LCM first run script

Tagged: ,

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Ryan Young Ryan Young 2 years ago.

  • Author
    Posts
  • #20532
    Profile photo of Ryan Young
    Ryan Young
    Participant

    Hey again, planning a "first run" script that's integrated with my OS image. We're going to have many environments (dev qa stage prod) and want varying configuration modes between them. We have a naming scheme for each environment so I think that's a good variable to work with. Goal: "If computername = ?_________ then use X configuration mode"

    I'm thinking back on my batch file scripting days with things like goto :: and hoping I can use one file for this? How would you guys tackle this one?

    Here's the script I'm currently using for LCM, each node is going to use its AD guid so I'm not worried about guid issues, just the varying LCM config:

    [blockquote]Configuration MakeItSoPull
    {

    Node $allnodes.NodeName
    {

    LocalConfigurationManager
    {
    ConfigurationID = "$($Node.NodeGUID)"
    RefreshMode = "PULL";
    DownloadManagerName = "WebDownloadManager";
    RebootNodeIfNeeded = $true;
    RefreshFrequencyMins = 5;
    ConfigurationModeFrequencyMins = 10;
    ConfigurationMode = "ApplyAndAutoCorrect";
    DownloadManagerCustomData = @{ServerUrl = "http://MYSERVERURL"; AllowUnsecureConnection = “TRUE”}
    }
    }
    } [/blockquote]

    Thanks as always, I'm quickly learning this thing but it still feels like a monster haha 🙂

  • #20533
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Be sure you're aware of the danger of an HTTP pull server. It's child's play for malware to intercept that traffic and feed malicious configurations to your machines, and they'll happily accept them since you're not using HTTPS. I'm waiting for that to be the next big attack vector.

    I think this is a completely legit approach to configuring new machines, especially if you've got some means of doing that "which config do I assign them?" logic (and it sounds like you do).

    Your refresh frequencies won't work; the minimums are 15m and 30m, and because you've specified lower values, they'll default to the actual minimums.

    Be sure you're looking at PowerShell v5 as part of your planning. It'll offer a lot more flexibility, including partial configurations, and you may want to spend some time ensuring your plan can take advantage of that stuff once it's available. The LCM config scripts also look different, although the v4 ones will be supported for compatibility.

    Also, as this is going to run *on* the machine it is configuring, there's no real need to use $allNodes. You could just specify localhost. Not that you need to – nothing wrong doing it the way you're doing, but it's an option. It looks like you're providing the GUID through a configuration data block anyway, so you'd still need that.

  • #20534
    Profile photo of Ryan Young
    Ryan Young
    Participant

    I don't think there's a professional community on the internet that responds faster than powershell.org OMG :). Thanks for the insight Don, again I am really at the "script kiddie" level in all this. I just recently passed my 70-410 exam (where James's videos @ cbt nuggets gives a 'brief' about the push model) and into week 2 of a new job I open my mouth "We could be using DSC to maintain a new project we're planning", impressed the boss and now I find myself with my hands dirty in a "proof of concept" test on it haha! And no, I've never worked with this before so I'm having lots of fun.

    For sure when we choose to 'go live' with using DSC I will have it use HTTPS. There wasn't any question of that. But I followed along your CBT nuggets video, and I'm in a 'learning phase', so I took the easier approach for the time being. I briefly looked at PSv5 and am certainly looking forward to it, but I still don't know all the different nuances with V4 to just be able to compare/plan for it. It'll be one of those things we'll get to when I'm more knowledgable.

    I guess at the moment I'm lacking understanding/knowledge of hastables, and the varying node-variables I could use (Where you see me using AllNodes is because I script kiddied that from this dude: https://github.com/ThojoUno/DSC/blob/master/TargetADResourcesDSC.ps1

    I've used powershell as a Office365 management tool less than a "actually work with my local systems and write scripts to do things" tool, I think I need to buy your book!

You must be logged in to reply to this topic.