PowerShell DSC - using an IP address to Configure a Workgroup Machine

 

PowerShell’s Desired State Configuration is becoming a core component of Windows and is included with the installation of PowerShell 5.

Earlier I wrote about enabling WinRM using a self-signed certificate (http://www.laurierhodes.info/?q=node/115).   Use those instructions to configure WinRM on a newly built machine.

This blog intends to show how the remote machine may be configured using DSC.  As an example, I’m using a built-in DSC Resource to write a registry key but through installing optional DSC Resources, that could just as easily involve downloading and installing software.

Some of the advantages for using DSC is that it is can be rerun across machines & we can configure clients to poll a central server for a configuration & install themselves.

This PowerShell DSC script was pushed from a central server to a bare Windows Server 2012 R2 machine that had been configured with an HTTPS listener.  The DSC Configuration is pushed using a CIM Session that allows remote machines to be identified by only using an IP address.

configuration MyConfig
{
    Param(
        [Parameter(Mandatory=$True)]
        [String]$ComputerName,

        [Parameter(Mandatory=$True)]
        [PSCredential]$Credential
    )
    Import-DscResource -ModuleName PSDesiredStateConfiguration;

    node $ComputerName
    {
          Registry RegWrite {
                Ensure = "Present"
                Key = "HKLM:\SOFTWARE\Rhubarb"
                ValueName = "Example"
                ValueData = "WriteSomething"
           }
     }
}

$MyCredential = New-Object System.Management.Automation.PSCredential `
                ("administrator",(ConvertTo-SecureString "MyPassword!" -AsPlainText -Force))

#### Create the MOF
MyConfig   -ComputerName "192.168.2.113" -OutputPath "c:\temp\myconfig" -Credential $MyCredential 

$cimSessionOption = New-CimSessionOption -UseSsl -SkipCACheck -SkipCNCheck
$cimSession = New-CimSession -SessionOption $cimSessionOption -ComputerName "192.168.2.113" -Port 5986  -Credential $MyCredential -Verbose 

Start-DscConfiguration "c:\temp\MyConfig" -CimSession $cimSession -Wait -force