DSC Configuration data encryption done right

So – you have gained some experience with Desired State Configuration and you have even encrypted credentials in your configurations through certificates. But how do you manage the credentials, and how are they integrated in your automated build process?

The open-source DSC Workshop (https://github.com/automatedlab/dscworkshop) contains great resources to get you started. In this post, I would like to show you how to use the layering to define credentials at different layers, e.g. domain-wide or node-specific.

Continue reading “DSC Configuration data encryption done right”

Converting GPO to DSC – Part 2

Testing the infrastructure

*Update 2020-01-14: Lab Script updated due to new cmdlets*
If you have not yet read about Desired State Configuration, now would be the time. Head to docs.microsoft.com and understand the concepts before reading further.

The configurations we compiled in the previous blog post require two community resources, AuditPolicyDsc and SecurityPolicyDsc. Registry settings are built-in. Both resources contain the necessary code that your clients need to test the configuration. If you don’t trust external code or are not able to get code in your environment, why not create a test environment instead?

Continue reading “Converting GPO to DSC – Part 2”

Converting Group Policies to DSC configurations

Desired State Configuration is a powerful tool in any Windows environment when it comes to automation. In customer projects, I personally like to do a greenfield approach whenever possible.

However, there are certainly situations where taking something that already exists might be beneficial. This was the case at one customer, who wanted to convert Group Policies to DSC configurations in order to test them. Suffice to say, my interest was piqued.

Continue reading “Converting Group Policies to DSC configurations”