Wilson Mar bio photo

Wilson Mar


Email me Calendar Skype call

LinkedIn Twitter Gitter Instagram Youtube

Github Stackoverflow Pinterest

Let PowerShell make it right and keep it right

US (English)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Cyrillic Russian   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean


This article describes the use of Windows PowerShell Desired State Configuration (DSC).

Concepts here are introduced after you take an action.

Sample scripts


DSC resources can be obtained from several places:

On every target node, the process running in the background to parse and “enact” configurations sent to the node is the Local Configuration Manager (LCM). See https://docs.microsoft.com/en-us/powershell/dsc/metaconfig and https://docs.microsoft.com/en-us/powershell/dsc/metaconfig4


http://blogs.msdn.com/b/powershell/ Central repository for PowerShell Desired State Configuration (DSC) resources maintained within Microsoft.

From GitHub

  1. The community has


    NOTE: https://github.com/PowerShell/SharePointDsc PowerShell module provides DSC resources that can be used to deploy and manage a SharePoint farm.

  2. Use an internew browser (Chrome) to my sample PowerShell DSC scripts at:


    (I would be honored if it earns your clicking the Star. And please let me know if there is anything I could add or fix.)

  3. Create a GitHub account for yourself if you haven’t already.
  4. Click the Fork button to make it yours, since you will be making changes.

  5. Install a Git client.
  6. Open a Terminal command terminal.
  7. Navigate or create a subject container folder where repos are created, such as:

    mkdir ~/git/DevSecOps/

  8. Get my sample PowerShell scripts onto your laptop (substituting “wilsonmar” with your own account name):

    git clone https://github.com/wilsonmar/powershell-dsc && powershell-dsc

    The above is one line, but may be word-wrapped on your screen.

  9. Use a text editor to view file HelloConfig1.

    But a PowerShell DSC configuration has a block that uses the PowerShell keyword Configuration followed by the name of the configuration.

Configuration HelloConfig1 {

    Node $ComputerName {
        Group GroupExample {
            Ensure = "Present"
            GroupName = "TestGroup"
        User UserExample {
            Ensure = "Present"
            UserName = "TestUser"
            FullName = "TestUser"
            DependsOn = "[Group]GroupExample"

Each target computer defined by a DSC script is called a node. The name of the node (a computer instance) is passed into the script using the $ComputerName parameter supplied when compiling the configuraton. The name defaults to “localhost” if not supplied.

When the name of the script (without the .ps1 suffix) is specified within PowerShell, that script is compiled into a MOF document for each node

within a folder created in the current directory with the same name as the configuration. For example:

### PowerShell Commands

PROTIP: A PowerShell DSC configuration file is a PowerShell script, and thus has a .ps1 file suffix and runs within the PowerShell command-line shell. DSC was introduced with PowerShell 4.0.

  1. On MacOS, install PowerShell.
  2. Enter PowerShell:


  3. List PowerShell functions for DSC:

    Get-command -Noun dsc*

    The response:

    CommandType     Name                                               Version    Source
    -----------     ----                                               -------    ------
    Function        Find-DscResource                             PowerShellGet
    Function        Get-DscResource                                    0.0        
    Function        Get-DSCResourceModules                             0.0        
    Function        New-DscChecksum                                    0.0        PSDesiredStateConfiguration
  4. Get resources for DSC:


    The response:



    Compile to MOF

  5. Compile the script into an MOF document for each node within a folder created in the current directory with the same name as the configuration:

    ./HelloConfig1 TEST-PC1

The response for the default user (replace your user name here):

    Directory: C:\users\default\Documents\DSC Configurations\MyDscConfiguration
Mode                LastWriteTime         Length Name 
----                -------------         ------ ---- 
-a----       10/23/2017   1:32 PM           2842 TEST-PC1.mof

“MOF” is an acornym for “Management Object Format” used in Windows operating systems. It has syntax based on Microsoft Visual C++.
MOF files often have a partner DLL (dynamic link library) file that stores data needed for retrieval in the MOF file.

CAUTION: The MOF file contains all of the configuration information for the target node. Because of this, it’s important to keep it secure.

### Enact

The MOF file for each node defined in the Configuration is what are “enacted”.

Noramlly, DSC applies the resources in the order that they appear within the configuration. That’s unless DependesOn is specified.

