Configurations/SingleServer-GUI-2016/VMConfiguration.ps1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
<# Notes:
Authors: Jason Helmick and Melissa (Missy) Januszko The bulk of this DC, DHCP, ADCS config is authored by Melissa (Missy) Januszko and Jason Helmick. Currently on her public DSC hub located here: https://github.com/majst32/DSC_public.git Additional contributors of note: Jeff Hicks Disclaimer This example code is provided without copyright and AS IS. It is free for you to use and modify. #> Configuration AutoLab { $LabData = Import-PowerShellDataFile -Path $PSScriptRoot\*.psd1 $Secure = ConvertTo-SecureString -String "$($labdata.allnodes.labpassword)" -AsPlainText -Force $credential = New-Object -typename Pscredential -ArgumentList Administrator, $secure #region DSC Resources Import-DSCresource -Modulename @{ModuleName = "PSDesiredStateConfiguration";ModuleVersion="1.1"}, @{ModuleName = "xPSDesiredStateConfiguration"; ModuleVersion = "9.1.0"}, @{ModuleName = "xComputerManagement"; ModuleVersion = "4.1.0.0"}, @{ModuleName = "xNetworking"; ModuleVersion = "5.7.0.0"}, @{ModuleName = 'xWindowsUpdate'; ModuleVersion = '2.8.0.0'}, @{ModuleName = 'ComputerManagementDSC'; ModuleVersion = '8.5.0'} #endregion #region All Nodes node $AllNodes.Where( {$true}).NodeName { #endregion #region LCM configuration LocalConfigurationManager { RebootNodeIfNeeded = $true AllowModuleOverwrite = $true ConfigurationMode = 'ApplyOnly' } #endregion #region TLS Settings in registry registry TLS { Ensure = "present" Key = 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' ValueName = 'SchUseStrongCrypto' ValueData = '1' ValueType = 'DWord' } #endregion #region Remove PowerShell v2 WindowsFeature PS2 { Name = 'PowerShell-V2' Ensure = 'Absent' } #region #region IPaddress settings If (-not [System.String]::IsNullOrEmpty($node.IPAddress)) { xIPAddress 'PrimaryIPAddress' { IPAddress = $node.IPAddress InterfaceAlias = $node.InterfaceAlias AddressFamily = $node.AddressFamily } If (-not [System.String]::IsNullOrEmpty($node.DefaultGateway)) { xDefaultGatewayAddress 'PrimaryDefaultGateway' { InterfaceAlias = $node.InterfaceAlias Address = $node.DefaultGateway AddressFamily = $node.AddressFamily } } If (-not [System.String]::IsNullOrEmpty($node.DnsServerAddress)) { xDnsServerAddress 'PrimaryDNSClient' { Address = $node.DnsServerAddress InterfaceAlias = $node.InterfaceAlias AddressFamily = $node.AddressFamily } } If (-not [System.String]::IsNullOrEmpty($node.DnsConnectionSuffix)) { xDnsConnectionSuffix 'PrimaryConnectionSuffix' { InterfaceAlias = $node.InterfaceAlias ConnectionSpecificSuffix = $node.DnsConnectionSuffix } } } #End IF #endregion #region Firewall Rules $LabData = Import-PowerShellDataFile .\*.psd1 $FireWallRules = $labdata.Allnodes.FirewallRuleNames foreach ($Rule in $FireWallRules) { xFirewall $Rule { Name = $Rule Enabled = 'True' } } #End foreach } #end Firewall Rules #endregion #region RSAT config node $AllNodes.Where( {$_.Role -eq 'RSAT'}).NodeName { # Adds RSAT xHotfix RSAT { Id = 'KB2693643' Path = 'c:\Resources\WindowsTH-RSAT_WS2016-x64.msu' Credential = $DomainCredential DependsOn = '[xcomputer]JoinDC' Ensure = 'Present' } PendingReboot Reboot { Name = 'AfterRSATInstall' DependsOn = '[xHotFix]RSAT' } }#end RSAT Config #region RDP config node $AllNodes.Where( {$_.Role -eq 'RDP'}).NodeName { # Adds RDP support and opens Firewall rules Registry RDP { Key = 'HKLM:\System\ControlSet001\Control\Terminal Server' ValueName = 'fDenyTSConnections' ValueType = 'Dword' ValueData = '0' Ensure = 'Present' } foreach ($Rule in @( 'RemoteDesktop-UserMode-In-TCP', 'RemoteDesktop-UserMode-In-UDP', 'RemoteDesktop-Shadow-In-TCP' )) { xFirewall $Rule { Name = $Rule Enabled = 'True' DependsOn = '[Registry]RDP' } } # End RDP } #endregion } # End AllNodes #endregion AutoLab -OutputPath $PSScriptRoot -ConfigurationData $PSScriptRoot\*.psd1 |