Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simple Push DSC with SCCM Compliance Items Matthew H. Teegarden Systems Software Engineer Lifetouch Inc. Joseph.

Published byCori May Modified over 8 years ago

Similar presentations

Presentation on theme: "Simple Push DSC with SCCM Compliance Items Matthew H. Teegarden Systems Software Engineer Lifetouch Inc. Joseph."— Presentation transcript:

1 Simple Push DSC with SCCM Compliance Items Matthew H. Teegarden www.EmptyGarden.info matthew@teegarden.us Systems Software Engineer Lifetouch Inc. Joseph Kaster @JosephDKaster Jdkaster@gmail.com AMOSA

2 @JosephDKaster Being awesome SCCM, SCORCH, PS, etc Sushi @TheEmptyGarden MCT, MCSE, MCSA Working with SCCM since SMS 1.2. Working with PowerShell since 1.0 Have pit tickets to both nights of Pearl Jam at Wrigley Field Presenter Name 2 Presenter Name 1

3 Y'all now DSC yo? What do you know about DSC?

4 Title What is PowerShell DSC Feature in PS v 4 and above Declarative Scripting – maintain consistent configuration sets across computers or devices. Write the script to describe what the system should ‘look like’ Enable or disable a server role Deploy new software Manage registry settings Manage files and directories Manage services and processes Manage groups and user accounts Fixing ‘drift’

5 Imperative versus Declarative Imperative Add-WindowsFeature Windows-Server-Backup Declarative Configuration BaseBuild { WindowsFeature Backup { Ensure = "Present" Name = "Windows-Server-Backup" }

6 Requirements.NET Framework 4.5 PowerShell remoting enabled Requirements for PUSH PowerShell DSC modules (see demo) Requirements for PULL IIS File Share

7 Built-In Resources (v4) 7 File Archive Environment Group Log Package Registry Script Service User WindowsFeature WindowsProcess

8 What about Group Policy? DSC No domain needed Works with no network at all MOF based (open platform) Reverts a change Resources drive coverage Authentication flexibility Requires PS v4.0 and remoting (WSMAN) Can emulate GPO by setting Policy registry path values Learning curve GPO Only works in domain scenario Connectivity generally needed Born from registry control Prevents a change No WMF dependency Well-known and established

9 Local MOFs 9 Directory: C:\Windows\System32\Configuration Mode LastWriteTime Length Name ---- ------------- ------ ---- d---s- 3/29/2015 7:55 PM BaseRegistration d---s- 3/30/2015 11:27 PM ConfigurationStatus d---s- 3/29/2015 7:55 PM PartialConfigurations d---s- 8/22/2013 10:36 AM Registration d---s- 8/22/2013 10:36 AM Schema -a---- 8/25/2014 2:55 PM 2636 backup.mof -a---- 3/30/2015 10:14 AM 3880 Current.mof -a---- 3/31/2015 9:25 AM 198 DSCEngineCache.mof -a---- 3/31/2015 9:26 AM 2492 DSCResourceStateCache.mof -a---- 3/31/2015 9:25 AM 11346 DSCStatusHistory.mof -a---- 3/29/2015 9:31 PM 714 MetaConfig.backup.mof -a---- 3/30/2015 9:55 AM 1104 MetaConfig.mof -a---- 3/30/2015 10:13 AM 3880 Previous.mof -a---- 3/29/2015 7:00 PM 3 PullRunLog.txt Current DSC configuration Current LCM settings

10 Microsoft Confidential LCM Properties Get-DscLocalConfigurationManager ConfigurationMode ApplyOnly ApplyAndMonitor ApplyAndAutoCorrect ConfigurationModeFrequencyMins Interval to apply configuration RefreshFrequencyMins Interval to pull configuration RefreshMode Push Pull Disabled 10 PS C:\> Get-DscLocalConfigurationManager ActionAfterReboot : ContinueConfiguration AgentId : 2F09ADC2-EE73-11E4-... AllowModuleOverWrite : False CertificateID : ConfigurationDownloadManagers : {} ConfigurationID : ConfigurationMode : ApplyAndMonitor ConfigurationModeFrequencyMins : 15 Credential : DebugMode : {All} DownloadManagerCustomData : DownloadManagerName : LCMCompatibleVersions : {1.0, 2.0} LCMState : Idle LCMStateDetail : LCMVersion : 2.0 MaxPendingConfigRetryCount : StatusRetentionTimeInDays : 10 PartialConfigurations : RebootNodeIfNeeded : False RefreshFrequencyMins : 30 RefreshMode : PUSH ReportManagers : {} ResourceModuleManagers : {} PSComputerName :

