PowerShell Desired State Configuration is a configuration management platform that provides a set of PowerShell language extensions and cmdlets that allow an administrator to establish consistency when configuring and deploying operating systems and applications.
The administrator defines the current state of the machine or application and, with PowerShell Desired State Configuration (DSC), ensures those resources remain in that state. The administrator can use the Test-DscConfiguration cmdlet to detect configuration drift; running the cmdlet will return a True result if the current and actual configuration match, or a False result if they do not. PowerShell DSC was released in 2013 and shipped with Windows 2012 R2 and Windows 8.1. It can be used on premises or in a private or public cloud environment.
Like System Center Configuration Manager (SCCM) and Group Policy, PowerShell DSC is a form of configuration management, but there are a few differences. Unlike Group Policy, PowerShell DSC does not rely on Active Directory, and it is not tied to a specific operating system. PowerShell is also different from SCCM in that it is included with PowerShell, so there is no additional purchase or licensing costs, and it doesn't require much setup time.
Push and pull method
A push method is when an administrator executes the Start-DSCConfiguration Cmdlet. The pull method involves putting the MOF file on the DSC Pull Server, which distributes the file to all target hosts.
PowerShell DSC phases
There are three phases to PowerShell DSC: authoring, staging and execution. In the authoring phase, an administrator creates the configuration script in PowerShell or a third-party language or tool and then translates the script into an MOF file. In the staging phase, the MOF file is staged or moved over to the target computer using either the push or pull model. Finally, the MOF file is executed and either pushed or pulled to the Local Configuration Store.
Uses for PowerShell DSC
- Install and remove server roles and features
- Install and manage packages
- Manage groups and user accounts
- Manage registry settings, files and directories
- Run PowerShell scripts
The importance of PowerShell DSC
In this excerpt from Learning PowerShell DSC, James Pogran, a software engineer on Puppet Labs' Windows engineering team, explains the importance of PowerShell DSC:
At a high level, DSC work isn't programming work; it's listing how you want a server to look in a special format. The execution of this list is abstracted from the listing, allowing the how to work separately from the why. This is an important concept, and really the key to understanding the importance of DSC. Jeffery Snover, the architect and inventor of PowerShell, explained it best using Star Trek. Captain Picard often used the line Make it so, and Commander Riker had to figure out how to actually make what the Captain wanted to happen, happen. Captain Picard knew what needed to be done, but didn't particularly care how it got done. Commander Riker knew how to get things done, but did not concern himself (most of the time) with deciding when and what to do. This separation allowed both officers to be good at their jobs without interfering with each other.
To put the above example into context, the administrator is Captain Picard and the Local Configuration Manager (LCM), which is the engine of PowerShell DSC, is Commander Riker. The administrator creates a configuration command and defines configuration elements, or DSC resources. The administrator invokes the configuration for one or more machines, which creates an MOF file. The MOF file is deployed to the server, where the LCM takes the instructions and carries out the specified tasks.
Editor's note: Learning PowerShell DSC by James Pogran is available from Packt Publishing Ltd. A free chapter excerpt is available here.
Build a Hyper-V host with PowerShell DSC
Get started with PowerShell DSC
Prevent configuration drift with PowerShell DSC