Create a DSC SMB Pull Server with DSC and separate the Environmental Config from the Structural Config

On Saturday May 16th, I’ll be presenting a session titled “PS C:\> Get-Started -With ‘PowerShell Desired State Configuration’” at SQL Saturday #392 in Atlanta. One of the things I’ll be demonstrating is a SMB based DSC Pull Server and I figured since it’s a DSC presentation, why not create it with DSC, right?

The machines used in this blog article are running Windows 8.1 and Windows Server 2012 R2. Both have the default version of PowerShell installed that shipped with those operating systems which is PowerShell version 4.

The following configuration uses the xSmbShare and the PowerShellAccessControl DSC resources which can be downloaded from GitHub. These resources must exist on the machine where you’re authoring the DSC configuration and on the node that the configuration is being applied to. They should be placed in the following path:

Keep in mind that any DSC Resources that do not reside in the following path have to be imported using Import-DscResource in your DSC configuration.

Don’t even think about placing your DSC resources in the $PSHOME path shown in the previous example. I’m my opinion, only Microsoft should be placing things in that path.

The configuration shown in the following example is very static and both the environmental config and the structural config are specified together:

The DSCSMB configuration shown in the previous code example has been loaded into memory and when it’s called, a MOF file is created which will be used to configure DC01:


The MOF file is applied to DC01 using the DSC push configuration mode:


The following example only contains the structural config and the environmental config has been removed:

The environmental config is now defined in a hash table:

The variable that contains the hash table has to be specified via the ConfigurationData parameter when calling the configuration otherwise the MOF file won’t be created:


There are no changes as far as how the MOF file is applied to DC01:


Instead of storing the environmental data in a variable, you could also store it in a file:

It must be a file with a PSD1 extension otherwise the MOF file will fail to be created:


DSCSMB : Cannot process argument transformation on parameter ‘ConfigurationData’. Cannot resolve the path
‘.\configdata-dscsmb.txt’ to a single .psd1 file.
At line:1 char:27
+ DSCSMB -ConfigurationData .\configdata-dscsmb.txt -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [DSCSMB], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,DSCSMB

Saving the file with a PSD1 extension allows the MOF file to be created successfully:


Once again, there are no changes as far as how the MOF file is applied to DC01:


You can run commands to dynamically generate the configuration data hash table when it’s stored in a variable, but if you store the configuration data in a PSD1 file, it has to contain static values otherwise an error will be generated when you try to create the MOF file. I’ll elaborate on this topic more and provide some examples in a future blog article.

Did you notice that domain computers was assigned access to the SMB file share as well as NTFS permissions to the folder that was created? This is because the DSC LCM (Local Configuration Manager) runs as the system account by default and once the LCM on the target nodes is configured to pull their configuration from this SMB file share, they will have access, that is if they’re members of the domain computers group. Did you know that not all computers that are a member of a domain are a member of the domain computers group? Domain controllers are not members of the domain computers group.

Additional information about separating the environment config from the structural config can be found in the Windows PowerShell Team blog titled Separating “What” from “Where” in PowerShell DSC.

If you’ve enjoyed this blog article, you should definitely consider attending my presentation at SQL Saturday Atlanta that I referenced at the beginning of this blog article.


Leave a Reply

%d bloggers like this: