Hybrid-DSC is a modification for a multitude of things that is listed in the sections below.
Download the (2) files in the \Install folder, make sure they're together in the same folder, and then 'run the ps1 file'. It will do the rest.
I still need to come up with some comment based help for what this project does, but that's not on the agenda at this time. If you are able to read the Hybrid-DSC.ps1 file, then you may be able to see what it does just by reading the code. That is all I can do to provide details at this time.
I have been cooperating with Mr. MadBomb122 himself... he's an awesome son of a bitch by the way... but yeah. He made this really cool kick ass thing that manages services for Windows. His version only supports Windows 10 Home and Pro... I'm looking to expand what it can do so that it provides Group Policy and Service Configurations for domains, enterprises, as well as servers and virualized environments.... while keeping my sanity. Not easy.
Enhancements for customizing and automating the PSD-Master Project found at 'FriendsOfMDT' and...
^ Finding out who this guy really is. He's always there... With that smug look on his face... hands in the air like he's trying to say "who knows." Well I'll tell you my theory... He's the guy who runs Microsoft. As in, the guy even Bill Gates answers to... But, the guy that Bill Gates answers to... it's not this guy. Nope. That guy that Bill Gates answers to, answers to some other guy. And then that guy answers to some other guy. Unfortunately, I'm not certain how many guys/girls answer to each other until ^ this guy/girl is finally reached, but... if I had to take a guess, I would say, the answer is rather obscure. Now, if I find out who he is... I will gladly let everyone know that I have determined his true identity. I cannot specify as to whether or not I could share the information of who this individual would be...? But I will definitely let you know if I ever manage to 'find out who the hell this guy OR girl is'... even if I can't tell you their name. I'll let you know that I did indeed, find out. Who that person is. And that I know them now, but only after said event occurs. Or if... that event happens...
I don't know who the hell ^ this guy/girl is yet, so, chill out...
This is a personal fork of the project I am working on found here, github.com/secure-digits-plus-llc/Hybrid-DesiredStateController However this is a lot more hands on with the PSD project and 'integrating' my project 'Hybrid' with 'PSD-Master', and I'm rebadging it as "PSD-Remaster". This includes GUI interfaces, network connection stuff, Active Directory, Certificates, drivers, images, manuals on how to be a lame/obnoxious bastard, and a damn kitchen sink just for laughs. No really. When you use this program, you will receive a new kitchen sink from the department of kitchen sinks. I don't have their number or address, so if they fail to send you one, or notify you of your new kitchen sink delivery... don't get upset with me. Not my fault.
To establish the tools necessary to secure any network of any size, starting from the ground up, or from the sky down.
Even if there are no computers in that network. Even if it isn't a network. Even if it's two fricken cans with a damn string between them. I'm not certain how the hell I'm gonna make it work for all of that, but I'm absolutely certain that if it can indeed be completed, 'I will be the first person to find a way to do it.' Or at the very least, I'll be the first person to determine, "it is in fact impossible."
Making these things even more fun and cool than they were before I said to myself, "I'm gonna make this even cooler, somehow. Not sure how, but I will...": OS deployment, distribution, networking, network security, firmware, file systems, web servers, server service setup, Active Directory deployment and configuration, DNS, DHCP, WDS, MDT, WinPE, WinADK, MDT, Virtualization, Application management, User Environment Virtualization and User State Migration, and reminding the great minds over at Microsoft that you can in fact make their cool stuff even cooler when you're an adamant bastard like me that never gives up. No, really. They, like, appreciate when someone like me decides to do something pretty challenging and somehow turn it into stuff that magically happens.
And... because all of these things will combine like a damn Voltron on steroids, it'll be so far outside the box..? Well, people will say "you're reinventing the wheel, dude." I'm gonna share a secret with you. I'm not reinventing the wheel. Cause it's a lot harder than that.
