where is the information about DSC configuration runs stored on the computer

This topic contains 3 replies, has 2 voices, and was last updated by  Don Jones 9 months ago.

  • Author
  • #61468


    I have a requirement to remove ALL traces of any DSC runs. Currently all iam doing is the following
    1. clear DSC configuration documents (previous.mof, current.mof, backup.mof) using the following command
    Remove-DscConfigurationDocument -Stage Current, Pending, Previous -Verbose

    2. clear DSC event logs
    wevtutil cl Microsoft-Windows-DSC/Operational

    3. clear all JSON files containing DSC runs log information using the command
    Remove-Item $env:windir\system32\configuration\configurationstatus\$*.json

    However when i run the command "Get-DscConfigurationStatus -All" I still see the information about the previous DSC runs. I want to know how do i clear this information from the system? Where is this information stored?


  • #61542

    Don Jones

    I'm not sure I've ever needed to do this before. The information is in the WMI/CIM repository, but I'm not sure if there's a supported way of erasing it entirely. Can you share more about your use case, here?

  • #62173


    Here is the background:
    We install Windows stock OS on the box and make lots of modifications to it. Modifications include things like, turning of some options in Settings, applying local policies using gpedit etc.
    We need to do this because of various reasons that are not important now. These modifications usually were done manually and used to take lot of time (weeks) and were error prone.
    So I am tasked with creating DSC script that automates all these modifications. All is good until here. I am able to automate these modifications using DSC.
    But the caveat is that we ship these images to our customers and we want to make sure there are no DSC traces anywhere in the machine when we ship these images.
    That is the reason why i need to clear all the DSC logs/DSC events etc.

  • #62178

    Don Jones

    So... I think you just might be outside the realm of what DSC was intended to do. The team never envisioned it as an OEM prep tool. I mean, obviously it can implement a lot of those things, but it doesn't have a "sanitize" mode. I'm not even sure it's _possible_ to clear out the Repository bits, for example, without writing some native code to do so, and I don't know if clearing it would break something or not.

    I'm not sure DSC is a good choice for this task.

You must be logged in to reply to this topic.