DSCResources/WindowsServerStandard/WindowsServerStandard.schema.psm1
|
Configuration WindowsServerStandard { Param ( [object] $ConfigData, [string] $StorageAccountName, [string] $Environment, [PSCredential] $StorageCred, [PSCredential] $DomainCred, [PSCredential] $CertCred ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName PSDscResources Import-DscResource -ModuleName ComputerManagementDsc Import-DscResource -ModuleName StorageDsc Import-DscResource -ModuleName CertificateDsc Import-DscResource -ModuleName NetworkingDSC Import-DscResource -ModuleName PackageManagement Import-DscResource -ModuleName cChoco Import-DscResource -ModuleName PolicyFileEditor Import-DscResource -ModuleName xDnsServer # These settings are hardcoded as they are universal to all environments at SoftPro. TimeZone EasternStandardTime { IsSingleInstance = 'Yes' TimeZone = "Eastern Standard Time" } IEEnhancedSecurityConfiguration DisableIEESC { Role = 'Administrators' Enabled = $ConfigData.DisableIEESC ? $false : $true } script ExpandOSDrive { getscript = { # Left empty due to Get-Partion taking a long time to run. } Testscript = { $MaxSize = (Get-PartitionSupportedSize -DriveLetter C).sizeMax $current = (Get-Partition -DriveLetter C).size -Not ($current -lt $MaxSize) } Setscript = { $MaxSize = (Get-PartitionSupportedSize -DriveLetter C).sizeMax Resize-Partition -DriveLetter C -Size $MaxSize } } Service WindowsFirewall { Name = "MPSSvc" StartupType = "Automatic" State = "Running" } # All following settings are DSC configuration specific and pull from the role's role.psd1 values. foreach ($Feature in $ConfigData.WindowsFeaturePresent) { WindowsFeature $Feature { Name = $Feature Ensure = 'Present' IncludeAllSubFeature = $true } $dependsonFeatures += @("[WindowsFeature]$Feature") } foreach ($Feature in $ConfigData.WindowsFeatureAbsent) { WindowsFeatureSet $Feature { Ensure = 'Absent' Name = $Feature } } foreach ($Service in $ConfigData.ServiceSetStarted) { Service ServiceStart { Name = $Service State = 'Running' StartupType = 'Automatic' } } foreach ($Service in $ConfigData.ServiceSetStopped) { Service ServiceStop { Name = $Service State = 'Stopped' } } foreach ($disk in $ConfigData.DisksPresent) { Disk $disk.DriveLetter { DiskID = $disk.DiskID DriveLetter = $disk.DriveLetter } $dependsonDisksPresent += @("[Disk]$($disk.DriveLetter)") } foreach ($FWRule in $ConfigData.FWRules) { Firewall $FWRule.Name { Name = $FWRule.Name Action = 'Allow' Direction = 'Inbound' LocalPort = $FWRule.LocalPort Protocol = 'TCP' } } foreach ($Group in $ConfigData.GroupMemberPresent) { Group $Group.GroupName { GroupName = $Group.GroupName MemberstoInclude = $Group.MemberstoInclude -f ($Environment.Split('-') | Select-Object -Last 1), $ConfigData.DomainName } } foreach ($RegistryKey in $ConfigData.RegistryKeyPresent) { Registry $RegistryKey.ValueName { Key = $RegistryKey.Key ValueName = $RegistryKey.ValueName Ensure = 'Present' ValueData = $RegistryKey.ValueData ValueType = $RegistryKey.ValueType Force = $true } $dependsonRegistryKey += @("[Registry]$($RegistryKey.ValueName)") } foreach ($PowerShellModule in $ConfigData.PowerShellModulesPresent) { PackageManagement $PowerShellModule { Name = $PowerShellModule } $dependsonPowerShellModule += @("[PackageManagement]$PowerShellModule") } foreach ($EnvironmentPath in $ConfigData.EnvironmentPathPresent) { $Name = $EnvironmentPath Environment $Name { Name = "Path" Value = $EnvironmentPath Path = $true } $dependsonEnvironmentPath += @("[Environment]$Name") } foreach ($EnvironmentVar in $ConfigData.EnvironmentVarPresent) { $Name = $EnvironmentVar.Name Environment $Name { Name = $EnvironmentVar.Name Value = $EnvironmentVar.Value } $dependsonEnvironmentPath += @("[Environment]$Name") } foreach ($Dir in $ConfigData.DirectoryPresent) { $Name = $Dir File $Name { DestinationPath = $Dir Type = 'Directory' } $dependsonDir += @("[File]$Name") } foreach ($File in $ConfigData.DirectoryPresentSource) { $Name = ($File.filesSourcePath -f $StorageAccountName + (Split-Path -Leaf $File.filesDestinationPath)) File $Name { SourcePath = ($File.filesSourcePath -f $StorageAccountName) DestinationPath = $File.filesDestinationPath Ensure = 'Present' Recurse = $true Credential = $StorageCred CheckSum = 'ModifiedDate' MatchSource = $File.MatchSource ? $true : $false } $dependsonDirectory += @("[File]$Name") } foreach ($MsiPackage in $ConfigData.SoftwarePackagePresent) { MsiPackage $Name { Path = ($MsiPackage.Path -f $StorageAccountName) Ensure = 'Present' ProductId = $MsiPackage.ProductId Credential = $StorageCred } $dependsonMsiPackage += @("[MsiPackage]$($Name)") } foreach ($FileShare in $ConfigData.FileSharePresent) { $Name = $FileShare.Name SmbShare $Name { Name = $FileShare.Name Path = $FileShare.Path Ensure = 'Present' DependsOn = $dependsonPackage EncryptData = $true } $dependsonFileShare += @("[SmbShare]$($Name)") } foreach ($DNSRecord in $ConfigData.AddDnsRecordPresent) { xDnsRecord ($DNSRecord.DnsRecordName) { Ensure = 'Present' Name = $DNSRecord.DnsRecordName Target = $DnsRecord.Target Type = $DNSRecord.RecordType Zone = $ConfigData.DomainName DnsServer = $ConfigData.DomainName PsDscRunAsCredential = $DomainCred } } foreach ($LocalPolicy in $ConfigData.LocalPolicyPresent) { $KeyValueName = $LocalPolicy.KeyValueName cAdministrativeTemplateSetting $KeyValueName { KeyValueName = $LocalPolicy.KeyValueName PolicyType = $LocalPolicy.PolicyType Data = $LocalPolicy.Data Type = $LocalPolicy.Type } } foreach ($Certificate in $ConfigData.CertificatePresent) { PfxImport $Certificate.Thumbprint { Location = "LocalMachine" Store = "MY" Thumbprint = $Certificate.Thumbprint Credential = $CertCred Exportable = $Certificate.Exportable Path = $Certificate.Path PsDscRunAsCredential = $DomainCred } } if ($null -ne $ConfigData.ChocolateyPackagesPresent) { cChocoInstaller installChoco { InstallDir = "C:\DSC\Choco" } foreach ($cPackage in $ConfigData.ChocolateyPackagesPresent) { cChocoPackageInstaller $cPackage { Name = $cPackage Ensure = 'Present' DependsOn = "[cChocoInstaller]installChoco" AutoUpgrade = $true Source = 'C:\DSC\ChocoRepository\' } } } PendingReboot RebootForInstall { Name = 'RebootForInstall' SkipComponentBasedServicing = $true SkipWindowsUpdate = $true SkipPendingFileRename = $true SkipCcmClientSDK = $true } } |