Partial configuration support

microsoft / DSCEA

DSC Environment Analyzer (DSCEA) is a simple implementation of PowerShell Desired State Configuration that uses the declarative nature of DSC to scan systems in an environment against a defined reference MOF file and generate compliance reports as to whether systems match the desired configuration.

https://microsoft.github.io/DSCEA

Other

197 stars 41 forks source link

Partial configuration support #53

Open Zuldan opened 7 years ago

Zuldan commented 7 years ago

This looks like a great addition to DSC Tooling, however I have some concerns. Judging by the examples it looks like DSCEA assumes all servers share the same MOF file and they only have one MOF.

In our environment we have on average 11 MOF files (partial configurations), 19 in some cases, per server. On top of that, each MOF file is unique per server. Are there any plans to support this type of DSC usage or should we be creating some tooling around the tooling to generate reports?

rkyttle commented 7 years ago

Please take a look at our latest build, version 1.2.0.0 which we just released about an hour ago.

In this new release we added a Path parameter to StartDSCEAscan which allows Start-DSCEAscan to take in a folder path containing machine specific MOF files to allow for a scan of those systems against unique per system settings.

Please let us know if this meets what you are looking for

armentpau commented 6 years ago

I'm not sure where this request is at at this time but I would like to throw my two cents on this and how helpful it would be to support partial configurations.

I want to use DSCEA to scan some of our environment using MOF files generated by BaselineManagement(https://github.com/Microsoft/BaselineManagement). The issue I am running into (and where I see why the original poster wanted partial configuration support) is that we have multiple GPOs which need to be converted to MOFs as well as a SCCM baseline as well. In this case it would act like partial configs.

I tried to do a little playing around with the current code and what ended up happening is that all of the keys which were duplicated between the two registry/mof files were showing up in the report twice.

Thanks for your consideration on this - if there is anything I can clarify on please let me know.

imarambiocatan commented 6 years ago

I'm not sure how the new -path switch works. would you please update the wiki with an example? Also, would it be possible to add a csv file including what tests are expected to fail in a batch of servers and report them with a status slightly different to not compliant?

rkyttle commented 6 years ago

imarambiocatan I will take a look into this and get an example created. As far as handling expected failures, this is a known issue that will get to, https://github.com/Microsoft/DSCEA/issues/16