Because... I'm inventing the 'equations'... That tell the 'cpu' and 'operating system'... How to 'vectorize a mask'... That turns into the 100% size of the original data... Into 3-10% of that size with raw instructions and tools to recreate that data on the other end of a tunnel... therefore 'achieving a massive reduction transmitted data'... far beyond the best 'compression that exists'... because when you have a strategy to rebuild it all... with only 3-10% of the original data... What happens is, the 2 hours it would've normally taken you to send any given file of such a size, will then take anywhere between
3 1/2 - 12 minutes total. To recap, that means, "that's turning a full length movie into a quick YouTube video."
I'm not though. These things are possible. I've been studying the art of managing data, organizing data, layering graphics and labeling things so that they can easily be found, and you know, knowing how to count, add, subtract, multiply, divide, and write in English for like a couple decades at least... so, that's really all it takes to understand "Hey. When someone defrags an old school hard drive, one that was fragmented to like 97% fragmentation... and then after a 24 hour process, the drive is then 0% fragmented, guess what happens... well, accessing any data at all then takes "exponentially less time". The same concept can be applied to programming that requires additional optimization in order to achieve that 3-10% reduction in a data footprint.
Besides, Microsoft knows it's possible since they do it already with this thing called "all of their Security Updates" plus a lot of other things. So it's like "definitely possible", and "anyone who says it isn't," is doing this thing called "lying to you about how possible it is." No really, there's a huge market in 'lying to people'.
Well, it's not. Only a sissy would say that. It's a breeze. It's a walk in the park. In fact, I have already finished the entire thing, I'm just being a little sissy about how it looks and works and making sure it doesn't cause errors or sucks, and that's the part that takes the most time. Cause things can in fact suck sometimes. Especially when people get paid handsomely to produce something that is mostly finished, but like isn't, so when an employee that you've paid to do work did only 99% of the job, and the last 1% resulted in corruption of 27399% of a totally different job that somehow had the same exact dependency that they weren't even tasked with? Guess who the hell gets to fix that ? It sure as hell isn't the employee who sticks his middle finger up when you tell him you want that paycheck that you paid them back. The one that failed to finish the last 1% of the job that resulted in having to take 20 guys off of whatever important thing they were working on to generate revenue, and then task them with the job of reversing the 27399% damage that that one little 1% non-finished thing resulted in corrupting. No, really.
Ask Microsoft what they think about their 1803 update. They will tell you. "We paid an idiot who totally pretended like it wasn't his problem because we paid him to cause 9000 hours of labor because he forgot to use a backslash instead of a forward slash like an idiot..."
I may or may not be hyperbolizing that specific problem that resulted in 'a lot of pissed off customers swearing at Microsoft again for the millionth billionth time... Come to find, after about 2 million people complained to Microsoft about this new feature called 'where the hell are all of my documents?'... it was eventually discovered after 'a very small amount of time at all'... that this feature was 'well loved by a wonderful amount of an absolutely "0" people whatsoever. No, really. It never made it past version 1. That's how cool it was.
Now, because John did this thing called "forgot about that feature he included that wasn't a feature, it was a monumental f*#$* up, Well, John was then fired permanently. Because 'no one at Microsoft liked this new feature either.'
And as such, some random dude at Microsoft named John that was eager to implement this cool new feature that wasn't approved..? Well, it was the last paycheck this dude ever got from the Microsoft Corporation, lets put it that way.
^ I don't know if that's 100% true, but it's probably not a real stretch of the imagination...
Short answer is, cause a lot of programmers are very eager to get paid for work that they haven't finished yet. No, really. It happens at all of these big fortune 500 companies and even aspects of the government, where instead of taking accountability for their mistakes, they have to do this thing called "pretending like they didn't hear you demand a refund when a programmer that sucked at finishing that last 1% of his program resulted in that customer that paid this company for a service that did not protect them at all, in fact it opened up a vulnerability where everything that person ever earned was taken from them..."
