PowerShell

The PowerShell forum accepts bug reports as well as feedback and suggestions. For more information, check out the PowerShell Homepage

The following is a list of the states we use to track items.

status meaning
survey We saw this and we are considering it. Please upvote if it’s important to you.
needs more information We don’t understand the issue and need additional details.
investigating We are looking at this internally to understand things like: scenario, reproduction of issue, costing, or other technical details.
in queue The issue is understood and in our unprioritized backlog. Your votes will be used to drive prioritization of this work.
  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Bring the Azure Automation DSC MOF encryption into the on-premises DSC pull server

    In Azure Automation DSC the whole MOF file gets encrypted without the need to manually issue certificates for every node and then to collect the public keys.

    From Azure documentation:
    "Keeping credentials secure in node configurations (MOF configuration documents) requires encrypting the credentials in the node configuration MOF file. Azure Automation takes this one step further and encrypts the entire MOF file."

    This extremely useful feature sould also be implemented in the on-premises DSC pull server. Especially because the needed functionality must alread be in the WMF 5 as nothing more than WMF 5 is needed to use the Azure…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  2. DSC: Should allow Credentials with Blank Passwords, so you can use GMSA accounts

    For some reason DSC errors out with a credential object contains a null password. Unfortunately that is the mechanism use to set group managed service accounts.
    Here is a link to a relevant bug in xWebAdministration: https://github.com/PowerShell/xWebAdministration/issues/80#issuecomment-171364644

    And here is an example of the output your recieve when you attempt to use a managed service account:

    "VERBOSE: [COMPUTERNAME]: LCM: [ End Test ] [[xWebAppPool]testpool] in 0.0070 seconds.
    The password supplied to the Desired State Configuration resource MSFT_xWebAppPool is not valid. The password cannot be null or empty.

    + CategoryInfo          : InvalidResult: (:) [], CimException
    
    + FullyQualifiedErrorId : InvalidPassword
    + PSComputerName
    114 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback! I have personally heard this request from a number of customers. IMHO having the ability to use GMS accounts would be a quite useful in DSC configurations. If this is an important feature for you as well, vote it up so that we can appropriately prioritize it as we move forward.

    MarkG

  3. OpenSource the Pull Server

    Advances to the current PullServer are, quite frankly, slow and moving in a direction questionable to most MVPs. Microsoft should follow their own lead they took with the DSC modules: opensource it and place it on GitHub so that the community can invest in making a tool that we'd actually like to use.

    Example of features still missing that everyone wants:
    1. certificate management (use self-signed or pki)
    2. web interface for compliance reporting

    Example of features added that are questionable/actually bad ideas:
    1. partial configurations (multiple pull server sources, mofs, and reports all being managed by the node? who…

    96 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Justin,

    We totally understand that a robust Pull server / central management solution is something that is critical to your success with DSC. We have invested quite heavily in Azure Automation DSC (AA DSC) to fill many of these needs. With that said, I would be very interested to understand if the AA DSC solution does not work for you (and other customers) and why? Vote and comment if this is important to you.

    Also interesting feedback on our ‘bad ideas’. Thanks!

    MarkG

  4. Returning information from DSC Resource to another

    I know this has been discussed, just wanted to make sure to have it in UserVoice. It would be great if it was possible to return information from a resources, so that a later resource could use that information for configuration at runtime.

    Example. My configuration apply a new certificate. I would like to write a resource that can get the new certificate thumbprint so that a future resources in the config can use that thumbprint. This is something that Chef allows.

    So, something like a global variable that lives during runtime of the config.

    Thanks for considering!!

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Invoke-DSCResource on WindowsFeatureSet fails

    As subject says. Example is below

    PS C:\Windows\system32> Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storage-Services"; Ensure = "Present" } -Method test -ModuleName PSDesiredStateConfiguration
    Invoke-DscResource : Failed to serialize properties into CimInstance.
    At line:1 char:1
    + Invoke-DscResource -Name WindowsFeatureSet -Property @{Name = "Storag ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Invoke-DscResource], SerializationException
    
    + FullyQualifiedErrorId : System.Runtime.Serialization.SerializationException,Microsoft.PowerShell.DesiredStateConfiguration.C

    ommands.InvokeDscResourceMethodCommand

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback! Based on its current ranking compared to other feedback items and product schedule, work on this item is pending (and will be driven by) further customer input. If you did not open this issue and are also impacted by it, please vote this item up.

