PowerShell

The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage

The following is a list of the states we use to track items.

status meaning
survey We saw this and we are considering it. Please upvote if it’s important to you.
needs more information We don’t understand the issue and need additional details.
investigating We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details.
in queue The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add enhanced reporting, allowing you to view the status of all nodes instead of one at a time.

    Currently, the DSC reporting server only offers the ability to query a single node at a time. I think for any environment, it would be crucial to get a list of the last reported compliance for all nodes. I'd really like to see this feature added in a future release.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Eric,

    Thanks for the feedback! This is something that we are aware of. We intentionally did not want to do this without having a way to authenticate the requests.

    Have you seen this community project? It should help you get the functionality that you are looking for including authentication:
    https://github.com/claudiospizzi/DSCPullServerWeb

    MarkG

  2. Bring the Azure Automation DSC MOF encryption into the on-premises DSC pull server

    In Azure Automation DSC the whole MOF file gets encrypted without the need to manually issue certificates for every node and then to collect the public keys.

    From Azure documentation:
    "Keeping credentials secure in node configurations (MOF configuration documents) requires encrypting the credentials in the node configuration MOF file. Azure Automation takes this one step further and encrypts the entire MOF file."

    This extremely useful feature sould also be implemented in the on-premises DSC pull server. Especially because the needed functionality must alread be in the WMF 5 as nothing more than WMF 5 is needed to use the Azure…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  3. DSC registry resource support '/' in the registry path.

    DSC registry resource support '/' in the registry path.

    If you use a path containing a / e.g. "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128" then the builtin registry resource you end up with an error or the wrong registry path being created.

    This config will not work. I've have to create my own module to create the folder and then us the registry resource to create the actual key.

        Registry "DisableCipherRC240128"
    
    {
    Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128"
    ValueName = "Enabled"
    ValueType = "Dword"
    ValueData = "0"
    Ensure = "Present"
    Force = $true
    }

    The register resource should support / in the path.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  4. There is no step by step documenation in place how to install SQL server using xsqlps module

    There is no step by step documenation in place how to install SQL server using xsqlps module

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  5. ConfigurationAST should include resource modules being imported

    The ConfigurationAST added in v4 for PowerShell DSC does a good job at providing resource configuration details. However, to determine what modules are being imported, we should still use the keyword AST to find the resource module names from the Import-DSCResource command. While this is a workaround, it will be easier if ConfigurationAST can provide this information for simplicity.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Node with large configurations fails to send status report to the Report Server

    Testing out WMF 5.0 and when I tried one of our existing configurations, which has a good amount of resources in it, the following error is logged in the event log after each consistency check:

    Job {%JobID%} :
    Http Client {%AgentID%} failed for WebReportManager for configuration The attempt to send status report to the server https://johntestx02/PSDSCPullServer.svc/Nodes(AgentId={%AgentID%}')/SendReport returned unexpected response code RequestEntityTooLarge..

    I assume this is because of the amount of resources the node is trying to report on back to the report server. Has anyone else run into this? Can the Report Server configuration be adjusted to accept lager amounts…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  3 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Invoke-DscResource String to Boolean conversion Failure

    Invoking command:

    Invoke-DscResource -Name cDtc -Method Test -Property @{'Name'='Local';'Ensure'='Present';'AuthenticationLevel'='NoAuth';'Status'='Started';'InboundTransactionsEnabled'='True';'OutboundTransactionsEnabled'='True';'RemoteClientAccessEnabled'='True';'RemoteAdministrationAccessEnabled'='False';'XATransactionsEnabled'='True';'LUTransactionsEnabled'='False'} -ModuleName cDtcResource

    Cause PowerShell to fail.

    Convert property 'OutboundTransactionsEnabled' value from type 'STRING' to type 'BOOLEAN' failed
    At line:17, char:2
    Buffer:
    essEnabled = "False";
    };^

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow variable input to be passed to import-dscresource

    To keep configurations and composite resources as modular as possible, we should be able to pass an array of module specifications as a parameter.

