Configure Desired State Configuration (DSC) Push Settings

In this blog post, I will show you how to configure Microsoft Desired State Configuration (DSC) to re-apply configuration to hosts.

In the previous blog post, I’ve shown how to install Windows Server roles using DSC, and it is time to learn how to keep the configuration on the host.

By default, once we apply a DSC configuration, the policy is in reporting mode, meaning after deployment if configuration on the host is changed it will be reported to the event log but won’t re-apply.

The above is not ideal because if someone logs to the server and remove the role or change the configuration DSC will fix it.

Local Configuration Manager (LCM)

With the help of LCM which his also known as the brain behind DSC, we can configure the push server to monitor our nodes and re-apply the configuration if it changes.

In DSC terminology, this process is called drift because the configuration on the node has changed.

Configure

To configure the push settings, we need to create a DSC configuration file, compile it and use the Set-DscLocalConfigurationManager to apply the settings.

Below is the DSC configuration code.

The code set the mode to app and auto correct if the configuration has changed.

Push the configuration every 15 minutes.

Reboot the node if needed.

 Code

 Configuration LCMConfig  
 
 {      
 Import-DscResource -ModuleName PsDesiredStateConfiguration
 
 LocalConfigurationManager     
{
 ConfigurationMode   =  "ApplyAndAutoCorrect"       
ConfigurationModeFrequencyMins = 15    
RefreshMode    = "Push"       
RebootNodeIfNeeded    = $true     
}
}
   LCMConfig

Compile

Let’s go ahead and compile the configuration.

. .\LCMConfig.ps1

Apply

To apply the configuration, I will run it as follow.

Set-DscLocalConfigurationManager -Path .\LCMConfig -Verbose

After applying the configuration, all DSC jobs will get it.

On one of my hosts, I can see that the configuration was applied every 15 minutes.

Configuration Modes

DSC has the following configuration modes.

  • ApplyOnly – configuration get applied once without re-apply if it is drifted.
  • ApplyandMonitor – this is the default configuration, and in this case, a policy is applied, if it drifts it will get reported in the event log.
  • ApplyandAutoCorrect – In this mode, a configuration is applied, the state is being monitored and correct if it drifts.

Processing…
Success! You're on the list.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.