This topic contains 3 replies, has 2 voices, and was last updated by
November 27, 2015 at 8:23 am #32321ParticipantPoints: 1Rank: Member
I am looking to use DSC as a replacement/enhancement to our GPOs on specifically locked-down computers in our environment. I have a DSC configuration script I developed which essentially mirrors/replaces settings from GPOs. In one section I specify whether I want a service Enabled or Disabled. In some cases a service does not exist, say perhaps one created by an application that may not be installed on a specific computer. However, when that service does not exist and I apply the configuration, it fails.
Since these are locked-down computers, I cannot ignore managing that service in the event that it does get installed. I want to have a configuration in place for when it does, but it appears DSC will not allow for that.
Does anyone know a way to allow DSC to configuration services and not error if the service is not (or not yet) installed. Seems like a "if exists" would do the trick but have not seen evidence that is available in DSC.
November 29, 2015 at 11:49 am #32362KeymasterPoints: 1,811Rank: Community Hero
You're going to need different configurations for different machines. On machines where a service isn't expected or supposed to exist, you won't have the settings needed to manage that service.
DSC doesn't work well with "in the event that it does get installed." Really, on machines where it doesn't exist, DSC should either be instructed to create or or to remove it, resolving the ambiguity.
Configurations don't feature "logic." They're meant to describe an absolute desired end state, with no "well, maybe if" situations. On a locked down computer, there shouldn't be a situation where a service might or might not be installed; "might" is the opposite of "locked down."
November 30, 2015 at 1:16 pm #32410ParticipantPoints: 1Rank: Member
Thanks for the answer Don. And yes, it all makes sense that DSC operates the way it does.
The scenario I was thinking of was dealing with a pilot or beginning rollout of software that contains a service to be managed that is going out to the thousands of computers that would be managed by DSC. Obviously, a big bang install of the application would not be prudent so our typical deployment process covers several weeks. In that case, we would have to mirror timing for the application deployment and a separate DSC configuration. Ultimately, possible to do, or utilize a GPO to manage the service until complete saturation then transition to DSC. I guess there are many ways to get around this scenario instead of relying to DSC to do an If-Then statement.
November 30, 2015 at 1:24 pm #32411KeymasterPoints: 1,811Rank: Community Hero
Well.. what about only shipping the DSC configuration to those machines that have been rolled out?
The idea is actually to have DSC *perform* and then *maintain* the rollout. So you'd only ship a config to the boxes you were ready to go live. Each box has its own config; the script you use to PRODUCE those configs can have all the logic you like.
The topic ‘Manage Service IF it exists’ is closed to new replies.