    Consider the following:

    [Parameter()]

        [System.Collections.Hashtable[]]
    
    $DscResourcesToImport = @(
    @{ModuleName='xPSDesiredStateConfiguration'; ModuleVersion='3.9.0.0'},
    @{ModuleName='xComputerManagement'; ModuleVersion='1.4.0.0'}
    )
    )

    foreach ($Resource in $DscResourcesToImport)
    {
    $ModuleSpec = @{ModuleName="$Resource.ModuleName"; ModuleVersion="$Resource.ModuleVersion"}
    Import-DscResource -ModuleName $ModuleSpec
    }

    This fails with the error: "Arguments must be constant"

    Thanks for considering this.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Invoke-DSCResource on WindowsFeatureSet fails

    As subject says. Example is below

    PS C:\Windows\system32> Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storage-Services"; Ensure = "Present" } -Method test -ModuleName PSDesiredStateConfiguration
    Invoke-DscResource : Failed to serialize properties into CimInstance.
    At line:1 char:1
    + Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storag ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Invoke-DscResource], SerializationException
    
    + FullyQualifiedErrorId : System.Runtime.Serialization.SerializationException,Microsoft.PowerShell.DesiredStateConfiguration.C

    ommands.InvokeDscResourceMethodCommand

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback! Based on its current ranking compared to other feedback items and product schedule, work on this item is pending (and will be driven by) further customer input. If you did not open this issue and are also impacted by it, please vote this item up.

    MarkG

  10. Remove Dependency on TLS 1.0 for HTTPS Pull Server

    After disabling TLS 1.0 on our Pull Server and nodes, the nodes are unable to re-register with the Pull Server. This is keeping us from making changes to the LCM on nodes.

    I have posted on PowerShell.org forum about this:
    http://powershell.org/wp/forums/topic/tls-1-0-required-for-https-pull-server/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Get-DSCResource -Syntax for WindowsFeatureSet incorrect

    Get-DscResource for WindowsFeatureSet showing "ensure" parameter as being optional, while it's actually required

    <PRE>

    PS C:\windows\system32> get-dscresource windowsfeatureset -Syntax
    WindowsFeatureSet [String] #ResourceName
    {

    [DependsOn = [String[]]]
    
    Name = [String[]]
    [Ensure = [String]]
    [Source = [String]]
    [IncludeAllSubFeature = [Boolean]]
    [Credential = [PSCredential]]
    [LogPath = [String]]

    }
    </PRE>

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback, Gregory! This certainly is a bug albeit a little different that what you have described. The Ensure property should be optional but it should default to ‘Present’ if it is not provided just like the underlying resource does. I have opened a bug for this.

    MarkG

  12. why can't I use a http-based "Path" in the Archive Resource ?

    When I use the Archive Resource it appeares to be restricted to SMB or UNC Path's.

    I would like to configure a http based sourcepath.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Partial Configurations should support validating ExclusiveResource reservations during publish or pull

    In the current implementation for Partial Configurations, the ExclusiveResources in the configuration fragment can be used to reserve resource modules or resources to a specific fragment. However, this is not validated until runtime. So, if there are two fragments that are using same resource modules and one fragment has those resources exclusively locked, the configuration enact will fail during runtime.

    These exclusive resource reservation checks should be done either at the publish time (push) or before enacting the configuration after a pull is complete.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  14. BUG: Cim instances are not compiled correctly into MOF

    I'm trying to create a function that returns the bindinginfo for a website. This is intended to reduce the complexity of my dsc resource file that will have 20/30 websites with similar bindinginfo based on the node name. Anyway, it seems like the dsc compiler doesn't support cim instances. Doing the same thing with credentials actually works, so I wonder why this is the case for binding infos.

