Use the updated PsDscResources instead of built-in DSC resources in Windows Server 2016

Powershell Logo

Powershell Logo

Microsoft has issued a statement that in order to keep updating the built-in PSDesiredStateConfiguration Resources that ship in the box with Windows 10 or Windows Server 2016, you should now use the PSDscResources module (located in the PowerShell gallery)instead of the old PSDesiredStateConfiguration, which can be downloaded and installed with Find-Module PsDscResources| Install-Module PsDscResources. This module currently contains an updated Service DSC Resource, which is a very useful resource to use. The reason that I like to use the Service Dsc Resource is because sometimes services may stop on their own, and there is usually no easy way to tell if a service is still running, without opening the services console, querying via PowerShell, or checking in Server Manager.

Services like the Windows Firewall, or Component Services (ComSysApp) services will cause network problems they stop running. File Sharing between computers on the same network may fail if either of these services is stopped. The Windows Firewall (mpssvc)Service actually causes the most damage when it is not running, and sometimes it gets corrupted because of conflicting Group Policies or it may just stop. Although DSC is not going to be able to solve all problems that may cause the Windows firewall service to stop, it will be able to start the service and make sure it is running, barring any corruption or permission errors.

I often will set some of my machines up with DSC and the service resource to ensure that the ComSysApp is running, if I need to make sure that these computers are found on the network. The ComSysApp service is needed for some remote administration as well. Many times when I have been troubleshooting why a computer disappeared from the network or from remote administration, it has involved this service being stopped for some reason.

Example DSC Configuration using the new Service resource:

Configuration Server1service
Import-DscResource -ModuleName PsDscResources -ModuleVersion
Node Server1
Service ComPLUS
Name = "ComSysApp"
BuiltInAccount = "LocalSystem"
DisplayName = "COM+ System Application"
StartupType = "Automatic"
State = "Running"
Service RemoteReg
Name = "RemoteRegistry"
BuiltInAccount = "LocalService"
DisplayName = "Remote Registry"
StartupType = "Automatic"
State = "Running"

Server1Service -OutputPath C:\Dsc -Verbose

Start-DscConfiguration -ComputerName Server1 -Path C:\Dsc\ -wait -verbose

Hack Proof Your Clients And Servers in a Day – (Ignite Session)

This video was recorded at Microsoft Ignite conference last week, and it was one of my favorite sessions. Marcus Murray and Hasain Alshakarti demonstrate some hacks using the Metasploit Framework, Mimikatz, and PowerShell. They show you how easy it is to gain access to any system, to steal the passwords from Windows servers and clients, and also how easy it has become to evade anti-virus. They also offer many reasons why you should not be using the same passwords on more than one website. My advice is of course to start using LastPass everywhere. Here’s a referral link for Last Pass Premium: … Enjoy the video@!

Advanced Desired State Configuration

Microsoft Virtual Academy’s Advanced Desired State Configuration course features Jeffrey Snover and Jason Helmick.

I wanted to post this a while ago, but I’ve been so busy with school and Project Management, that I keep having to put off finishing it. I recently finished completing the Advanced Desired State Configuration Powershell course in the Microsoft Virtual Academy, and it focuses on developing custom DSC Resources and implementing composite resources and partial configurations. Once again, Powershell inventor Jeffrey Snover and his sidekick Jason Helmick were funny and entertaining as they introduced custom Desired State Configuration resources, classes, and composite and partial configurations.

Once again, the scripts used in each of the modules are available in The Powershell Gallery, however to download and install the module you can use Powershell. If you have the WMF5.0 February preview installed, then simply open up the powershell ISE and type find-module *MVA* to find the module used for this course. The correct title is MVA_DSC_2015_Day_2. I recommend using the following command to install both modules:
find-module *MVA* | Install-Module

Once you have the module installed you can use the command Show-MVA_DSC_Examples -Day 2 -Module (#1-7), to open the commands and code in the Powershell ISE.

The second half of this course starts off with an introduction to building your own custom DSC resources. Jeffrey Snover and Jason Helmick actually both predict that 100% of all DSC users will actually build their own custom resources. I think that number may be just a little less, but creating custom resources is really not that difficult, you may have to watch these videos several times to get the hang of it however.

Now, you are going to want to download and unzip the DSCResourceKit Wave 10, although in the course they use Wave 9. However, each new wave just adds resources to the previous one, and fixes some bugs. In this case there were 8 new resources added, and several bugs were fixed. Extract the kit to a folder such as C:\Scripts.

