-
Notifications
You must be signed in to change notification settings - Fork 0
/
02-DSC.ps1
109 lines (75 loc) · 3.54 KB
/
02-DSC.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# Change your prompt
function prompt { $l = Get-Location; "$l`nPS > " }
# Make a directory in the working path you are currently in
mkdir ".\MOFs" -Force
######################################################################
# #
# Reference Pages #
# #
######################################################################
# Getting Started
Start-Process "https://docs.microsoft.com/en-us/powershell/dsc/overview"
Start-Process "https://docs.microsoft.com/en-us/powershell/dsc/resources"
# Writing Resources
Start-Process "https://docs.microsoft.com/en-us/powershell/dsc/authoringresourceclass"
Start-Process "https://docs.microsoft.com/en-us/powershell/dsc/singleinstance"
######################################################################
# #
# Get and set registry items individually #
# #
######################################################################
New-Item -Path "HKLM:\Software\Testing"
New-ItemProperty -Path "HKLM:\Software\Testing" -Name "Configuration" -value 1
Get-Item -Path "HKLM:\Software\Testing"
Get-ItemProperty -Path "HKLM:\Software\Testing" -Name "Configuration"
Remove-Item -Path "HKLM:\Software\Testing"
######################################################################
# #
# Use a configuration for the same item #
# #
######################################################################
Configuration MyRegistryCheck
{
Import-DSCResource -ModuleName 'PSDesiredStateConfiguration'
Registry 'Testing'
{
ValueName = 'Configuration'
ValueType = 'Dword'
Key = 'HKLM:\Software\Testing'
ValueData = 1
}
}
MyRegistryCheck -OutputPath ".\MOFs"
ise .\MOFs\localhost.mof
Test-DscConfiguration -ReferenceConfiguration .\MOFs\localhost.mof
######################################################################
# #
# Use DSCEA to analyze a machine or multiple #
# #
######################################################################
Install-Module dscea
Get-Command -Module dscea
Start-DSCeascan -MofFile .\MOFs\localhost.mof -ComputerName localhost
Get-DSCEAreport -Overall
.\OverallComplianceReport.html
# Apply settings with DSC
Start-DscConfiguration -Path .\MOFs -ComputerName localhost -Wait -Verbose -Force
# Audit Policy Dsc
# https://www.powershellgallery.com/packages/AuditPolicyDsc/1.4.0.0
# https://github.com/dsccommunity/AuditPolicyDsc/blob/master/Examples/Sample_AuditPolicyGuid.ps1
# Security Policy Dsc
# https://www.powershellgallery.com/packages/SecurityPolicyDsc/3.0.0-preview0006
# https://github.com/dsccommunity/SecurityPolicyDsc
#
Install-Module securitypolicydsc
Save-Module securitypolicydsc -Path 'C:\Program Files\WindowsPowerShell\Modules'
Get-DscResource -module securitypolicydsc
configuration secPolConf
{
Import-DscResource -ModuleName SecurityPolicyDsc -Name UserRightsAssignment
UserRightsAssignment 'CreateAPagefile'
{
Identity = @('BUILTIN\Administrators')
Policy = 'Create_a_pagefile'
}
}