How to Build a Test PowerShell DSC Pull Server

Test DSC Pullserver

  1. Configure a new Windows Server and ensure that it has PowerShell 5 installed.
  2. Open the PowerShell ISE as administrator;; enter and execute the following script:
    Configuration SomeMasterConfigurationName{
    	param(
    			[ValidateNotNullOrEmpty()]
    			[String] $certificateThumbprint
    		)
    		Import-DSCResource -ModuleName xPSDesiredStateConfiguration
    		Node localhost{
    			WindowsFeature DSCServiceFeature{
    				Ensure = "Present"
    				Name = "DSC-Service"
    			}
    
    		xDSCWebService PSDSCPullServer{
    			Ensure = "Present"
    			EndPointName = "PSDSCPullServer"
    			CertificateThumbprint = $certificateThumbprint
    			PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
    			ConfigurationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\Configuration"
    			ModulePath = "$env:ProgramFiles\WindowsPowerShell\DscService\Modules"
    			Port = 80
    			IsComplianceServer = $false
    			State = "Started"
    			DependsOn = "[WindowsFeature]DSCServiceFeature"
    		}
    
    		xDSCWebService PSDSCComplianceServer{
    			Ensure = "Present"
    			EndPointName = "PSDSCComplianceServer"
    			CertificateThumbprint = "AllowUnencryptedTraffic"
    			PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
    			Port = 81
    			IsComplianceServer = $true
    			State = "Started"
    			DependsOn = "[WindowsFeature]DSCServiceFeature"
    		}
    	}
    }
    
    SomeMasterConfigurationName -CertificateThumbPrint "AllowUnencryptedTraffic"
    Start-DscConfiguration -Path .\SomeMasterConfigurationName -Wait -Verbose -Force
  3. In the PowerShell prompt execute "[guid]::NewGuid()" and record the resulting guid.
  4. In the PowerShell ISE execute the following sample configuration script:
    Configuration SomeMasterConfigurationName{
    	Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
    	Node [GUID recorded above]{
    		File SomeSpecificConfigurationName{
    			Ensure = "Present"
    			Type = "Directory"
    			DestinationPath = "c:\windows\logs\SOMELOGDIR"
    		}
    	}
    }
    
    SomeMasterConfigurationName -OutputPath c:\some_empty_temp_folder -Verbose
    New-DscChecksum -Path c:\some_empty_temp_folder -Verbose
  5. Copy the resulting files from c:\some_empty_temp_folder to c:\Program Files\WindowsPowerShell\DscService\Configuration.
  6. On a test client machine, open the PowerShell ISE and enter and execute the following script:
    Configuration SomeMasterConfigurationName{
    	LocalConfigurationManager{
    		ConfigurationID = "[GUID recorded above]"
    		RefreshMode = "PULL"
    		DownloadManagerName = "WebDownloadManager"
    		RebootNodeIfNeeded = $true
    		ConfigurationModeFrequencyMins = 30
    		ConfigurationMode = "ApplyAndAutoCorrect"
    		DownloadManagerCustomData = @{
    			ServerUrl = "http://[IP Address or Hostname of the Pull Server]/PSDSCPullServer.svc"; AllowUnsecureConnection = "TRUE"
    		}
    	}
    }
    
    SomeMasterConfigurationName -verbose -Path c:\some_empty_temp_folder
    Set-DscLocalConfigurationManager -ComputerName localhost -Path c:\some_empty_temp_folder

The test client now has a policy to ensure the existence of c:\windows\logs\SOMELOGDIR.

Document Actions