To get the correct files in the Modules directory you are gonna need to extract the files from the resource kit into a folder and then go deep into the folder past the All Resources folder if you want to get it into the WindowsPowerShell Modules folder. The DSC Resource Kit Wave 10 can be downloaded in a zip file which is titled ‘DSC Resource Kit Wave 10’ If you extract the file you will get a folder with this title and a folder underneath that titled ‘All Resources’. Important: You are going to want to extract this folder anywhere and then copy everything Underneath the All Resources folder into ‘C:\Program Files\WindowsPowerShell\Modules’ and then you will have the resources in the modules folder. There really is no need to keep the folder “All Resources.” Once you put the resources in the modules folder, they will be available for use in the PowerShell ISE.

Now that you have the DSC Resources and the MVA modules you can get started created your own DSC resources with Jeffrey Snover and Jason Helmick in the MVA Advanced Desired State Configuration course. They go through demos of creating custom DSC resources, creating DSC resources using classes, and also partial or composite configurations as well. I would strongly recommend that anyone interested in Powershell Desired State Configuration to go to the Microsoft Virtual Academy website and watch these videos. Now, you also can use a new powershell module to download the videos directly to a folder on your hard drive. You can simply type
Find-Module 'Download-DSCVideos' | Install-module

and then you can run the following command Download-DSCVideos -dest ‘C:\DSCVideos’ -Advanced -verbose

Watch the MVA, download the DSC Resource Kit Wave10, and the WMF 5.0 April release is available in the Microsoft Download center:

Configuring Advanced Ipv4 and ipv6 settings in ServerCore with Powershell

Powershell Logo

Powershell Logo

Configuring Server Core 2012r2 with Sconfig is extremely limited. Especially when you need to configure advanced network settings. SConfig only allows configuring one ip address and two dns server addresses, while not even allowing you to set ipv6 addresses or ipv6 DNS Server addresses, which are extremely important in today’s enterprise networks, especially when running Exchange. Thank God for PowerShell! I will now begin documenting how to configure ServerCore 2012R2 Advanced Network Settings with Powershell. In my opinion, this is the only way it should be done.

When ServerCore first opens you only have a command prompt and the server may even skip straight to the special SConfig command prompt with simple numbered options (1-15). You can go ahead and select option 2 to name the server. Restart the server and make sure that your date and time are correct. Once you set all the simple options, type “15” to exit to a command prompt and then type powershell_ise and press enter. This will open the almighty Powershell Integrated Scripting Environment, where you can set the Real Network Settings for the server.

The first cmdlet to run is Get-NetAdapter. This is used to get the interface index (ifIndex) of the server’s network adapter. I also usually suggest that you format the output of your commands with Out-GridView for a much easier way to read the output. In this case, you really don’t need to, however let’s get used to piping the output since it helps to get used to adding formatting options to the end of your cmdlets. So, in order to get just need to type: Get-NetAdapter | Out-GridView
. You can easy use the alias “ogv” instead of typing Out-GridView so that would look like this: Get-NetAdapter | ogv

The output of this command will give you a pop-out box with your network adapters listed by Name, Interface Description, ifIndex, Status, MacAddress, and linkspeed. Make sure you remember the ifIndex (Interface Index) of your active network adapter, because you will need this to set the DNS Client Server Addresses in the next step.

Okay now starts the good stuff, we are going to set both the ipv4 and the ipv6 DNS Client Server Addresses with the following command: Set-DNSClientServerAddress -ifIndex(#fromAboveCommand) -ServerAddress (comma separated list of ipv4 DNS Server addresses and then ipv6 DNS Server addresses)

EXAMPLE: Set-DNSClientServerAddress -ifIndex 17 -ServerAddress,,,fddd:f5d3:3d77:fde2::1,fddd:f5d3:3d77:fde2::2,fddd:f5d3:3d77:fde2::3

Next we can look at all the Network Adapter Advanced Properties with Get-NetAdapterAdvancedProperty -AllProperties | Out-GridView
This will pop out a box with all the Network Adapter Advanced Properties currently set on all installed Interfaces. To configure or change any of these settings we will use Set-NetAdapterAdvancedProperty
Let’s add an example which will configure the Jumbo Frame/Jumbo Packet Advanced Property on a Hyper-V wired ethernet adapter.
Set-NetAdapterAdvancedProperty -Name "Ethernet" -DisplayName "Jumbo Frame" -RegistryKeyword "*JumboPacket" -RegistryValue "4096"

Now you can use this command while changing the DisplayName, DisplayValue, RegistryKeyword, or RegistryValue to any setting that you wish to change on your ServerCore 2012R2 box.