I have a DSC I am creating for web server configuration. My website will be using HTTPS, meaning that I have to have a certificate in a store. I don't see any modules designed to do this, so I was wondering how I could run regular Powershell functions in a DSC but keep the good parts of the DSC.
My workflow is as follows:
1 . Check if certificate exists
If cert doesn't exist in the store, add it.
If the cert does exist, grab the the Thumbprint to use in the xWeb xWebsite.BindingInfo.MSFT_xWebBindingInformation.CertificateThumbprint property.
As of now, I've got the code written to do the following actions, but I would still like to make use of the [DependsOn] functionality found in DSCs so I can handle any errors involved with creating/accessing the certificate.
Any help is greatly appreciated.
https://serverfault.com/a/638926/236470
Use Microsoft's xCertificate module (with the xPfxImport resource) for this purpose.
Full disclosure: I wrote the original version of this resource (it's open source in Microsoft's repo now and has since had other contributors).
To answer your original question, you would use the Script resource to run arbitrary code without creating your own resource.
Related
I am trying to deploy Powershell modules from my https pull server but couldn't. I don't know what I'm missing here. These are things which I already did or tried:
Setup a https based pull server using instructions outlined at https://msdn.microsoft.com/en-us/powershell/dsc/pullserver
Register a pull client using instructions mentioned here https://msdn.microsoft.com/en-us/powershell/dsc/pullclientconfignames
On my pull server I've placed modules under C:\Program Files\WindowsPowerShell\DscService\Modules as xWebAdministration_1.12.0.0.zip and xWebAdministration_1.12.0.0.zip.checksum
If I double click xWebAdministration_1.12.0.0.zip file it contains: DSCResources, Examples, Tests, HighQualityResourceKitPlan.md, README.md and xWebAdministration.psd1 at root level, Under DSCResources I have all MSFT_* folders and other stuff
When I run a custom configuration on my client node which requires xWebAdministration module, I get module not found exception.
I looked at client's event viewer for errors but don't see anything related.
Any help is appreciated.
Thanks!
Have you tried Publish-DSCModuleAndMof from xPSDesiredStateConfiguration?
You have to run Install-Module xPSDesiredStateConfiguration first.
You can find an example of using this here.
I want to define a single configuration that uses Install-Package to install xSystemSecurity and then import it and define a resource that disable IE ESC.
It this possible to do in a single Configuration with a Script Resouce and a xSystemSecurity Resource?
As soon as I try to import xSystemSecurity at the top of the Configuration, DSC blows up because it's not installed yet.
DSC validates all resources in a configuration before it applies any changes. In order to do this, all resources must already be present on the box or available from a pull server. This means that you can't both install and use a resource in the same configuration. The best solution is to use the pull server to deploy the resource. If you can't use the pull server, then you have to use a 2 step process.
Here is an easy way to setup a module repository using a file share http://nanalakshmanan.com/blog/Push-Config-Pull-Module/ Once setup your configuration should work as DSC can pull down the required module from the file share
I'm trying to wrap my hand around DSC in PowerShell 4.0, what's possible, and what's not. I've installed xWebAdministration Module.
Could I create a website in IIS, then somehow export it to the a .ps1 file (I think in the MOF format). For example, txWebAdministration has a sample called xWebAdministration\Examples\Sample_xWebsite_NewWebsite.ps1. Could I use an existing website to build a file like this? Or do I have to type everything in manually?
I'm basically trying to jump in and try some things without reading from end-to-end. I was hoping Get-DscConfiguration would somehow read my IIS configuration and create such a file.
For example, in SQLServer, you can create a database and tables using the graphical user interface of SQL Studio Management Studio (SSMS), then export a script to re-create those same tables on another server.
Is such a concept possible with DSC, or am I missing the boat.
There is nothing like this at the moment.
Keep in mind DSC is very new and quite sparse. The DSC Resource Kit is created by people at Microsoft, but isn't supported or all that official.
You could write a script to parse an existing web site and export it to a configuration in a PS1, or even directly into an MOF (it's a text file too), but there is nothing close to this functionality existing at the moment.
Your best bet is probably to type it out manually at this time.
There is a tool that creates a DSC configuration from an existing machine called GuardRail but I think it will not support the experimental xWebAdministration Module. As briantist said, it wouldn't be too difficult to create a powershell script that uses WebAdministration commandlets to produce a DSC configuration.
In fact a workmate asked me the same question today and I'm considering writing one. If you I'll update my answer in a few days with a script that will do this.
In one of the projects our team is working on, we are trying to make an automated deployment system for an existing desktop application. In order to do that we need to understand how InstallShield installs the application to begin with.