I'm not hyperbolizing that. At all. Security is not just challenging, it's called "requiring a system of layered and interwoven rick rolls" on top of knowing how to program, AND on top of being able to do networking, ON TOP of being able to call out some BS, ON TOP of being able to take a beating and not complain about it ever. No, really. That's what digital security requires.
( Side point... Johan Arwidmark and Mykal Nystrom suggest in this book Deployment Essentials (6?), "you can have a house that has nice walls... but if you have a bad foundation? It will do you no good."
^ The problem I have with that whole idea, and a lot of the ideas that they use in that book, are that 'they are using a system that uses a lot of static code. Not to mention, WSUS has security issues. Active Directory also has security issues, but they're a lot harder to crack. Also, SIM and Sysprep /unattend.xml generation all takes a really long time... The general issue I have with the book, AND with a lot of MS's own tools, are that they all have a pretty steep learning curve to use correctly and efficiently. And, there's no real "trainer" for any of the tools... So on a first run, you might have a bunch of text that says what the tool does... but it's not very engaging. In order to learn, you need examples and interactivity. Side point... )
Moreover.... have you ever gotten a virus, malware, or looked into the depths of DCOM ? There's a lot to 'make certain of' that security is maintained. Security Identifiers, Relative ID's, Permissions, ACL's, BIOS settings, telling that bastard John that didn't finish that last 1% of code that resulted in a lot of pissed off people that you really wish you could kick him in the nuts ... OR...
When a company like Intel makes a very retarded decision, and causes this thing called 'Meltdown/Spectre', and 'you tell people that the damn 'exploit' CANNOT BE PATCHED OUT VIA SOFTWARE OR FIRMWARE, well guess what. That crashes the security of any network or topology and it means that everyone should just leave their fricken doors and cars unlocked at all times. That's what Intel expects everyone to do. Why? I don't know. They are retarded like that. I wish that they weren't, but, 'Meltdown.', 'Spectre.' Here's a link to a video where I talk about firmware. https://www.youtube.com/watch?v=-jkDPv9H6BQ
The video in question has not been real popular, mainly because, there are people out there that 'suck at the work they get paid exceptionally well to suck at...' and what happens is, "they are the people that would rather continue getting paid to suck at the work they do than to be honest or carefully study the sacred art of not sucking at their job.
Now, unfortunately, even at moments where the truth is dispensed, or shared openly with other people, these sad miserable people will do what's called 'including the word not when the statement is true', otherwise referred to as 'a god damn lie'. They're actually very skilled at this phenomenon, case in point, when Intel claimed to have the first 5Ghz CPU, that had 28 cores and ran on air? Oh well, they were telling the truth... except, only a dumbass would confuse the words 'air' and 'industrial chiller'. No really, that happened. Here's a link to where you can find this thing called 'proof of Intel doing this act called lying to people'... https://thinkcomputers.org/intels-28-core-cpu-required-an-industrial-chiller-to-achieve-5ghz/
Look. Nobody lies. Not even the people you trust the most. The world is full of people that always tell the truth until of course, you happen to have some situation where you have evidence of them doing this thing I suggested called 'lying', and instead of 'accepting the fact that they were lying' when they are then shown proof of such a thing, they will then make every effort to convince everyone that 'it's not what it looks like.'
I don't know about you, but 'every liar I have ever known has said those words' and did this thing called 'failed to convince me that it wasn't what it looked like.'
