Automating the world one-liner at a time…
The value and number of PowerShell Desired State Configuration (DSC) resources coming from Microsoft continues to grow. As of the release of DSC Resource Kit Wave 3, we were up to 50 total.
Now, we're happy to announce the DSC Resource Kit Wave 4. This wave contains 16 new DSC resources, taking us up to 67 total resources between the Resource Kit and what is shipping in Windows 8.1/Server 2012 R2. Here’s a link to the new items in the DSC Resource Kit Wave 4. You can also find them by using PowerShellGet.
Now, you might be thinking, "That is an awful lot of resources. Am I going to have to download them all individually?" If you're using PowerShellGet, installation is as easy as running Install-Module. If you haven't installed the latest WMF 5.0 Preview, you can still download all of the latest DSC resources from this page on TechNet Script Center. If you want to take a more à la carte approach, you can still search for “DSC Resource Kit” on TechNet Script Center.
In addition to the new resources, we have also made some updates to existing resources based on feedback we have received.
If you're looking into using PowerShell DSC, but are blocked by a lack of resources, let us know in the comments or the TechNet QA Section.
What's in this Wave?
This wave has adds a number of frequently-requested new resources, along with updates to existing modules.
As always, we must reiterate that these resources come without any guarantees. The “x” prefix stands for experimental – which means these resources are provided AS IS and are not supported through any Microsoft support program or service. We will monitor the TechNet pages, take feedback, and may provide fixes moving forward. Also, don’t forget to check out the community versions of many resources on PowerShell.Org's GitHub.
After installing the modules, you can discover all of the resources available by using the Get-DSCResource cmdlet. Here is a brief description of each resource (for more details on a resource, check out the TechNet pages).
Defines the relationship between compute and storage
Simple resource for creating VMs with limited options
Creates a cloud service for the VMs
creates the online storage account where the blobs for the test environment will reside
sets the current Azure subscription context
creates a virtual machine in Azure including access to VM Guest extensions
Allows creation of PowerShell JEA Endpoints that leverage one or more JEA Toolkits and properties of the endpoints including access control
Allows creation of a JEA Toolkit that defines which applications, scripts, and commands should be available within a PowerShell constrained endpoint configuration
This resource allows setting a Secondary zone on a given DNS server. Secondary zones allow client machine in primary DNS zone to do DNS resolution of machines in the secondary DNS zone.
This resource allows a DNS Server zone data to be replicated to another DNS server.
Sets a scope for consecutive range of possible IP addresses that the DHCP server can lease to clients on a subnet.
Sets lease assignments used to ensure that a specified client on a subnet can always use the same IP address
Supports setting DNS domain and DNS Server IP Address options at a DHCP server scope level.
Adds support for configuring Windows Event Logs.
Used to establish a cross-domain trust
xPSDesiredStateConfiguration, xDscResourceDesigner, xDscDiagnostics
Feature additions and bug fixes
The specific changes to existing resources will be noted on the individual TechNet pages.
When making changes to these resources, we urge the following practice:
1. Update the following names by replacing MSFT with your company/community name and replacing the “x” with "c" (short for "Community") or another prefix of your choice:
a. Module name (ex: xWebAdministration becomes cWebAdministration)
b. Folder name (ex: MSFT_xWebsite becomes Contoso_cWebsite)
c. Resource Name (ex: MSFT_xWebsite becomes Contoso_cWebsite)
d. Resource Friendly Name (ex: xWebsite becomes cWebsite)
e. MOF class name (ex: MSFT_xWebsite becomes Contoso_cWebsite)
f. Filename for the <resource>.schema.mof (ex: MSFT_xWebsite.schema.mof becomes Contoso_cWebsite.schema.mof)
2. Update module and metadata information in the module manifest
3. Update any configuration that use these resources
We reserve resource and module names without prefixes ("x" or "c") for future use (e.g. "MSFT_WebAdministration" or "Website"). If the next version of Windows Server ships with a "Website" resource, we don't want to break any configurations that use any community modifications. Please keep a prefix such as "c" on all community modifications.
As specified in the license, you may copy or modify this resource as long as they are used on the Windows Platform.
The DSC Resource Kit requires Windows 8.1 or Windows Server 2012 R2 with update KB2883200 (aka the GA Update Rollup). You can check whether it is installed by running the following command:
PS C:\WINDOWS\system32> Get-HotFix -Id KB2883200
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
NANA-TOUCH Update KB2883200 NANA-TOUCH\Admini... 9/30/2013 12:00:00 AM
For most modules, you can use them on supported downlevel versions of Windows by installing WMF 4.0. Refer to these previous blog posts for more information on WMF 4.0 and issues with partial installation.
Note: The xJEA (Just Enough Admin) module requires the use of the Windows Management Framework (WMF) 5.0 preview , which only works with Windows 8.1 or Windows Server 2012 R2.
maybe somone got a little bit more experience with JEA... how do i controll wich user is actually allowed to the Endpoints? In the demos "everyone" is able to connect to.. but if i create several different endpoints maybe i don't wan't that admin A can use cmdlets that are supposed to be used by admin B. In the dscresource i cannot find a way to set the User.. so maybe somone got a clue for that....
The default permissions on the demo endpoint is "Everyone" You can see by running the following cmd where the endpoints are created.
Get-PSSessionConfiguration -Name Demo1EP
The users who are allowed access to the endpoints are controlled by setting the SecurityDescriptorSddl parameter. Currently, unless you know SDDL strings, it could be a bit hard to construct. We are looking into ways to improve this while keeping the flexibility that SDDL provides.