Desired State Configuration and Local Configuration Manager

In our previous post we covered the procedure of defining the settings we wish to use for configuring the Local Configuration Manager and leveraging the Set-DSCLocalConfigurationManager commandlet. (Editor’s note: Need to catch up? Check out our previous articles on Deploying a Desired State Configuration Web Host Using Powershell and Deploying a Desired State Configuration Web Host Using DSC.)

DSC and Local Configuration Manager

In order to check if the new configuration was successfully deployed to the nodes, we can connect to the node and then leverage the command Get-DscLocalConfigurationManager, which will return its current configuring details.

Local configuration manager: Get-DscLocalConfigurationManager

However, as we are working in PowerShell there is always going to be a simpler way to do this. The second server that we configured was called PDC-SC-VMM01, so using a remote connection to the server we can also get our requested information back, as in the following example:

​ $session = New-CimSession -ComputerName PDC-SC-VMM01
Get-DscLocalConfigurationManager -CimSession $session

AllowModuleOverwrite           : True
CertificateID                  :
ConfigurationID                : ba59fd02-04e2-4452-a817-b8e750b4efb8
ConfigurationMode              : ApplyAndAutoCorrect
ConfigurationModeFrequencyMins : 45
Credential                     :
DownloadManagerCustomData      : {MSFT_KeyValuePair (key = "ServerUrl"), MSFT_KeyValuePair (key = "AllowUnsecureConnection")}
DownloadManagerName            : WebDownloadManager
RebootNodeIfNeeded             : True
RefreshFrequencyMins           : 15
RefreshMode                    : Pull
PSComputerName                 : PDC-SC-VMM01

Local Configuration Manager: What’s Under the Hood?

When our local configuration is set to run in pull mode, the delivered meta.mof file instructs the CIM to configure the computer’s task scheduler to automate the Local Configuration Manager. Essentially this might be considered as a script, which is defined to run on a schedule based our configuration.

Local configuration manager: Task Scheduler

This task launches a new PowerShell instance with the following parameters:

​ -NonInt -Window Hidden -Command "Invoke-CimMethod -Namespace root/Microsoft/Windows/DesiredStateConfiguration -Cl MSFT_DSCLocalConfigurationManager -Method PerformRequiredConfigurationChecks -Arguments @{Flags = [System.UInt32]1}"

Server Maintenance: Two Methods

Understanding what is happening under the hood provides us with an ability to consider what we might need to happen on the node during a maintenance procedure. If we assume that the server is configured to run in the ApplyAndAutoCorrect mode, then any maintenance we may be executing could possibly be modified if some of the change operations that we are completing conflicts with the configuration that the server is enforcing.

There are two obvious methods to put the nodes Local Configuration Manager into a stand-down configuration while the server is in maintenance mode.

1. Scheduled Tasks

We can manipulate the tasks using two simple PowerShell commands, which will place the LCM into the desired states.

Maintenance Get-ScheduledTask -TaskPath “\Microsoft\Windows\Desired State Configuration\” | Disable-ScheduledTask
Active Get-ScheduledTask -TaskPath “\Microsoft\Windows\Desired State Configuration\” | Enable-ScheduledTask

Local configuration manager: Task Scheduler

2. Local Configuration Manager

The other approach is to actually just reconfigure the LCM itself, changing the configuration mode. Of course, all we need to do is change the server from its ApplyAndAutoCorrect mode when we are in the Maintenance window and return it once the window is expired or the maintenance is completed. Unfortunately we can not just execute a simple Set-DscLocalConfigurationManager –CondigurationMode.

Instead, we need to create a configuration, which will then allow us to generate a meta.mof to apply to the Local Configuration Manager, just as we defined in previous post.