Table of Contents

1. Description
2. Requirements
3. Usage
4. Troubleshooting

Description

This is an auto-generated module, using the Puppet DSC Builder to vendor and expose the PowerShell module's DSC resources as Puppet resources. The functionality of this module comes entirely from the vendored PowerShell resources, which are pinned at v1.5.1. The PowerShell module describes itself like this:

This module contains DSC resources for configuring and managing computer security.

For information on troubleshooting to determine whether any encountered problems are with the Puppet wrapper or the DSC resource, see the troubleshooting section below.

Requirements

This module, like all auto-generated Puppetized DSC modules, relies on two important technologies in the Puppet stack: the Puppet Resource API and the puppetlabs/pwshlib Puppet module.

The Resource API provides a simplified option for writing types and providers and is responsible for how this module is structured. The Resource API ships inside of Puppet starting with version 6. While it is technically possible to add the Resource API functionality to Puppet 5.5.x, the DSC functionality has not been tested in this setup. For more information on the Resource API, review the documentation.

The module also depends on the pwshlib module. This Puppet module includes two important things: the ruby-pwsh library for running PowerShell code from ruby and the base provider for DSC resources, which this module leverages.

All of the actual work being done to call the DSC resources vendored with this module is in this file from the pwshlib module. This is important for troubleshooting and bug reporting, but doesn't impact your use of the module except that the end result will be that nothing works, as the dependency is not installed alongside this module!

Usage

You can specify any of the DSC resources from this module like a normal Puppet resource in your manifests. The examples below use DSC resources from from the PowerShellGet repository, regardless of what module you're looking at here; the syntax, not the specifics, is what's important.

For reference documentation about the DSC resources exposed in this module, see the Reference Forge tab, or the REFERENCE.md file.

# Include a meaningful title for your resource declaration
dsc_psrepository { 'Add team module repo':
    dsc_name               => 'foo',
    dsc_ensure             => present,
    # This location is nonsense, can be any valid folder on your
    # machine or in a share, any location the SourceLocation param
    # for the DSC resource will accept.
    dsc_sourcelocation     => 'C:\Program Files',
    # You must always pass an enum fully lower-cased;
    # Puppet is case sensitive even when PowerShell isn't
    dsc_installationpolicy => untrusted,
}

dsc_psrepository { 'Trust public gallery':
    dsc_name               => 'PSGallery',
    dsc_ensure             => present,
    dsc_installationpolicy => trusted,
}

dsc_psmodule { 'Make Ruby manageable via uru':
  dsc_name   => 'RubyInstaller',
  dsc_ensure => present,
}

For more information about using a built module, check out our narrative documentation.

Properties

Note that the only properties specified in a resource declaration which are passed to Invoke-Dsc are all prepended with dsc. If a property does _not start with dsc_ it is used to control how Puppet interacts with DSC/other Puppet resources - for example, specifying a unique name for the resource for Puppet to distinguish between declarations or Puppet metaparameters (notifies, before, etc).

Troubleshooting

In general, there are three broad categories of problems:

1. Problems with the way the underlying DSC resource works.
2. Problems with the type definition, where you can't specify a valid set of properties for the DSC resource
3. Problems with calling the underlying DSC resource - the parameters aren't being passed correctly or the resource can't be found

Unfortunately, problems with the way the underlying DSC resource works are something we can't help directly with. You'll need to file an issue with the upstream maintainers for the PowerShell module.

Problems with the type definition are when a value that should be valid according to the DSC resource's documentation and code is not accepted by the Puppet wrapper. If and when you run across one of these, please file an issue with the Puppet DSC Builder; this is where the conversion happens and once we know of a problem we can fix it and regenerate the Puppet modules. To help us identify the issue, please specify the DSC module, version, resource, property and values that are giving you issues. Once a fix is available we will regenerate and release updated versions of this Puppet wrapper.

Problems with calling the underlying DSC resource become apparent by comparing <value passed in in puppet> with <value received by DSC>. In this case, please file an issue with the puppetlabs/pwshlib module, which is where the DSC base provider actually lives. We'll investigate and prioritize a fix and update the puppetlabs/pwshlib module. Updating to the pwshlib version with the fix will immediately take advantage of the improved functionality without waiting for this module to be reconverted and published.

For specific information on troubleshooting a generated module, check the troubleshooting guide for the puppet.dsc module.

Known Limitations

Currently, because of the way Puppet caches files on agents, use of the legacy puppetlabs-dsc module is not compatible with this or any auto-generated DSC module. Inclusion of both will lead to pluginsync conflicts.

