This is a guide to setting up a Windows machine using Desired State Configuration or a manual process
This post machine setup (especially the work setup) assumes you have a memory stick with the correct configuration files and jar files in the correct directories, and once the initial machine o/s is installed you copy this to the correct locations on the machine BEFORE you run the DSC code.
You should setup you OWN stick so you can setup multiple hosts easily with the things you need, the Ansible setup described below assumes specific items in specific locations, adjust for your own needs.
*** DSC will handle setting up the host machine to include vpn, access to Jenkins etc, proxy settings in Browser, system proxy settings etc, openvpn proxy, look at /etc/resolve.conf /etc/hosts etc. ***
You MUST install with full disk encryption, most likely this will be BitLocker.
The assumption is that this comes when the work box is delivered.
The assumption is that this comes when the work box is delivered.
Now it is time to configure the machine.
The default image will have been created by the disk os setup, but there are a number of dirs and files which should be put in place to create our build. We should copy the files from the memory stick (or another machine) and put these into place to get the expected files in the correct location.
As a minimum one should copy from the memory stick or other machine the following, all from top level to the destination the appropriate level, which will later allow syncdrives.sh to be used as a daily fast backup:
other directories that are recommended are:
Now these files are in place we can configure the machine.
Go to the setup dir
cd C:\Users\*youruser*\work\home\shellTo make it easy to backup stuff, the syncdrives.ini file will need to have an entry base on the name of the machine, add this now, see Daily Backup.
At this point, if you applied any updates, which ends with a recommendation to reboot first, now is the time to reboot.
You can download and install the whole set of required apps, but there is also a set of DSC instructions to install:
You should not need to install DSC as it is usually part of the Windows build, but you will need to authorise and configure PowerShell to allow DSC to operate.
To read THIS page, use a markdown reader, I like ReText best, works on Linux, Mac and Windows. On Windows just type pip install ReText, for Linux we do install ReText as part of the machine setup, but you can do it before using apt or yum. You can then run ReText with python -m ReText. Failing that Markdown Document Viewer is free and good.
To install python (for using pip), simply type python on the command line which will take you to the Microsoft apps store at the Python3 installer page. The work setup also installs Python so you can wait for that step if you wish.
Not available yet, but Microsoft have promised DSC 3.0 will work on Linux too.
It should already be on your system, but may need to be authorised.
See here for an overview. Further reading includes a getting started guide and details on execution policy and rights required to run DSC.
To run PowerShell scripts (which is what DSC runs at) you will need an Admin terminal, then execute
Get-ExecutionPolicy
Get-ExecutionPolicy -listFor enough rights to run scripts, which you need to do for DSC, but not for everyone to access everything, execute the following
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUserWe may need to install PSGallery which has all the apps which PowerShell can natively install, check with
Install-Module 'PSDscResources' -VerboseTo install run
Install-Module -Name PSDesiredStateConfiguration -Repository PSGallery -MaximumVersion 2.99Chocolatey is an excellent community support install facility, we use it as part of the DSC install scripts so install it now using
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))Get-DscLocalConfigurationManager
Get-DscConfiguration
https://learn.microsoft.com/en-us/powershell/dsc/reference/resources/windows/packageresource?view=dsc-1.1
compile the .ps1 config file . myconfigfile.ps1
https://learn.microsoft.com/en-us/powershell/dsc/getting-started/wingettingstarted?view=dsc-1.1
https://learn.microsoft.com/en-us/powershell/dsc/overview?view=dsc-2.0
Install-Module -Name PSDesiredStateConfiguration -Repository PSGallery -MaximumVersion 2.99
(this may already be installed)
Install-Module ‘PSDscResources’ -Verbose
Get-DscLocalConfigurationManager
Get-DscConfiguration
https://learn.microsoft.com/en-us/powershell/dsc/reference/resources/windows/packageresource?view=dsc-1.1
create file, compile
. ..ps1
then run myconf
which will create a dir with the MOF file, then apply the confin (in an admin window)
Start-DscConfiguration -Path .-Verbose -Wait
See https://4sysops.com/archives/installing-software-with-powershell-dsc/#:~:text=To%20install%20software%20onto%20a,the%20software%20is%20already%20installed.
msinfo32.exe
https://www.tutorialspoint.com/how-to-install-the-msi-package-using-powershell-dsc https://learn.microsoft.com/en-us/powershell/dsc/reference/resources/windows/packageresource?view=dsc-1.1 https://stackoverflow.com/questions/24004455/installing-an-exe-with-powershell-dsc-package-resource-gets-return-code-1619 https://powershell.org/forums/topic/installing-an-exe-with-powershell-dsc-package-resource-gets-return-code-1619/ https://petri.com/deploying-software-using-desired-state-configuration/ https://docs.chocolatey.org/en-us/features/integrations
Get-WmiObject Win32_Product | Format-Table IdentifyingNumber, Name, Version
| IdentifyingNumber | Name | Version |
|---|---|---|
| {7B1FCD52-8F6B-4F12-A143-361EA39F5E7C} | Microsoft Update Health Tools | 3.67.0.0 |
| {307032B2-6AF2-46D7-B933-62438DEB2B9A} | Maxx Audio Installer (x64) | 2.6.6448.1 |
| {2355B503-9B11-4449-861D-1C1748B26320} | Realtek Audio COM Components | 1.0.2 |
| {6798C408-2636-448C-8AC6-F4E341102D27} | Windows PC Health Check | 3.6.2204.08001 |
| {36EF257E-21D5-44F7-8451-07923A8C465E} | Windows Subsystem for Linux Update | 5.10.16 |
https://learn.microsoft.com/en-us/powershell/dsc/reference/resources/windows/packageresource?view=dsc-1.1
https://github.com/chocolatey/cChoco/blob/master/ExampleConfig.ps1
"windowsConfiguration": {
"additionalUnattendContent": [
{
"passName":"oobesystem",
"componentName":"Microsoft-Windows-Shell-Setup",
"settingName":"FirstLogonCommands",
"content":"<FirstLogonCommands><SynchronousCommand><CommandLine>C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -windowstyle hidden Set-NetConnectionProfile -InterfaceIndex 2 -NetworkCategory Private</CommandLine><Description>Change network connection type to Private</Description><Order>1</Order></SynchronousCommand></FirstLogonCommands>"
}
]
}
Package Vault
{
Ensure = "Present" # You can also set Ensure to "Absent"
Path = "C:\tools\vault\vault.exe"
Name = "vault"
ProductId = "monkey"
}Configuration HelloWorld { # Import the module that contains the File resource. Import-DscResource -ModuleName PsDesiredStateConfiguration
# The Node statement specifies which targets to compile MOF files for, when
# this configuration is executed.
Node 'localhost' {
# The File resource can ensure the state of files, or copy them from a
# source to a destination with persistent updates.
File HelloWorld {
DestinationPath = "C:\Temp\HelloWorld.txt"
Ensure = "Present"
Contents = "Hello World from DSC!"
}
}}
Package 'LAPS' {
Name = 'Local Administrator Password Solution'
Path = 'https://download.microsoft.com/download/C/7/A/C7AAD914-A8A6-4904-88A1-29E657445D03/LAPS.x64.msi'
ProductId = 'EA8CB806-C109-4700-96B4-F1F268E5036C'
}