Book Image

Learning PowerShell DSC - Second Edition

By : James Pogran
Book Image

Learning PowerShell DSC - Second Edition

By: James Pogran

Overview of this book

The main goal of this book is to teach you to configure, deploy, and manage your system using the new features of PowerShell v5/v6 DSC. This book begins with the basics of PowerShell Desired State Configuration, covering its architecture and components. It familiarizes you with the set of Windows PowerShell language extensions and new Windows PowerShell commands that make up DSC. Then it helps you create DSC custom resources and work with DSC configurations with the help of practical examples. Finally, it describes how to deploy configuration data using PowerShell DSC. Throughout this book, we will be focusing on concepts such as building configurations with parameters, the local configuration manager, and testing and restoring configurations using PowerShell DSC. By the end of the book, you will be able to deploy a real-world application end-to-end and will be familiar enough with the powerful Desired State Configuration platform to achieve continuous delivery and efficiently and easily manage and deploy data for systems.
Table of Contents (9 chapters)

PowerShell V4 DSC

PowerShell V4 was released as part of WMF 4 on October 24, 2013, and contained the first released version of DSC. Even though this was the first release of DSC, it is still referred to as being version 4 of DSC. While confusing at first, this is largely something you can ignore, as versioning of DSC resources is a more frequent point of variance.

As the first release, this version of DSC largely focuses on bringing a minimally viable product to the market for Microsoft. Microsoft is a little late to the DevOps game with DSC, as there are several toolsets out there that have been in use for many years. Puppet and Chef are the most notable, but there are many others. What sets DSC apart here is that it is not an add-on or separate product; it's a core part of the Windows OS and can be used by other tools as much as it can be used by itself.

The first version contains most features needed out of the gate to start automating your deployment process, but only the built-in DSC resources were available and were lacking in addressing commonly used products such as IIS, SQL, or Exchange. In the early days, Microsoft relied heavily on the community to expand its DSC resource list, which resulted in mixed success. Microsoft released a set of DSC resources it authored to the community in batches to address the gap. The combination of community and Microsoft contributions has greatly expanded the reach of DSC, and it has been expanding it ever since.

V4 DSC language extensions

DSC adds three new functions as language extensions to support declaring the expected state of a machine:

  • Configuration: The configuration keyword is a DSC function that declares a set of operations to perform on a target system.
  • Node: The node configuration keyword is a DSC function that declares the target host to perform operations on.
  • Import-DscResource: This looks like a PowerShell cmdlet but really is a keyword. It locates the DSC resources needed to parse and compile the DSC configuration script.

V4 DSC base resources

The following table lists the DSC base resources of V4:

Base resource



The Service DSC resource performs operations against Windows services. It can start or stop a service or configure the account it runs under and the startup type of the service. This resource cannot install services; it operates only on services that are already present. Look at the xService resource for additional functionality.


The Script resource is a versatile generic resource. It allows you to specify an arbitrary block of code to be executed on the target host. There are some restrictions such as variable expansion and access to some system resources. Generally, this should be used for short term or one-off situations that are not handled by an existing DSC resource, as error handling and proper idempotency is difficult to achieve in the limited space you have.


The User DSC resource performs operations on local users on the target system. It allows the creation or deletion of users and setting passwords and password policies as well as basic attributes of the user.


The WindowsProcess DSC resource performs operations on processes on the target system. This is commonly used to execute arbitrary executables with specific parameters that are not handled by an existing DSC resource.


The WindowsFeature DSC resource adds or removes features of the Windows operating system. This uses the built-in Deployment Image Servicing and Management (DISM) infrastructure of the Windows Server platform; some features are not operable using this resource on a client OS.


The Registry DSC resource adds, removes, or modifies registry entries in the target system. Support for the full range of registry keys and values is present.


The Environment DSC resource adds, removes, or modifies environment variables on the target system.


The Archive DSC resource performs operations on compressed files.


The Group DSC resource performs operations on local groups on the target system. It can add, remove, or modify membership on local groups.


The Package DSC resource installs software bundled in MSI or EXE formats. In the case of MSI, it can also remove software if all the necessary options are provided to the MSI command line. Refer to the MSI documentation for more information on this.


The Log DSC resource writes messages to the DSC operational log. This is useful for troubleshooting or diagnostic purposes.

V4 DSC cmdlets




This cmdlet returns the current DSC configuration status of the node if the configuration exists. If it does not, this will throw an error. This can also be run on remote systems.


This returns the current settings, or meta-configuration, of the LCM on the system if the settings exist. This can be run on remote systems and is useful for troubleshooting DSC deployments that use DSC pull servers.


This cmdlet returns a list of all DSC resources on the system. This is vital in troubleshooting and authoring DSC resources, as it helps show what resources are present on the system. If the resource you are authoring is not present, then DSC cannot read the resource.


This cmdlet returns a hash from the DSC configuration MOF file. This is used to deploy MOF files to pull servers.


This cmdlet removes the compiled MOF from the target node, along with additional cleanup tasks.

This cmdlet is available only as part of the November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2:, from the Microsoft support library. Before you use this cmdlet, review the information in What's New in Windows PowerShell: in the TechNet library.


This cmdlet restores the previous configuration for the target node if a previous successful configuration exists on the target node.


This cmdlet stops a currently running configuration on a target node. This is useful in aborting interactive configuration runs initiated using Start-DSCConfiguration.

This cmdlet is available only as part of the November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: from the Microsoft Support library. Before you use this cmdlet, review the information in What's New With PowerShell: in the TechNet library.


This cmdlet runs the specified configuration against a target node but does not execute it. It compares the current state of the system to the expected configuration and reports back if they match. No changes are made to the system using this cmdlet.


This cmdlet is used to change the settings, or meta-configuration, on the LCM on the target computer. This is most often used in pull server scenarios.


This cmdlet executes the specified MOF file against the target computer. This is by far the cmdlet you will use the most, as it's helpful in both authoring and troubleshooting DSC configurations and DSC resources.


This cmdlet is really a dynamic function that is only available at runtime. It specifies which DSC resources need to be loaded to parse and compile the DSC configuration script.

V4 DSC pull server

The DSC pull server is the management server that the DSC agents on target nodes pull DSC configurations and DSC resources from. This will be explained in greater detail in Chapter 6, Pulling DSC Configurations.