I routinely see organizations big and small still using “regular” Active Directory user accounts as service accounts. Typically, they have the password for those service accounts set to never expire or an alternate password policy that only requires the password is changed yearly. If your organization is managing service accounts
Server Administration
Hey PowerShell… Text me if my Domain Admins Group changes
This is why I Love PowerShell… It’s simple, yet functional. From an Administrative perspective, I think we can all agree that any changes in your Domain Admins group without your knowledge would be of interest to you. If you’re in a large organization with access to enterprise management tools you
PowerShell Desired State Configuration (DSC) How-To for Beginners (Pull Mode)
This script will accomplish 3 things; configure a pull server, create a basic configuration to be pulled by a target node, and create a Local Configuration Manager configuration for the target node. Execute the following code on the Pull Server:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 |
# Step 1 Install xPSDesiredStateConfiguration Install-Module -Name xPSDesiredStateConfiguration # Step 2 # Create the Pull Server. Configuration CreatePullServer { param ( [string[]]$ComputerName = 'localhost' ) Import-DSCResource -ModuleName xPSDesiredStateConfiguration Import-DSCResource –ModuleName PSDesiredStateConfiguration Node $ComputerName { WindowsFeature DSCServiceFeature { Ensure = "Present" Name = "DSC-Service" } xDscWebService PSDSCPullServer { Ensure = "Present" UseSecurityBestPractices = 0 EndpointName = "PSDSCPullServer" Port = 8080 PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer" CertificateThumbPrint = "AllowUnencryptedTraffic" ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" State = "Started" DependsOn = "[WindowsFeature]DSCServiceFeature" } } } #Creates the .mof file CreatePullServer # Apply the Pull Server configuration to the Pull Server Start-DscConfiguration .\CreatePullServer -Wait |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# Your Configuration Configuration ExchangeService { # Parameters # Accepts a string value computername or defaults to localhost Param([string[]]$ComputerName = "localhost") # Target Node Node $ComputerName { # Service Resource # Ensure a service is started Service MSExchangeTransport { Name = 'MSExchangeTransport' State = 'Running' } } } # Generate the .MOF files ExchangeService -Computername EXCH # Create a Checksum for the file listed above New-DscChecksum ".\exchangeservice\exch.mof" |
Execute this code on the Target Node:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# Run on the target node Configuration LCMPullConfig { LocalConfigurationManager { ConfigurationID = "EXCH"; RefreshMode = "PULL"; DownloadManagerName = "WebDownloadManager"; RebootNodeIfNeeded = $true; RefreshFrequencyMins = 30; ConfigurationModeFrequencyMins = 30; ConfigurationMode = "ApplyAndAutoCorrect"; DownloadManagerCustomData = @{ ServerUrl = "http://SCCM:8080/PSDSCPullServer/PSDSCPullServer.svc"; AllowUnsecureConnection = “TRUE”} } } # Create the .mof meta file for the target node LCMPullConfig # We're essentially turning on Pull Mode on the Target Set-DSCLocalConfigurationManager -Computer localhost -Path ./LCMPullConfig -Verbose |