Think about it this way. You work all day at some place where you work your balls off. The amount of money you are paid doesn't affect how you will feel at the end of the day, when you're ready to go home and say "man, today sucked." to your wife... but unbeknownst to you, the guy you work for who's like your manager or company owner, you know, the guy that tells you what to do so you can get paid an honest man's salary and pay for this house you live in, this wife's nails to get done for the billionth time, and to send your kids to another college that gets to file for chapter 11 bankruptcy in 10 years, driving a car that GM still hasn't made a way to allow it to drive itself, unlike Tesla's... ( side point... )
Anyway, you get home a bit earlier than usual. You open the door. You hear this sound of some female having some really loud sex. Now, you walk closer to where the sound is coming from and it appears to be coming from your room. You open your bedroom door, and you see your wife playing a game called 'your boss is putting his penis in me'. Now, at first you're like "Hey boss! How did you manage to beat me home? You're a really quick bastard!" No, I'm kidding, you don't say that at all. Instead you say something like "What the hell is going on?" ... even though you already know exactly what is going on, they're playing a game called 'your boss is putting his penis in your wife...' Now... your boss then says "It's not what it looks like." Your wife tries to say this too. And, in a perfect world where no one lies? Well, you believe the both of them and that it's just some misunderstanding. You're certain that they're not doing this thing called "having sex with each other in your house, that you pay for, that your boss makes you do things for him while he gets paid a lot more money for your work than you do, and banging your wife while you were doing the things he told you to do.
Yeah. ^ That is the story of "it's not what it looks like." The truth is, if it looks like your boss is playing a game called 'putting his penis in your wife a lot of times', it's exactly what it looks like, and all of the things I said are exactly what's happening to America right now with this thing called 'Identity Theft.'
Colorful analogy? Exceptionally perfect example.
Security is a boolean value, if even one little thing isn't secure, like the god damn CENTRAL PROCESSING UNIT... ( It's a part that's like so CENTRAL to the whole thing that your computer, or anyone's computer, operates on? That it's like, in the god damn name of the unit that processes everything. From a CENTRAL location. ) Well, then it can crash the entire topology of your network when felonious idiots named 'Intel Executives' decide to do something 'retarded to your network'.
SCCM tries to safeguard this by digitally signing everything, but even as 'hardened as it is'... it still has it's fair of vulnerabilities, for instance....
- Sometimes files/hash values or digital signatures can be misreported if the firmware/CPU is not valid. It's rare, but it happens when people do things such as 'sucking at the work they do'. AKA, hacking firmware or hardware.
- It's slow as hell. At everything it does. And, even though Michael Niehaus IS IN FACT A GENIUS, actually scratch that... he's a god damn wizard named Merlin..? Even geniuses have to deal with idiots sometimes, and the end result is, you get this thing that takes everything it is fed, and somehow multiplies the amount of time anything should take by a factor of like 8. It is called 'System Center Configuration Manager'... where it could be way cooler, faster, better, be a fun to use, interesting, enjoyable experience..? Oh well, lets put it this way. SCCM is only slow because Mike doesn't want to get blamed for your network administrator being this thing called 'a dumbass'.
No really, its true. Try to think of it like this. Your neighbor decides to go beat the crap out of the mail man, for whatever reason, you fail to understand why the hell your neighbor would randomly beat the crap out of the mailman... but you have to expect that your neighbor COULD do something that spontaneous and dumb... So, you plan for that event. Regardless of how likely it may or may not be. Now, like the genius behind SCCM/MDT, you probably do not want to be blamed for your neighbor randomly beating the crap out of the mail man for no real apparent reason whatsoever. Am I right? Of course I am. No one appreciates being blamed for something they didn't do. And everyone hates when someone else takes credit for the things you DID do. Hence, that genius I continue to refer to made this thing called SCCM. Where it provides proof, that your neighbor could be a sick bastard who would do such a thing. ( could also be the reason why some Mail carriers also carry this thing called 'protection'... but that's just a side point... )
The reason it takes a lot of time for changes to propogate across a network when using SCCM, is because 'someone somewhere worked real hard to provide a system that can detect and sidechannel when hardware or firmware is corrupted, or even credentials or DCOM or things that could result in someone successfully rick rolling everything. For instance, when a network administrator tries to continue keeping their job after SCCM says this guy did something stupid, and this guy then says something like 'Oh I didn't know that the firmware was hacked!'... when he was the one who installed it... No, really. It happens, and causes these things like 'Cambridge Analytica'.