    This is an example to reproduce the problem

    configuration DscTest
    {
    Import-DscResource -ModuleName xWebAdministration;

    Node localhost
    {

    xWebsite TestWebSite
    
    {
    Ensure = &quot;Present&quot;
    Name = &quot;TestWebSite&quot;
    PhysicalPath = &quot;C:\inetpub\test&quot;
    BindingInfo = (Get-TestBindingInformation
    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Zachary Alexander responded

    Can you take a look below and leave a comment to let me know if the workaround is sufficient for your purposes? If so, I will close this item. If not, I will keep it marked as survey.

  15. [Bug] Creating Local Users Fails Test-DSCConfiguration if the Users are Disabled

    I can successfully create a disabled local user account on a non-domain joined server which has a password policy enforced.

    If I try to create the disabled account with out a password, or one in violation of the policy, the configuration fails. This is expected.

    If I create a disabled local user account with a password that meets the requirements, the configuration applies. When I run Test-DSCConfiguration the test fails with:
    PowerShell DSC resource MSFT_UserResource failed to execute Test-TargetResource functionality with error message:
    There could be a possible connection error while trying to use the System.DirectoryServices API's.Exception calling
    "ValidateCredentials" with…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Phil,

    Sounds like a valid bug. Thanks for bringing it to our attention. I have opened a bug in our internal system to track this to resolution.

    MarkG

  16. Change the way ConfigurationNames works to accomodate easy management and software provisioning

    TL&DR - Make ConfigurationNames accept multiple values and Accept changes to the values of ConfigurationNames in a Live manner and not just for the initital regisration of the node.

    Today ConfiguratioNames is used on the initial regsitration of the node. Althugh it can accept an array, it wont work with more then one value and issue errors. That value is basically the name of the mof file on the pull server. This allows for friendly names of mof files while still maintaining uniqness of the nodes for reporting purposes that wasnt available in ps v4 using the same GUID.

    Everytime…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  17. DSC: Should allow Credentials with Blank Passwords, so you can use GMSA accounts

    For some reason DSC errors out with a credential object contains a null password. Unfortunately that is the mechanism use to set group managed service accounts.
    Here is a link to a relevant bug in xWebAdministration: https://github.com/PowerShell/xWebAdministration/issues/80#issuecomment-171364644

    And here is an example of the output your recieve when you attempt to use a managed service account:

    "VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[xWebAppPool]testpool] in 0.0070 seconds.
    The password supplied to the Desired State Configuration resource MSFT_xWebAppPool is not valid. The password cannot be null or empty.

    + CategoryInfo          : InvalidResult: (:) [], CimException
    
    + FullyQualifiedErrorId : InvalidPassword
    + PSComputerName
    119 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback! I have personally heard this request from a number of customers. IMHO having the ability to use GMS accounts would be a quite useful in DSC configurations. If this is an important feature for you as well, vote it up so that we can appropriately prioritize it as we move forward.

    MarkG

  18. Returning information from DSC Resource to another

    I know this has been discussed, just wanted to make sure to have it in UserVoice. It would be great if it was possible to return information from a resources, so that a later resource could use that information for configuration at runtime.

    Example. My configuration apply a new certificate. I would like to write a resource that can get the new certificate thumbprint so that a future resources in the config can use that thumbprint. This is something that Chef allows.

    So, something like a global variable that lives during runtime of the config.

    Thanks for considering!!

    50 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Class based DSC Description Attribute

    Add a description Attribute or extend the DscProperty and DscResource attributes to allow for descriptions that should be surfaced in the generated MOF file.

    Looking at how the MOF file is currently generated using Reflection this should be easy to implement.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow use "*" as PartialConfiguration property value in LCM

    Currently if we want to add another partial configuration, we have to reconfigure LCM on local machine to target new config.

    If LCM could use "*" (asterisk) as PartialConfiguration property value, then LCM reconfuguration wouldn't be necessary every time when new config was added.

    How it could work from my perspective:

    When LCM was reconfigured to pull every configuration (via asterisk as value) then it connect to PullSrv and pull every mof configuration with his own GUID like *.guid.mof.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base