We Want Your DSC Resource Wish List!

What sorts of things would you want to configure via DSC that don't already have a resource?

NB: Focusing on the core Windows OS and its components only; Exchange, SharePoint, SQL Server, and other products are off the table for this discussion.

For example, I want a "log file rotator" resource, that lets me specify a log file folder, an archive folder, and a pair of dates. Files older than one date are moved from the log folder to the archive folder; archived files older than the second date are deleted.

I'd also like a File Permissions resource. Specify a folder or file, optional recursion, and a set of access control entries (in plain English terms), and it'll make sure the permissions stay that way.

Maybe also a User Home Folder resource, which would (a) ensure a folder exists for a given set of user accounts, and (b) ensures a set of "template" permissions, so that each individual user has the rights to their folder, plus rights given to global users like admins.

What resources would YOU like to have to ease configuration and maintenance in YOUR environment? Drop a comment!

About the Author

Don Jones

Don Jones is a Windows PowerShell MVP, author of several Windows PowerShell books (and other IT books), Co-founder and President/CEO of PowerShell.org, PowerShell columnist for Microsoft TechNet Magazine, PowerShell educator, and designer/author of several Windows PowerShell courses (including Microsoft's). Power to the shell!

33 Comments

  1. Some things I would like (off the top of my head)
    Ensure Remote Desktop and Remote Management are always enabled (and appropriate services are running)
    Ensure PowerShell execution policies, remoting etc are always enabled and set appropriately. Not sure how this would work, because if they get changed and the server pulls a config it probably wouldn't be able to pull it or apply it.
    I would like a file resource that would allow me to specify what I want the root of a C:\ drive to look like (for example) and if a folder or file with any name other than what I specify shows up, it gets removed (or I get alerted). Example: I don't want any folder named Temp. I can do this now using Ensure = Absent, but if I don't want ANY folders other than what the default installed folders on the root of the C:\ are, I should be able to do that.
    Ensure a process is always running

  2. Enhance the xWebsite resource for more granular configuratIon for the app pool and website. Basically the ability to confingure anything in the applicationhost.config file.

    Powershell resource for initial configurations that are usually done on a new system like execution policy, psremoting, credssp etc

  3. I made this this before the resource waves from Microsoft was released:

    Active Directory Resource
    Generic LDAP Resource
    Package Resource which supports batch, vbs, exe, msi, ps1 and support for credentials used for the installation. The existing one is only for MSI
    DHCP-server Resource
    DNS-Resource
    Hosts-file Resource
    ADFS Resource
    Log rotator Resource
    File/Folder ACL Resource
    Scheduled Task Resource

    Oh joy this would be something to work with.

    Cheers

    • So, we have many of those. We have AD, so you'd need to be more specific about what it is you want it to do. I'm not sure what DHCP Server or DNS server would be meant to do? Ditto most of the rest. I've mentioned Log rotator and ACLs, agreed there. I could sure see Scheduled Task being useful for people.

    • You can already do that with the File resource, using the Sync setting to ensure that the destination file remains the same as the source. DSC runs that every 15 minutes by default.

  4. I started building DSC resource for Forefront Identity Manager last fall and made some good progress but the effort fell to the back burner. There are two main engines in FIM (FIM Service and FIM Sync). For the FIM Service I am planning to build DSC resources for the main configuration object types (schema, sets, workflows, policies, etc). I also plan on building a DSC generator to enable somebody running wild to capture their running configuration as a DSC configuration, which then should be managed properly in source control somewhere. For the FIM Sync service I can get complete coverage of the configuration for Get- and Test- but zero coverage for Set-. It seems limiting but I still plan to do DSC resources for this part of FIM because it should still be quite valuable to be informed of configuration drift, even though we can't programmatically correct it.

    • I'd be interested to see what you've done with DSC and FIM. I'm about to build a new FIM Infrastructure and am wondering how DSC can be applied.

  5. Some scripts to maintain a dfs-root in sync with the linked subdirs. eg. I have several fileservers fs1,fs2 etc. Each with some home drives of some users, behind a single hidden share. I have a domain-dfs-root \\domain\\home\ with links to user folders, eg every user home folder is \\domain\home\username. If some administrator moves the home folder from \\fs1\home1$\username to \\fs2\home5$\username (because user has moved location, or the disk was full,whatever), the script has to update this in the dfs links.
    Input: dfs-root name, and a list of unc paths =>run-script => get the dfslinks in sync of the first level of sub dirs in the unc-paths.
    If the list of unc-paths can be specified in the remark field of the dfs-root (which I am not using), it would even be better.
    One could also use this for groupdata subfolders.

