Skip to content

Configuration

GitHub Action edited this page Jun 28, 2026 · 8 revisions

Configuration

SPSWeather is driven by two PowerShell data files in the Config\ folder:

  • <app>-<env>.psd1 — the environment configuration (farms, SMTP, exclusions). Passed with -ConfigFile.
  • secrets.psd1 — the DPAPI-encrypted service credential. Generated by -Install or by hand.

Both are loaded with Import-PowerShellDataFile, which evaluates data only (no code execution). Real Config\*.psd1 files are gitignored; only *.example.psd1 templates ship with the repository.

Environment configuration (config.psd1)

Copy Config\CONTOSO-PROD.example.psd1 and edit it:

@{
    ConfigurationName = 'PROD'
    ApplicationName   = 'contoso'
    Domain            = 'contoso.com'

    SMTPToAddress     = @('admin-farm@contoso.com', 'admin-setup@contoso.com')
    SMTPFromAddress   = 'noreply@contoso.com'
    SMTPServer        = 'smtp.contoso.com'

    CredentialKey     = 'PROD-ADM'

    ExclusionRules    = @(
        'SPSiteHttpStatus'
        'EvtViewerStatus'
        'IISW3WPStatus'
        'WSPStatus'
    )

    Farms = @(
        @{ Name = 'SEARCH'; Server = 'srvcontososearch' }
        @{ Name = 'SERVICES'; Server = 'srvcontososervices' }
        @{ Name = 'CONTENT'; Server = 'srvcontosocontent' }
    )
}
Key Description
ConfigurationName Environment label (e.g. PROD); fills the Environment variable and report/file names.
ApplicationName Application code (e.g. contoso); fills the Application variable and file names.
Domain DNS suffix appended to each farm server short name to build the FQDN targeted for remoting.
SMTPToAddress Array of report recipients (used with -EnableSmtp).
SMTPFromAddress / SMTPServer Sender address and SMTP relay.
CredentialKey Name of the entry in secrets.psd1 that holds the service credential.
ExclusionRules Checks to skip (see below).
Farms One entry per trusted farm: Name, the short Server name, and an optional SqlServers array (the cliconfg alias(es) or SQL server name(s) the farm uses, for alias resolution and declared-vs-discovered validation).

ExclusionRules

Use ExclusionRules to skip checks. Authorized values:

None, APIHttpStatus, SPSiteHttpStatus, EvtViewerStatus, IISW3WPStatus, HealthStatus, WSPStatus, FailedTimerJob.

The default sample excludes SPSiteHttpStatus, EvtViewerStatus, IISW3WPStatus and WSPStatus.

Farms

In a trusted-farm topology you can check the health of each farm. Use the same service account for every farm in scope.

Service credential (secrets.psd1)

The service account used for CredSSP remoting is stored as a DPAPI-encrypted SecureString in Config\secrets.psd1. This replaces the former Windows Credential Manager dependency — same DPAPI security model (bound to the user account + machine), with no third-party binaries.

Copy Config\secrets.example.psd1:

@{
    'PROD-ADM' = @{
        Username       = 'CONTOSO\svc_spsweather'
        PasswordSecure = 'PASTE-ConvertFrom-SecureString-OUTPUT-HERE'
    }
}

The top-level key (PROD-ADM) matches the CredentialKey of the environment config.

Generating the encrypted password

The easiest way is to let -Install do it for you, signed in as the service account:

.\SPSWeather.ps1 -ConfigFile 'Config\contoso-PROD.psd1' -Install -InstallAccount (Get-Credential)

To generate it manually, run this on the target server, as the account that will run the scheduled task, and paste the output into secrets.psd1:

Read-Host -AsSecureString -Prompt 'Password' | ConvertFrom-SecureString

Important

The encrypted value can only be decrypted by the same user account on the same machine that produced it. If you rotate the service account or move servers, regenerate secrets.psd1 there. secrets.psd1 is gitignored and must never be committed.

Next step

Continue with the Usage page.

Clone this wiki locally