When you work at a bank or a hospital... then you're dealing with a lot of money and/or risk of being responsible for people dying on accident... SO.... in those cases... GUESS IT MIGHT BE BETTER TO BE SLOW AND CAREFUL SOMETIMES. Sorta like sex. Sometimes.
Anyway... if you push updates in a 2 hour maintenance Window, and you forgot to put something somewhere for all of those machines... oh, well guess what. Now you get to wait until next month to install that critical update that you forgot to put in. Which means, you may as well just kick yourself in the nutsack for fun. No really, why the hell not?
Hardened security like SCCM is great for 'every half a year'... where you don't feel like losing the data in question but you also don't feel like taking a god damn baseball bat to the system in question that doesn't feel like doing whatever the hell you told it to do. So, there's that. Besides, probably not a cheap habit to smash everything with a baseball bat in order to 'fix it'.
The alternative, is to use the most badass utility to date, and it's called M-D-(fricken)T. Yeah. The Microsoft Deployment Toolkit. It's so badass? That you can't even understand what the hell it can do until you lock yourself in a room for several months straight pounding on the god damn keyboard and swearing at your computer for 'no reason' a lot of times... (except the reason is that you forgot the damn update... or change, again...) No really... Mykael Nystrom said it's like 'watching paint dry', but... no it's more like watching an episode of the twilight zone on repeat, where you forget what happened 15 minutes ago, and then in another 15 minutes, you remember what saying the words 'damn it' sounds like again. However... At least its only 15 minutes and not 2 hours.
Now, you could use SCCM and MDT in tandem even though 'they're the same god damn program'... One is slow, the other is not. It's sort of like comparing 'safe sex', to 'raw dogging it.' So. Yeah. It is... a colorful, yet, exceptionally perfect analogy.
You could also use the Media Creation tool and download the same thing from each computer, and take 10 years doing the same thing that MDT and SCCM can do, in like IDK, 2 hours. You could also, randomly decide to shoot yourself in the foot, slash the tires you your own car, and then WALK to every damn node on your network, and you know, install the version of windows in question manually and you know, take several centuries to do all of that... But I would say "probably doesn't sound real fun or like you couldn't do that faster with some better tool." ( And you're probably wondering after reading all of this 'this person seems to make the alternative sound like a really dumb idea...' )
Well, guess what. Hybrid-DSC? Well, pst. When it's ready..? it'll accelerate the act of accelerating the MDT/SCCM solution accelerator. So it's like a solution accelerator cubed.
Now, I know what you're thinking... "Sounds like the G-forces involved in that much acceleration could be dangerous, maybe even lethal, Michael." Well, when it comes to locking yourself in a room and studying the sacred art of not sucking at the work you choose to do, you have to have something that makes up for all that time you spent sitting there staring at the computer and swearing at it until it finally worked the way you wanted it to. Will you be very far behind? Yep. However, "everything that used to take you 45 minutes with the MCT and then an additional 2-4 hours to download updates and install them and then run disk cleanup to get the most up to date version of Windows possible... Well, that process will then take a wonderful amount of 10 minutes when you master the art of 'PXE Environment acceleration'.
You're probably thinking... "I don't know if I can handle this much acceleration bro. Really. You keep using this word, and it sounds like an open invitation to have uncontrollable motion sickness... and I'm not down with that at all."
Well, think of it like this. Quantum Entanglement. Einstein called it spooky action at a distance, except, that's a misnomer. What Quantum Entanglement really means is, "the universe responds in a way that results in any entangled particle being affected at the same time in an exact ratio to it's counterpart."
"Sounds like spooky action at a distance is just a shorter way to say what you did."
Look. He was referring to this thing called 'mathematics.'
"That actually sounds pretty cool." I know. It's just what you could call "insanely difficult to pull off correctly all the time." Go ahead and ask Pi what the last digit of it is, you will be waiting forever. Literally.