    MarkG

  6. Enable service restart and similar scenarios in DSC configurations

    Renamed from "Provide additional resource control methods in DSC" for clarity
    Votes from Connect: 13

    Original Date Submitted: 5/28/2015 12:15:20 AM

    Description:
    Contact Information
    Handle: Ben Gelens
    Site Name: PowerShell
    Feedback ID: 1373894


    Problem Description:
    Scenario:
    A MOF file is compiled for a node serving a website. The service resource is used to declare the W3SVC service to be started and the file resource is used to copy in the web content.
    Next an update is deployed to the website by compiling a new MOF file and for the new content to become active, the W3SVC service needs to be…

    73 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow variable input to be passed to import-dscresource

    To keep configurations and composite resources as modular as possible, we should be able to pass an array of module specifications as a parameter.

    Consider the following:

    [Parameter()]

        [System.Collections.Hashtable[]]
    
    $DscResourcesToImport = @(
    @{ModuleName='xPSDesiredStateConfiguration'; ModuleVersion='3.9.0.0'},
    @{ModuleName='xComputerManagement'; ModuleVersion='1.4.0.0'}
    )
    )

    foreach ($Resource in $DscResourcesToImport)
    {
    $ModuleSpec = @{ModuleName="$Resource.ModuleName"; ModuleVersion="$Resource.ModuleVersion"}
    Import-DscResource -ModuleName $ModuleSpec
    }

    This fails with the error: "Arguments must be constant"

    Thanks for considering this.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  8. allow DSC nodes to download meta configuration

    when wmf4 initially launched, you could place meta.mof files into the pull server along side the default mof and both would be downloaded by the node and applied. This was rather ideal, as it meant I could create standard LCM configurations, and easily update/enforce them.

    For some reason, this seems to no longer work in WMF5.0. This should be returned. Anyone who's had to edit the settings of hundreds (thousands?) of agents should understand it's way easier to tweak one property.

    Real world example: ask anyone who's ever had to reconfigure the the SCCM agent cache. It's a needlessly complex…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Justin,

    Thanks for you feedback! I What types of things do you find yourself needing to manage in the meta-config after initial deployment? This is not to take away from the need for this, I want to better understand how you and other customers are / want to use it.

    Regards,

    MarkG

  9. Generate DSC from existing servers

    For those of us with heavily-configured snowflake servers, it would great if it were possible to generate DSC files from existing builds. This may not be possible in all areas, but perhaps a subset of areas could be supported, with IIS 7.0+ at the top of the list.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  3 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  10. [Bug] Creating Local Users Fails Test-DSCConfiguration if the Users are Disabled

    I can successfully create a disabled local user account on a non-domain joined server which has a password policy enforced.

    If I try to create the disabled account with out a password, or one in violation of the policy, the configuration fails. This is expected.

    If I create a disabled local user account with a password that meets the requirements, the configuration applies. When I run Test-DSCConfiguration the test fails with:
    PowerShell DSC resource MSFT_UserResource failed to execute Test-TargetResource functionality with error message:
    There could be a possible connection error while trying to use the System.DirectoryServices API's.Exception calling
    "ValidateCredentials" with…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Phil,

    Sounds like a valid bug. Thanks for bringing it to our attention. I have opened a bug in our internal system to track this to resolution.

    MarkG

  11. Add enhanced reporting, allowing you to view the status of all nodes instead of one at a time.

    Currently, the DSC reporting server only offers the ability to query a single node at a time. I think for any environment, it would be crucial to get a list of the last reported compliance for all nodes. I'd really like to see this feature added in a future release.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Eric,

    Thanks for the feedback! This is something that we are aware of. We intentionally did not want to do this without having a way to authenticate the requests.