Reference

Table of Contents

Resource types

• dsc_xfilesystemaccessrule: The DSC xFileSystemAccessRule resource type. Automatically generated from version 1.5.1
• dsc_xieesc: The DSC resource type. Automatically generated from version 1.5.1
• dsc_xuac: The DSC resource type. Automatically generated from version 1.5.1

Resource types

dsc_xfilesystemaccessrule

The DSC xFileSystemAccessRule resource type. Automatically generated from version 1.5.1

Properties

The following properties are available in the dsc_xfilesystemaccessrule type.

dsc_ensure

Data type: Optional[Enum['Present', 'Absent']]

Present to create the rule, Absent to remove an existing rule. Default value is 'Present'.

dsc_isactivenode

Data type: Optional[Boolean]

Determines if the current node is actively hosting the filesystem object.

dsc_processonlyonactivenode

Data type: Optional[Boolean]

Specifies that the resource will only determine if a change is needed if the target node is the active host of the filesystem object. The user the configuration is run as must have permission to the Windows Server Failover Cluster.

dsc_rights

Data type: Optional[Array[Enum['ListDirectory', 'ReadData', 'WriteData', 'CreateFiles', 'CreateDirectories', 'AppendData', 'ReadExtendedAttributes', 'WriteExtendedAttributes', 'Traverse', 'ExecuteFile', 'DeleteSubdirectoriesAndFiles', 'ReadAttributes', 'WriteAttributes', 'Write', 'Delete', 'ReadPermissions', 'Read', 'ReadAndExecute', 'Modify', 'ChangePermissions', 'TakeOwnership', 'Synchronize', 'FullControl']]]

The permissions to include in this rule. Optional if Ensure is set to value 'Absent'.

Parameters

The following parameters are available in the dsc_xfilesystemaccessrule type.

dsc_identity

namevar

Data type: String

The identity to set permissions for

dsc_path

namevar

Data type: String

The path to the item that should have permissions set

dsc_psdscrunascredential

Data type: Optional[Struct[{ user => String[1], password => Sensitive[String[1]] }]]

name

namevar

Data type: String

Description of the purpose for this resource declaration.

dsc_xieesc

The DSC resource type. Automatically generated from version 1.5.1

Properties

The following properties are available in the dsc_xieesc type.

dsc_psdscrunascredential

Data type: Optional[Struct[{ user => String[1], password => Sensitive[String[1]] }]]

Parameters

The following parameters are available in the dsc_xieesc type.

dsc_isenabled

namevar

Data type: Boolean

dsc_userrole

namevar

Data type: String

name

namevar

Data type: String

Description of the purpose for this resource declaration.

dsc_xuac

The DSC resource type. Automatically generated from version 1.5.1

Properties

The following properties are available in the dsc_xuac type.

dsc_psdscrunascredential

Data type: Optional[Struct[{ user => String[1], password => Sensitive[String[1]] }]]

Parameters

The following parameters are available in the dsc_xuac type.

dsc_setting

namevar

Data type: String

name

namevar

Data type: String

Description of the purpose for this resource declaration.

[1.5.1] - 2020-03-13

Deprecated

• THIS MODULE HAS BEEN DEPRECATED. It will no longer be released. Please use the following modules instead:
  • The resource xIEEsc have been replaced by IEEnhancedSecurityConfiguration in the module ComputerManagementDsc.
  • The resource xUac have been replaced by UserAccountControl in the module ComputerManagementDsc.
  • The resource xFileSystemAccessRule have been replaced by FileSystemAccessRule in the module FileSystemDsc.

Fixed

• Fixes issue with importing composite resources (issue #34).

[1.5.0] - 2020-01-29

Added

• xSystemSecurity
  • Added continuous delivery with a new CI pipeline.

Fixed

• xSystemSecurity
  • Fixed the correct URL on status badges.
• xFileSystemAccessRule
  • Corrected flag handling so that the Test-TargetResource passes correctly.
  • Using Ensure = 'Absent' with no rights specified will now correctly remove existing ACLs for the specified identity, rather than silently leaving them there.
  • Correctly returns property Ensure from the function Get-TargetResource.

[1.4.0.0] - 2018-06-13

• Changes to xFileSystemAccessRule
  • Fixed issue when cluster shared disk is not present on the server (issue #16). Dan Reist (@randomnote1)

[1.3.0.0] - 2017-12-20

• Updated FileSystemACL Set

[1.2.0.0] - 2016-09-21

• Converted appveyor.yml to install Pester from PSGallery instead of from Chocolatey.
• Added xFileSystemAccessRule resource

[1.1.0.0] - 2015-09-11

• Fixed encoding

[1.0.0.0] - 2015-04-23

• Initial release with the following resources
  • xUAC
  • xIEEsc