No really, the plus side to building a system that stays up to date is that "you can then travel to a website that stays up to date and deploys the latest version of the operating system with the most up to date tools you would ever need, and does so from PXE so that you can start deploying this thing called 'a live operating system that is always up to date all the time.'
It's sort of like "Hey, there was a great reason to build all of this carefully and slowly." It's sort of like WaaS or SaaS, but the end result is that you could probably eliminate the idea of needing a hard drive altogether. That's what adding these components together could eventually lead to. I don't know if I mentioned this, but it'll also stay up to date. Which means it will self update itself while already being up to date, and staying up to date. That's the core feature... 'Up to Datedness'. Because, this key feature does this thing where at the very moment that it starts to even think about going out of date..? Well guess what... Bam. It updates itself with this thing called 'an update.'"
You really can't even count the amount of updates that your system might be behind on, because, it implements these updates all the time, so, it'll be an obsolete metric. In fact, 'up to date' might be a term that then goes 'out of date'.
"You really are an obnoxious repetitive bastard..." Yeah but, Y2K bugs cost a lot of money to fix man...
...and when you see that a user hasn't rebooted their machine for 3 months, you know it's because they have some files open and they don't know how to hit the 'save' button... I mean, we all know that he does. He also knows that he does. But, for whatever reason, he just chooses not to do that... nor to reboot his god damn computer to install the security update. You know, the one that protects people from the damn thing that somehow 'removes money from their damn account...' or 'tells them that they can click on this thing and some hot girl will suddenly be your wife or whatever'... and, because he is an idiot that would fail to do all of these things that HE SHOULD'VE FRICKEN DONE ALREADY... well... then you have to talk to this individual as if you 'don't want to smack him across the face for being so dumb'... but you 'definitely WANT TO DO THAT BECAUSE... he's the damn reason everyone at your company has to 'wipe their god damn machine again.' I know. It SHOULD be time to 'kick this guy in the nuts.' However... you can't really do that. Even if you WANT to... you just can't. Which ... sigh.
There's a stigma involved with 'rebooting a machine.' I'm not impervious to that either... I hate rebooting my damn machine as well, which is why "i'm building a way to never have to require a reboot because I thought of a way to keep the operating system in memory without having to tell Intel that they suck at the work they get paid real well to suck ass at doing... But the problem is, until Windows is re-engineered to perform live updating, meaning, when it can "update itself without ever needing to actually reboot"... then what happens is that the security updates that kept getting pushed off, they don't protect a critical vulnerability that now get to allow '100-browser-tab Tom', to enjoy the next best thing to getting kicked in the nutsack. It's called "convincing you this individual that they no longer have any money"... AKA, Identity Theft.
I know. However, I like to refer to this whole process as "attempting to play Bobby Fisher" at chess, and, for every move that HE makes in about idk, a single second? I get the wonderful task of having to be confused as to what the next move is for 'several fricken days straight.'
It's sort of like 'Bobby lets me actually move the pieces and then analyze what he might do next, and if I feel like it was a dumb move? Then, Bobby doesn't care if I move my piece back to the spot it was last in. Cause he's cool like that. He knows he's a tough son of a bitch at chess, so, that's what he'll do to give you a fair chance. So, yeah. IDK if YOU have ever played Bobby Fisher in chess, but, it's about a 700 out of 10 in terms of difficulty , so... guess what..? I swear at my god damn computer a lot. Is it healthy? Probably not. But it's whatever. I'm not being a sissy about it so, it is what it is.
I mean there are two types of people in the world, there are the negative Nancy's, and the positive Pam's. Granted, you could make the case that there are some sideways Sara's or maybe some halfway harry's... I guess either way you look at it? The challenge is being able to make the most out of the experience. And somehow enjoying what it feels like to kick yourself in the nuts over and over and calling that 'my job.' Apparently... sigh
That said? Making some things happen with some pretty cool awesome stuff? Well, it's probably too cool for me to even be able to use said terms in question, in a god damn sentence. That's how cool and awesome this stuff is, so, it's whatevs.