Working with the Desired State Configuration Feature (Part 6)

If you would like to read the other parts in this article series please go to:

Introduction

In the previous article in this series, I showed you how to use the Desired State Configuration Tool to check to see if a server adheres to the desired state and how to perform automatic remediation if not. All of that is great, but the problem is that as it stands right now, running the Desired State Configuration Feature is a manual action. It would be a lot more efficient to make the Desired State Configuration Feature run automatically on a periodic basis. Thankfully, this is relatively easy to do.

Windows Server contains a component called the Task Scheduler that we can use to force the Desired State Configuration Feature to run at specific times. The first thing that we need to do however, is to determine the command that the Task Scheduler will need to run.

If you look back at the previous article, you will see that the command that we used to launch a Desired State Configuration scan was: Start-DscConfiguration –wait –Verbose .\PoseyConfig. Unfortunately, this command won’t work with the task scheduler unless we do some tweaking first. There are a couple of reasons for this. The first reason is that the Task Scheduler is designed to accept commands that would be entered at the Windows command line – not PowerShell. We therefore have to tell the Task Scheduler that we want to use PowerShell.

The other reason why we can’t use the command as is is because our original command did not reference the location of the Desired State Configuration components. Those components were stored in a location that was outside of the system path, so Windows is going to need some help finding them.

There are actually a number of different ways in which you can address these problems. In my opinion, the easiest thing to do is to create a script. For the sake of demonstration, I will call the script DSC.PS1. The script’s contents look like this:

Cls
C:
CD\
CD \DSC
Start-DscConfiguration –Wait –Verbose .\PoseyConfig
Write-Output “The Desired State Configuration Script has completed”

This script is fairly simple. It starts out by clearing the screen. From there, it switches to the C: drive and then navigates to the DSC folder, which is where my Desired State Configuration files are located. The script then runs my Desired State Configuration command and displays a message when the script has finished running.

So now that we have created this script, the next thing that we have to do is to figure out how to launch it from the command line. This may require some trial and error.

Normally, running a PowerShell script involves entering ./ followed by the name of the script. However, we can’t do that in a Command Prompt environment. Instead, we need to enter the PowerShell command, followed by the –File parameter, and the path and filename of the script. In my case, the full command looks like this:

PowerShell –File C:\DSC\DSC.ps1

The easiest way to figure out what command to use is to open a Command Prompt window and experiment with variations of the PowerShell –File command until you get the script to launch.

Once you have figured out how to construct a command that will launch a Desired State Configuration scan from a Command Prompt window, the next step in the process is to configure the command to run on a scheduled basis. The technique for doing this will vary slightly depending on which version of Windows you are using. I am going to be basing the instructions in this article on Windows Server 2012 R2.

So with that said, click the Start button to go to the server’s Start screen. Next, click on the Administrative Tools tile. If for whatever reason the Administrative Tools tile does not exist, you can instead open the Control Panel and enter Admin into the Control Panel’s Search box. When the search results are returned, click on the Administrative Tools link.

When Windows displays the list of administrative tools, double click on the Task Scheduler. You can see what the Task Scheduler looks like in Figure A.

Image
Figure A: This is the Windows Task Scheduler.

To get started, you will need to choose the Create Basic Task command from the Task Scheduler’s Action menu. When you do, Windows will launch the Create Basic Task Wizard.

The wizard’s initial screen requires you to enter a name for the task that you are creating and an optional description. Even though the description is optional, it is a good idea to enter a meaningful description, as shown in Figure B.

Image
Figure B: Enter a name and a description for the scheduled task that you are creating.

Click Next and the wizard will ask you when you want to run the task. The Task Scheduler gives you several options to choose from. You can run a task daily, weekly, monthly, one time, when the computer starts, when you log in, or when a specific event is logged. My advice is to run the Desired State Configuration scan on a weekly basis, as shown in Figure C.

Image
Figure C: You might consider running the Desired State Configuration scan on a weekly basis.

Click Next and you will see a prompt asking you specifically when you want to run the scheduled task. The exact scheduling options that are displayed vary depending on the frequency that you picked on the previous screen, but Figure D shows the options that are displayed when you choose to run the scheduled task on a weekly basis.

Image
Figure D: You must specify exactly when you want the scheduled task to run.

Click Next and you will be prompted as to the action that should be performed by the scheduled task. As you can see in Figure E, you can choose to start a program, send an E-mail, or display a message. Since our goal is to run a PowerShell script, we need to choose the option to start a program.

Image
Figure E: Choose the option to start a program.

Click Next and you will be prompted to specify a program or a script. This is where you enter the command line that you came up with earlier, but you will have to make a slight change. Enter PowerShell into the Program / Script field. Enter everything else into the Add Arguments field, as shown in Figure F.

Image
Figure F: Enter the command that you tested earlier.

Click Next and you will see the Finish screen, which summarizes the task that you are creating. Take a moment to make sure that everything appears to be correct and that the task is set to run whether a user is logged on or not, and then click the Finish button. Your Desired State Configuration scan should now run at the scheduled time.

Conclusion

In this article, I have explained that you can use the Desired State Configuration feature to compare a server’s configuration against a baseline and then perform automatic remediation if necessary, as a way of ensuring that your servers remain properly configured.

If you would like to read the other parts in this article series please go to:

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top