America. DSC is a very cool new feature that lets administrators write a declarative “script” that describes what a computer should look like. PowerShell takes that, matches the declarative components with underlying modules, and ensures that the computer does, in fact, look like that. Nearly anything can be checked and controlled: roles, features, files, registry keys. Anything that a PowerShell module can do.

This year Microsoft announced the CTP release of the Windows PowerShell DSC for Linux on GitHub, the step by step guide for Linux DSC.
Will DSC replace other Configuration Managers like Puppet/Chef/etc.? No surely not, Microsoft enables the other Configuration Managers to leverage DSC to saves them, and their users, work.

How does DSC work?
The process is very much like any other Configuration Managers:

  • Client configuration (Windows Management Framework 4)
  • Push or Pull Server
  • Managed Object Format (MOF), the declarative “script”

Basically there is no need to manually create the MOF script, there are already a lot of MOF scripts available on the DSC GitHub.

So where should you start?
I started with 2 related pages: DSC GitHub and Building a DSC Pull Server.
Creating a DSC Pull server on Windows 2008 R2 like me then you need some extra step, I still have some issues getting the Pull server to work on a AD server.

Let me know if you find some cool and useful stuff about DSC.

[PowerShell] Freeware script editor comparison

Having a PowerShell script editor that helps you in with your task at hand improves your speed and quality enormously. This is for PowerShell beginners and even for expert users. I myself started with MS Notepad as my PowerShell editor, it’s fast but there are zero features that help you. Soon I switched over to Notepad++, a fast and simple editor with syntax support/highlighting for PowerShell.

Nowadays I also need debug support for the big and complex scripts, there are many varieties of script editors that have debugging. I choose PowerGUI (Quest/Dell) as my script editor with debug capability, also because of the PowerPacks that are created by their community. PowerPacks are pre-built scripts with customizable interfaces, for example the VMware Community PowerPack gives a management console for your daily VMware tasks.
Not to forget the Microsoft very own Windows PowerShell ISE, I’m not a huge fan. PowerShell ISE is fast and has debugging, still it lacks the community hooks and has less features than PowerGUI.

MS Notepad, used when a better editor is not available:
MSNotepad
Notepad++, replaces MS Notepad and gives great inside in to any script:
NotepadPlusPlus
PowerShell ISE, fast but missing features:
PowerShellISE
PowerGUI, great for editing big and complex scripts:
PowerGUI

More PowerShell script editors, this is my selection.

[PowerShell] AD enable UNIX Attributes

When using Active Directory and UNIX Attributes (User/Group Unique Identifiers) the first thing you need is the Identity Management for UNIX Components. Now you are ready to start using UNIX Attributes.

Adding UNIX Attributes to every user and group in your domain, using PowerShell.

Get every user that already has UNIX Attributes enabled, only change the and the to you specifics:

Remove-Variable -Name * -Force -ErrorAction SilentlyContinue
Import-Module ActiveDirectory
$usuarios = Get-ADUser -Filter * -SearchBase "DC=;,DC=" -Properties:* | sort SamAccountName
foreach($usr in $usuarios){write-host $usr.SamAccountName,$usr.mssfu30nisdomain,$usr.uidnumber}

Setting the Unix IDs it a bit more difficult, you need to do 4 thing:
1. Get the last Unix User ID available
2. Enable NIS on the User account
3. Give the user a unique Unix User ID
4. Make the user member of a Unix Group

Set every user that didn’t receive a UNIX Attributes yet, only change the and the to you specifics:

Remove-Variable -Name * -Force -ErrorAction SilentlyContinue
Import-Module ActiveDirectory
$NIS = Get-ADObject "CN=NISdomain,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=myDomain,DC=local" -Properties:* #Get NIS server information
$maxUid = $NIS.msSFU30MaxUidNumber #Get the last used User ID

$usuarios = Get-ADUser -Filter * -SearchBase "DC=myDomain,DC=local" -Properties:* #Get all users
foreach($usr in $usuarios)
{
  if ($usr.mssfu30nisdomain -eq $null){
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{mssfu30nisdomain = "NISdomain"} #Enable NIS
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{gidnumber="10000"} #Set Group ID
  $maxUid++ #Raise the User ID number
  Set-ADUser -Identity "$($usr.SamAccountName)" -Replace @{uidnumber=$maxUid} #Set User ID
  Write-Host -Backgroundcolor Green -Foregroundcolor Black $usr.SamAccountName changed #Write Changed Username to console
  }
  else{Write-Host -Backgroundcolor Yellow -Foregroundcolor Black $usr.SamAccountName unchanged} #Write Unchanged Username to console with a yellow background
}