11 Title How does it work Start with a configuration script listing the elements you want configured and how you want them configured Configuration also specifies the machine(s) or ‘nodes’ to target The configuration is a MOF file – each machine gets its own Each machine can only have one configuration MOF file. However, partial configurations can be edited. MOF files get distributed to the nodes PUSH – manual file copy via WinRM PULL – nodes check a web server to retrieve their MOF Cool kids use PULL. Nodes check every few minutes for new or updated MOF and make sure settings match the MOF

12 Title How to configure a PUSH server Download the DSC Resource Kit - https://gallery.technet.microsoft.com/scriptcenter/DSC- Resource-Kit-All-c449312d https://gallery.technet.microsoft.com/scriptcenter/DSC- Resource-Kit-All-c449312d Or at a minimum download xPSDesiredStateConfiguration module - https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio- 417dc71d https://gallery.technet.microsoft.com/xPSDesiredStateConfiguratio- 417dc71d Add the Windows PowerShell Desired State Configuration Windows Feature Also can run from PS: Add-WindowsFeature DSC-Service WinRM needs to be enabled as well: WinRM quickconfig PSRemoting: Enable-PSRemoting

13 Demo Now for the fun stuff!

14 Troubleshooting DSC Using Event Logs to Diagnose Errors in Desired State Configuration http://blogs.msdn.com/b/powershell/archive/2014/01/03/using- event-logs-to-diagnoseerrors-in-desired-state-configuration.aspx DSC Diagnostics Module– Analyze DSC Logs instantly now! http://blogs.msdn.com/b/powershell/archive/2014/02/11/dsc- diagnostics-moduleanalyze-dsc-logs-instantly-now.aspx Troubleshooting DSC https://msdn.microsoft.com/en-us/powershell/dsc/troubleshooting

15 Troubleshooting DSC - Continued PowerShell: Get-DscConfigurationStatus Get-DscConfigurationStatus | Format-List * Test-DscConfiguration –Detailed Get-Content C:\Windows\System32\Configuration\DSCStatusHistory.mof Get-DscConfigurationStatus -All | Out-GridView Event Logs: Get-WinEvent –ListLog *dsc*,*desired* -Force | Out-GridView Get-WinEvent -LogName Microsoft-Windows-DSC/Operational -MaxEvents 50 | Out- GridView xDscDiagnostics Module: Get-Command –Module xDscDiagnostics Enable analytic and debug logs: 'Analytic','Debug' | ForEach-Object {Update-xDscEventLogStatus –Channel $_ -Status Enabled} Get-xDscOperation –Newest 10 Trace-xDscOperation –JobID ‘{JobID}’ | Out-GridView

16 And Then …

17

Download ppt "Simple Push DSC with SCCM Compliance Items Matthew H. Teegarden Systems Software Engineer Lifetouch Inc. Joseph."

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Get to Know DSC A PowerShell.org TechSession. Remember Find the latest TechSessions at

Get to Know DSC A PowerShell.org TechSession. Remember Find the latest TechSessions at
IP ADDRESS MANAGEMENT [IPAM]

IP ADDRESS MANAGEMENT [IPAM]
Technology Requirements for Online Testing Online Training Module for the Smarter Balanced Assessment.

Technology Requirements for Online Testing Online Training Module for the Smarter Balanced Assessment.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Managing User Settings with Group Policy

Managing User Settings with Group Policy
C ONFIGURATION M ANAGEMENT ON W INDOWS S ERVER Desired State Configuration.

C ONFIGURATION M ANAGEMENT ON W INDOWS S ERVER Desired State Configuration.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
Module 1 review: added practice steps

Module 1 review: added practice steps
$$$ Idea BusinessDevelopmentOperations codeProduct.

$$$ Idea BusinessDevelopmentOperations codeProduct.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Welcome Course 20410B Module 0: Introduction Audience

Welcome Course 20410B Module 0: Introduction Audience
Senior Technical Writer

Senior Technical Writer
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Deploying and Managing Windows Server 2012

Deploying and Managing Windows Server 2012
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.

Similar presentations

Ads by Google