We have access to the InstallShield manifest, but there is an OCX file that we cannot figure out how to install manually (without InstallShield). This particular OCX file is set to 'Extract COM Information'.
Here's a screenshot:
The other OCXs in this application are self-registering, so they can be registered with Regsvr32.exe. But the OCX we are having problems with cannot be registered in that fashion.
How would one manually install an OCX file that is set to 'Extract COM Information' in an InstallShield manifest?
RegSvr32.exe calls the LoadLibrary API to load your DLL and then invokes the DllRegisterServer entry point inside your DLL. The code inside that function does the actual COM registration. If RegSvr32 is failing, that typically means a dependency of your DLL is missing or invalid.
InstallShield does all of this along with some really low level bit hacking to virtualize all of this and then harvest it. An old article on the subject is:
Spying on Registry Entries
InstallShield doesn't actually use this technique per say ( they have several techniques, most of which is not documented and various filters and transform engines to clean up the data ). If you are just looking for a way to do it without InstallShield, then look at Windows Installer XML's "Heat" command line tool. This can "harvest" COM metadata into WxS XML elements.
Also WiX is open source so if you are really curious you could go looking at their code.
As Christopher mentioned, InstallShield extracts COM information from your .ocx by seeing what it registers when invoked similarly to regsvr32.exe will invoke it. Its various forms of redirection (for capturing purposes) have the added benefit of working around several potential permissions problems while the file is registering in your build environment. However if I'm not missing the point of your question, it's "why doesn't regsvr32.exe your.ocx work on the target machine?"
This is a bit of a stab in the dark, as you haven't included enough information. While missing dependencies can cause this, I'm going to guess you only see this failure on Windows Vista/Server 2008 or higher. If this is the case, there's a good chance your application is trying to write to registry keys that are protected by Windows Resource Protection (WRP), or is being tripped up by a per-user typelib registration problem.
When a poorly behaved self-registration routine encounters WRP, it attempts to write to a registry key it lacks permission to modify, then fails the entire registration. I'm uncertain what happens to the keys it wrote before that point, but all ones after it definitely never make it to the machine. You should be able to confirm whether this is the case with a tool like Process Monitor.
What do you do if this is the case? Well, you can stick with an extraction approach like that of InstallShield (which you say you want to leave). You can fix the file to not attempt to write to protected keys (which you say you cannot modify). Or you might be able to use the Application Compatibility Toolkit (ACT) to shim things, but I don't see how you can generally do that downstream. Generally speaking, I would recommend fixing the file, or continuing to use a working approach.
Can any one tell me how to convert an legacy application which is vb6 ( COM dll's ocx and exes) to use Regfree COM .
I tried opening the dlls in visual studio and created manifest file, but some of the dlls it is giving error.
Is there any tools out there which will help me to do this process?
I tried a tool from codeproject which is called regsvr42, which is not creating the manifest fully.
I used tools like PE explorer where I get all the typelib information , but converting them into manifest files is too difficult.
We have started migrating that to .NET, for some months we have to deploy it, it will easier if it is xcopy based deployment.
To create manifest files you can try to use Make My Manifest from http://mmm4vb6.atom5.com/.
EDIT The MMM website is down. I see here that the author was having trouble with their hosting and has provided another location to get Make My Manifest - download it here.
If you can control creation of objects you can use DirectCOM from http://www.thecommon.net/10.html
Keep in mind that if one of used DLLs or OCXs is creating other COM objects dynamically with CreateObject calls, that reference will not be stored in vbp project file and you won't get full manifest file. Probably you will have to catch object creations while the application is running. Depends.exe application can profile running application and report all used dlls. I don't know if there is tool that can find additional COM related information.
There is an excellent walkthrough of what to do in this article on MSDN: Registration-Free Activation of COM Components: A Walkthrough.
Make My Manifest can accomodate late binding as well as early binding. You simply have to add the references to the late-bound dependencies manually, by file location or by ProgId.
You might look at http://mmm4vb6.atom5.com/mmm-demo-1248.html for additional help in using the utility.
MakeMyManifest is well spoken of as an automatic tool for creating manifests for VB6 projects, haven't tried it myself.
DirectCOM also has fans, again I haven't tried it.
EDIT The MMM website is down. I see here that the author was having trouble with their hosting and has provided another location to get Make My Manifest - download it here.
There is a semi-automatic technique. You can create the manifests with Visual Studio 2008 (you can use a free version like Visual Basic Express Edition). Then make a couple of edits by hand to make the manifests suitable for use from VB6. See this section of this MSDN article for step-by-step instructions - ignore the rest of the article which is about ClickOnce.