Configurations/Windows10/VMConfiguration.ps1
#requires -version 5.1 <# Notes: Authors: Jason Helmick,Melissa (Missy) Januszko, and Jeff Hicks The bulk of this DC, DHCP, ADCS config is authored by Melissa (Missy) Januszko and Jason Helmick. Currently on her public DSC hub located here: https://github.com/majst32/DSC_public.git Disclaimer This example code is provided without copyright and AS IS. It is free for you to use and modify. Note: These demos should not be run as a script. These are the commands that I use in the demonstrations and would need to be modified for your environment. #> Configuration AutoLab { $LabData = Import-PowerShellDataFile -Path $PSScriptroot\VMConfigurationData.psd1 $Secure = ConvertTo-SecureString -String "$($labdata.allnodes.labpassword)" -AsPlainText -Force $credential = New-Object -typename Pscredential -ArgumentList Administrator, $secure Import-DscResource -ModuleName "PSDesiredStateConfiguration" -ModuleVersion "1.1" #import dscresources from the configuration data Import-DscResource -ModuleName "xPSDesiredStateConfiguration" -ModuleVersion "8.9.0.0" Import-DscResource -ModuleName "xComputerManagement" -ModuleVersion "4.1.0.0" Import-DscResource -ModuleName "xNetworking" -ModuleVersion "5.7.0.0" Import-DscResource -ModuleName "xWindowsUpdate" -ModuleVersion "2.8.0.0" Import-DscResource -ModuleName "xPendingReboot" -ModuleVersion "0.4.0.0" Node $AllNodes.Where( { $true }).NodeName { xComputer ComputerName { Name = $Node.NodeName WorkGroupName = "Lab" } user Administrator { UserName = "Administrator" Disabled = $false Password = $credential PasswordChangeRequired = $false PasswordNeverExpires = $True } #create a local account with the same name as the person #running this config user $env:username { UserName = $env:username Disabled = $false Password = $credential PasswordChangeRequired = $false PasswordNeverExpires = $True } #add the user to the local Administrators group group Administrators { GroupName = "Administrators" MembersToInclude = $env:username DependsOn = "[user]$($env:username)" } #force a reboot after completing everything xPendingReboot Complete { Name = "Post-Config Reboot" SkipPendingComputerRename = $True DependsOn = @("[group]Administrators", "[xComputer]ComputerName", "[user]Administrator") } #region LCM configuration LocalConfigurationManager { RebootNodeIfNeeded = $true AllowModuleOverwrite = $true ConfigurationMode = 'ApplyOnly' } #endregion #region IPaddress settings If (-not [System.String]::IsNullOrEmpty($node.IPAddress)) { xIPAddress 'PrimaryIPAddress' { IPAddress = $node.IPAddress InterfaceAlias = $node.InterfaceAlias AddressFamily = $node.AddressFamily } If (-not [System.String]::IsNullOrEmpty($node.DefaultGateway)) { xDefaultGatewayAddress 'PrimaryDefaultGateway' { InterfaceAlias = $node.InterfaceAlias Address = $node.DefaultGateway AddressFamily = $node.AddressFamily } } If (-not [System.String]::IsNullOrEmpty($node.DnsServerAddress)) { xDnsServerAddress 'PrimaryDNSClient' { Address = $node.DnsServerAddress InterfaceAlias = $node.InterfaceAlias AddressFamily = $node.AddressFamily } } If (-not [System.String]::IsNullOrEmpty($node.DnsConnectionSuffix)) { xDnsConnectionSuffix 'PrimaryConnectionSuffix' { InterfaceAlias = $node.InterfaceAlias ConnectionSpecificSuffix = $node.DnsConnectionSuffix } } } #End IF #endregion #region Firewall Rules $FireWallRules = $labdata.Allnodes.FirewallRuleNames foreach ($Rule in $FireWallRules) { xFirewall $Rule { Name = $Rule Enabled = 'True' } } #End foreach } #endregion #region RSAT config node $AllNodes.Where( { $_.Role -eq 'RSAT' }).NodeName { # Adds RSAT which is now a Windows Capability in Windows 10 Script RSAT { TestScript = { $packages = Get-WindowsCapability -online -Name Rsat* if ($packages.state -match "Installed") { Return $True } else { Return $False } } GetScript = { $packages = Get-WindowsCapability -online -Name Rsat* | Select-Object Displayname, State $installed = $packages.Where( { $_.state -eq "Installed" }) Return @{Result = "$($installed.count)/$($packages.count) RSAT features installed" } } SetScript = { Get-WindowsCapability -online -Name Rsat* | Where-Object { $_.state -ne "installed" } | Add-WindowsCapability -online } } } #end RSAT Config #region RDP config node $AllNodes.Where( { $_.Role -eq 'RDP' }).NodeName { # Adds RDP support and opens Firewall rules Registry RDP { Key = 'HKLM:\System\ControlSet001\Control\Terminal Server' ValueName = 'fDenyTSConnections' ValueType = 'Dword' ValueData = '0' Ensure = 'Present' } foreach ($Rule in @( 'RemoteDesktop-UserMode-In-TCP', 'RemoteDesktop-UserMode-In-UDP', 'RemoteDesktop-Shadow-In-TCP' )) { xFirewall $Rule { Name = $Rule Enabled = 'True' DependsOn = '[Registry]RDP' } } # End RDP } #endregion } AutoLab -OutputPath $PSScriptRoot -ConfigurationData $PSScriptRoot\VMConfigurationData.psd1 |