I do not understand the concept of building a new computer using DSC

This topic contains 6 replies, has 4 voices, and was last updated by  Will Anderson 3 days, 11 hours ago.

  • Author
  • #104195


    Can someone please help me understand the following

    I believe DSC requires the LCM and the LCM is part of the OS (for recent versions of Windows) so in other words if I had Server 2012 R2 then it would have DSC/LCM out of the box

    what I do not understand is, I have seen a number of posts which said people build an new computer (e.g. from .iso image) using DSE. How can you this be done if you start of with a computer with no OS (as DSC/LMC is 'part of the OS') so no OS no DSC/LCM

    I understand how you can PXE a server get a DHCP address (and related settings like DNS) then build from a build Server like WDS as this will install a pre-execution environment to carry on the full build

    But creating brand new computers (e.g. hardware with physical disks and network cards but no OS) using DSE, when the LCM is not present on the computer (as no OS installed) seems like a chicken and egg situation to me

    can someone please explain


  • #104197


    Sorry typos above, when I said DSE I meant to type DSC

  • #104288

    James Coryat

    AFAIK, there is nothing in DSC that will give you this specifically. You must have some type of boot loader to get all the hardware talking and thinking. From there the boot loader will lay down the image of the OS, then DSC can take over and perform the configuration.

    As long as we are dealing with virtualized hardware, then this link comes into play for the "auto pilot" portion. If we are speaking about an enterprise level deployment, typically the vast majority of your hosts will be virtualized.

    Hope this helps,

  • #104360


    Thanks very much for the clarification Jim, much appreciated.

  • #104384


    I do not think the recipe described in the link works anymore(injecting MOF in the target) since MOF have to be encrypted by the LCM itself now to be read.

    I am currently fiddling with Ansible to create the VM's(working great so far) and then inject a script that will configure the LCM agent in pull mode to go get it's mof(getting close, but still having some problems). Or maybe use ansible + WinRM to simply push the mof using Start-DSCconfiguration(so that way the mof will get encrypted on reception). We're still unsure about the push or pull approach though.

  • #104536


    Hello Syl
    Thanks very much for taking the time to reply, much appreciated

    My boss would like to use one computer configuration tool (to stop build drift)

    Ideally the boss want the computer be to in a known state 'before' connecting to the network e.g. NIC before card enabled for example

    So I just has the following idea
    Build a server, set it up how you want it (install AV etc), next setup DSE/LCM with Pull Server (so the Server knows where to find the pull server). So at this point the computer is configured correctly and DSE is enforcing the configuration

    Then SysPrep the server (to remove from Domain and its Windows ID) then creating an .ios or other image type
    use this .ios/image when standing up a new computer (admin how is setting up computer enters information removed by SysPrep)

    I am hoping (do not have a LAB to test at the moment), that when the Server comes up the LCM will check/enforce is local configuration from information held under C:\Windows\System32\confiuration folder, ?

    I am thinking the last part of the DSE (e.g. depends on AV running etc) check to see if the NIC is Enabled and if not Enabled the NIC. I am hoping the LCM on the computer will connect to the pull server to pickup the latest DSE configurations that may apply to it.

    I know each computer (being managed by the LCM) has a GUID which is held in the pull servers database, therefore I am not sure if SysPrep the computer would in somehow also affect this LCM GUID ?


  • #104542

    Will Anderson

    I'll typically have my automation register the machine to the pull server, apply the configuration; and when it's compliant, reset the LCM to defaults (with a new mof) and start the sysprep/imaging process. You could also just apply the configuration manually if you like to look busy watch text scroll (-Wait -Verbose).

    You could also pull the configuration in a task sequence.

    I actually have runbooks in Azure designed to build out managed images for the first scenario. I get a lot of clients that want to have their own 'Company Branded' image in the cloud. It just makes things easier to leverage DSC to do that.

You must be logged in to reply to this topic.