Powershell DSC what is the execution context for current configuration?

StackOverflow https://stackoverflow.com//questions/24031183

  •  21-12-2019
  •  | 
  •  

Question

I'm trying to deploy a powershell profile through DSC. The configuration should copy a .ps1 file from a network share to a local path.

Running the script fails with the following error SourcePath must be accessible for current configuration. yet this path is accessible from the console, so what user/context is used during dsc configuration ?

Here is the script

Edit after @ravikanth's reply

$ConfigurationData = @{
AllNodes = @(
    @{
        NodeName="*"
        PSDscAllowPlainTextPassword=$true
     }
    )
}
Configuration MyProfile
{ 
  param ([string[]]$MachineName,
        [PSCredential]$Credential)

  Node $MachineName
  {
    Log startconfig
    {
        # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
        Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username"
    }
    File profile
    {
      Credential=$credential
      Ensure = 'Present'   
      SourcePath = "\\web-mridf\powershell\profil_1.ps1"
      DestinationPath = "c:\temp\test.txt"  
      Type = "File" # Default is "File".
      DependsOn = "[Log]startconfig"      
    }

     Log AfterDirectoryCopy
     {
        # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log
        Message = "Finished running the file resource with ID MyProfile"
        DependsOn = "[File]profile" # This means run "MyProfile" first.
     }
  }
}

MyProfile -MachineName web-mridf -OutputPath c:\temp\dsc
Start-DscConfiguration -Path c:\temp\dsc -credential (get-credential("DOMAIN\user")) -force -verbose -Wait

And the error received ( invalid argument)

PS C:\temp> .\dsc.ps1


    Répertoire : C:\temp\dsc


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        04/06/2014     10:54       2834 web-mridf.mof
COMMENTAIRES : Effectuez l'opération « Invoquer une méthode CIM » avec les
paramètres suivants : « 'methodName' = SendConfigurationApply,'className' =
MSFT_DSCLocalConfigurationManager,'namespaceName' =
root/Microsoft/Windows/DesiredStateConfiguration ».

COMMENTAIRES : [WEB-MRIDF] :                            [[File]profile]
SourcePath must be accessible for current configuration.
COMMENTAIRES : [WEB-MRIDF] :                            [[File]profile] The
related file/directory is: \\web-mridf\powershell\profil_1.ps1.
SourcePath must be accessible for current configuration. The related
file/directory is: \\web-mridf\powershell\profil_smac.ps1. . L'ID de ressource
associé est [File]profile.
    + CategoryInfo          : InvalidArgument : (:) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : web-mridf

COMMENTAIRES : [WEB-MRIDF] : Gestionnaire de configuration local :  [ Fin
Définir  ]
La fonction SendConfigurationApply n'a pas réussi.
    + CategoryInfo          : InvalidArgument : (root/Microsoft/...gurationMan
   ager:String) [], CimException
    + FullyQualifiedErrorId : MI RESULT 4
    + PSComputerName        : web-mridf

COMMENTAIRES : L'opération « Invoquer une méthode CIM » est terminée.
COMMENTAIRES : Le temps nécessaire à l'exécution du travail de configuration
est de 0.881 secondes
Was it helpful?

Solution

DSC Local configuration manager runs as SYSTEM. So, it will not have access to the share. You need to pass the credentials to access the share. For the credentials, you need to either use certificates to encrypt the password or use plain-text password.

For the plain text password, check the article I posted at PowerShell Magazine. http://www.powershellmagazine.com/2013/09/26/using-the-credential-attribute-of-dsc-file-resource/

If you want to use certificates for the password encryption, check the PS Team blog post at http://blogs.msdn.com/b/powershell/archive/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration.aspx

Update based on the comments below:

The $AllNodes.Nodename is the key when using Configuration Data. Do not replace that with a static nodename.

$ConfigurationData = @{
    AllNodes = @(
        @{
            NodeName="*"
            PSDscAllowPlainTextPassword=$true
         }
        @{
            NodeName="ServerName"
         }
    )
}

Configuration MyProfile 
{ 
    param (
        [PSCredential]$Credential
    ) 

    Node $AllNodes.NodeName
    { 
        Log startconfig 
        { 
            # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log 
            Message = "starting the file resource with ID MyProfile with $($myinvocation.mycommand) user : $env:username" 
        } 
        File profile 
        { 
            Credential=$credential 
            Ensure = 'Present' 
            SourcePath = "e:\powershell\profil_smac.ps1" 
            DestinationPath = "c:\temp\test2.txt2" 
            Type = "File" # Default is "File". 
            DependsOn = "[Log]startconfig" 
        } 

        Log AfterDirectoryCopy 
        { 
            # The message below gets written to the Microsoft-Windows-Desired State Configuration/Analytic log 
            Message = "Finished running the file resource with ID MyProfile" 
            DependsOn = "[File]profile" # This means run "MyProfile" first. 
        } 
    } 
} 

MyProfile -configurationdata $configurationdata -machinename "web-mridf.groupe.sa.colas.com" -credential (get-credential("groupe\sys-mac-smacsr")) -OutputPath c:\temp\dsc 
Start-DscConfiguration -Path c:\temp\dsc -force -verbose -Wait
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top