  6. How about some better documentation.. On the plus side intert ability to enable and configure anything you can find in Server-manager without having to touch any of the underlying architecture would be great.

  7. I am very biased... but I would like the ability to apply all Group Policy Administrative templates, Group Policy Preferences and Group Policy Client Side extensions (in that order) via DCS...

  8. wsus management with DSC _solves_ patching. I wrote a lightweight provider for puppet but with DSC could be surreal. I based it on Boe Prox's work on wsus powershell. Imagine: Clear text files that define patch groups, determine what computers go into patch groups, what patches those groups get. The audit team comes by asking what patches you expect to have on machines and you point them to your git repo. Actual/expected with patching via DSC is panacea. Then tie into SCAP

  9. Exchange 2013

    I have a few parts that work already, this is the way I see it.
    cExch2013Schema
    cExch2013Mailbox
    cExch2013CAS
    cExch2013Edge
    cExch2013UC

    cExch2013DAG
    ...

  10. The "WindowsFeature" resource only works on Server editions of Windows (not Windows 8/8.1) It *could* work if the underlying commands used the "Enable-WindowsOptionalFeature" cmdlet which uses DISM behind the scenes and will work on both server and client operating systems.

    Would be great to have something analogous for client operating systems as well ?

  11. OneGet (Find-Module/Install-module) Support for Web Platform Installer Command Line Tool (webpicmd.exe).

    I spend a lot of time automating Windows servers on IaaS clouds and the majority of Microsoft Products are published via the Web Platform Installer. Microsoft, thankfully, provides something called the WebPICmd Command Line Tool (http://msdn.microsoft.com/en-us/library/gg433092.aspx). Installing Microsoft software products, therefore, are done this way:

    webpicmd /install /products:WDeploy /accepteula
    webpicmd /Install /Products:UrlRewrite2 /accepteula

    It would be great if I could use OneGet to install such packages as well. Otherwise, I'll need to first use OneGet to install webpicmdline and then use webpicmdline to install other MS products. WebPiCmd, unfortunately, is not based on Nuget. The only other alternative would be for Microsoft to port all the software currently being published via the Web Platform Installer (including all IIS Tools) to be published via OneGet which is unlikely to happen soon.

    Rob Reynolds, the maker of Chocolatey, was nice enough to port in support for webpicmd into Chocolatey on my request:

    https://github.com/chocolatey/chocolatey/blob/master/src/functions/Chocolatey-WebPI.ps1

    Making OneGet the one tool of choice to install all such feeds, would make things awesome and who doesn't want awesome :). Happy to help in anyway I can. Thanks.

  12. * I also want the “log file rotator” resource.
    * Also want an enhanced xWebsite resource, for more granular configuration.
    * Scheduled Tasks.
    * An easier way to handle credentials.

  13. Some resources I could use:
    * the folder stomping resource suggested by Jacob Benson;
    * as for Ameer Deen, I have Windows 7 clients it would be useful to manage with DSC (ops consoles, clients in public spaces, testing clients, etc.);
    * a share management resource for Server 2008 R2;
    * a resource for running small executables, perhaps relying on the presence of the executable, and its version;

  14. I have been having issues with the following:
    Net share. The xSmbShare PowerShell Module does not work with Server 2008r2.
    DSC refuses to use the PSNetShare module which works fine in Posh.

    Group will not let me add users from another, trusted domain.
    xWebsite does not allow me to set the "ID". It also will not set a Protocol = "net.tcp"

    I think three is enough for right now.

  15. I'd really like the ability to change values/attributes in XML. A classic example is database connection strings but there are many others.

    • Check out the xTokenize resource in, I believe, DSC Resource Kit Wave 10.

      Details
      xTokenize resource has following properties:

      Path: Path under which a search will be performed to locate files to transform.
      Recurse: A flag to indicate if a recursive search of the path should be performed. The default value is false.
      SearchPattern: Defines the pattern to use when searching for files. The default value is '*.*'.
      Tokens: A hash table of tokens with their values.
      UseTokenFiles: A flag indicating if a token file is provided. Tokenization can occur with or without a token file. The default value is true.

      Since this is from Release Management the token probably needs to be prefixed and postfixed with double underscore (example: __TokenName__) in your xml file.

  16. I would like to see MSMQ Management using DSC

    xMSMQ with ability to manage queues, queues permissions etc

    That would be very helpfull since we develop distributed systems on top of msmq

    Bruno Bertechini