### Push vs. Pull

DSC can deliver configurations in either push and pull.

The push method is delivered from a server to a computer thus the “pushing” instructions. This method is generally only used for testing or one-off applications uncommon in a production environment. See https://github.com/PowerShellOrg/shove

The pull method is initiated from a client rather than the server.

See https://docs.microsoft.com/en-us/powershell/dsc/pullclientconfigid on Setting up a pull client using configuration ID

Open source on Linux and MacOS

From the PowerShell and DSC Team YouTube channel:

This 51-minute series of demos was published Aug 18, 2016.

This article notes Desired State Configuration for Linux and the promise of SSH support arrived in 2014 (several months before Microsoft open sourced .NET and brought .NET Core to Linux). But “you had to author your scripts on the Windows platform, you had to configure things on the Windows platform and then deliver the desired configuration to a Linux box and have it be configured; now you can do all of that on Linux.”

On August 18 2016, PowerShell became open-source at

Join the conversation on Gitter

Noteworthy pages in the FAQ:

  • https://blogs.msdn.microsoft.com/kebab/2013/06/09/an-introduction-to-error-handling-in-powershell/
  • http://ss64.com/ps/syntax.html
  • https://github.com/PoshCode/PowerShellPracticeAndStyle

Other IAC incorporating DSC

https://github.com/chef-boneyard/dsc was implemented into core Chef


Operation Validation Framework


Get-Command -Module OperationValidation

It has two functions:

Get-OperationValidation to Retrieve operational tests from modules

Invoke-OperationValidation to run operational tests from modules



Learning Resources



Ravikanth Chaganti (MVP) (of PowerShell Magazine and book PowerShell Desired State Configuration Revealed) notes that “Infrastructure as Code” requires:

  • Reusable automation
  • Source Control
  • Unit Testing
  • Continuous Deployment
  • Integration tests, which validate the desired state
  • Operations Validation, which validates the functionality at desired state!

Practical Desired State Configuration (DSC) [3:01] 10 Aug 2016 by Josh Duffney

How to search a string in multiple files and return the names of files in Powershell

http://www.tomsitpro.com/articles/how-to-integrate-ansible-dsc,1-3474.html 13 Jan 2017 when Ansible didn’t support DSC and required https://github.com/trondhindenes/Ansible-win_dsc by Trond Hindenes. That’s since been merged into Ansible Core.

More on DevOps

This is one of a series on DevOps:

  1. DevOps_2.0
  2. ci-cd (Continuous Integration and Continuous Delivery)
  3. User Stories for DevOps

  4. Git and GitHub vs File Archival
  5. Git Commands and Statuses
  6. Git Commit, Tag, Push
  7. Git Utilities
  8. Data Security GitHub
  9. GitHub API
  10. TFS vs. GitHub

  11. Choices for DevOps Technologies
  12. Java DevOps Workflow
  13. AWS DevOps (CodeCommit, CodePipeline, CodeDeploy)
  14. AWS server deployment options

  15. Cloud services comparisons (across vendors)
  16. Cloud regions (across vendors)
  17. AWS Virtual Private Cloud

  18. Azure Cloud Onramp
  19. Azure Cloud
  20. Azure Cloud Powershell
  21. Bash Windows using Microsoft’s WSL (Windows Subystem for Linux)

  22. Digital Ocean
  23. Cloud Foundry

  24. Packer automation to build Vagrant images
  25. Terraform multi-cloud provisioning automation
  26. Hashicorp Vault and Consul to generate and hold secrets

  27. Powershell Ecosystem
  28. Powershell on MacOS
  29. Powershell Desired System Configuration

  30. Jenkins Server Setup
  31. Jenkins Plug-ins
  32. Jenkins Freestyle jobs
  33. Jenkins2 Pipeline jobs using Groovy code in Jenkinsfile

  34. Docker (Glossary, Ecosystem, Certification)
  35. Make Makefile for Docker
  36. Docker Setup and run Bash shell script
  37. Bash coding
  38. Docker Setup
  39. Dockerize apps
  40. Docker Registry

  41. Maven on MacOSX

  42. Ansible

  43. MySQL Setup

  44. SonarQube static code scan

  45. API Management Microsoft
  46. API Management Amazon

  47. Scenarios for load