    Have you seen this community project? It should help you get the functionality that you are looking for including authentication:
    https://github.com/claudiospizzi/DSCPullServerWeb

    MarkG

  12. ConfigurationAST should include resource modules being imported

    The ConfigurationAST added in v4 for PowerShell DSC does a good job at providing resource configuration details. However, to determine what modules are being imported, we should still use the keyword AST to find the resource module names from the Import-DSCResource command. While this is a workaround, it will be easier if ConfigurationAST can provide this information for simplicity.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  13. DSC registry resource support '/' in the registry path.

    DSC registry resource support '/' in the registry path.

    If you use a path containing a / e.g. "HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128" then the builtin registry resource you end up with an error or the wrong registry path being created.

    This config will not work. I've have to create my own module to create the folder and then us the registry resource to create the actual key.

        Registry "DisableCipherRC240128"
    
    {
    Key = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128"
    ValueName = "Enabled"
    ValueType = "Dword"
    ValueData = "0"
    Ensure = "Present"
    Force = $true
    }

    The register resource should support / in the path.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Node with large configurations fails to send status report to the Report Server

    Testing out WMF 5.0 and when I tried one of our existing configurations, which has a good amount of resources in it, the following error is logged in the event log after each consistency check:

    Job {%JobID%} :
    Http Client {%AgentID%} failed for WebReportManager for configuration The attempt to send status report to the server https://johntestx02/PSDSCPullServer.svc/Nodes(AgentId={%AgentID%}')/SendReport returned unexpected response code RequestEntityTooLarge..

    I assume this is because of the amount of resources the node is trying to report on back to the report server. Has anyone else run into this? Can the Report Server configuration be adjusted to accept lager amounts…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  3 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  15. There is no step by step documenation in place how to install SQL server using xsqlps module

    There is no step by step documenation in place how to install SQL server using xsqlps module

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add a GET function to DSC Report Server Webservice

    Add a GET method to the DSC webservice so that we can query the database for data other than individual node data which you have to know the Agent ID. If I want to build status dashbaord for all of my DSC nodes I then have to store and manage Agent ID's in another CMDB so I can query the webservice individually for each agent status. We used to have this capability in WMF 4 but it seems this is no longer possible with the reporting changes in WMF 5.

    See https://github.com/PowerShell/xPSDesiredStateConfiguration/issues/98
    and https://github.com/dfinke/ODataExplorer/issues/1

    54 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Mark Gray responded

    Thanks for the feedback, Sebastian! I have changed the status to survey to get a better feel for how important this is for customers in general.

    MarkG

  17. Invoke-DscResource String to Boolean conversion Failure

    Invoking command:

    Invoke-DscResource -Name cDtc -Method Test -Property @{'Name'='Local';'Ensure'='Present';'AuthenticationLevel'='NoAuth';'Status'='Started';'InboundTransactionsEnabled'='True';'OutboundTransactionsEnabled'='True';'RemoteClientAccessEnabled'='True';'RemoteAdministrationAccessEnabled'='False';'XATransactionsEnabled'='True';'LUTransactionsEnabled'='False'} -ModuleName cDtcResource

    Cause PowerShell to fail.

    Convert property 'OutboundTransactionsEnabled' value from type 'STRING' to type 'BOOLEAN' failed
    At line:17, char:2
    Buffer:
    essEnabled = "False";
    };^

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  18. BUG: Cim instances are not compiled correctly into MOF

    I'm trying to create a function that returns the bindinginfo for a website. This is intended to reduce the complexity of my dsc resource file that will have 20/30 websites with similar bindinginfo based on the node name. Anyway, it seems like the dsc compiler doesn't support cim instances. Doing the same thing with credentials actually works, so I wonder why this is the case for binding infos.

    This is an example to reproduce the problem

    configuration DscTest
    {
    Import-DscResource -ModuleName xWebAdministration;

    Node localhost
    {

    xWebsite TestWebSite
    
    {
    Ensure = "Present"
    Name = "TestWebSite"
    PhysicalPath = "C:\inetpub\test"
    BindingInfo = (Get-TestBindingInformation
    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
    survey  ·  Zachary Alexander responded

    Can you take a look below and leave a comment to let me know if the workaround is sufficient for your purposes? If so, I will close this item. If not, I will keep it marked as survey.

  19. Class based DSC Description Attribute

    Add a description Attribute or extend the DscProperty and DscResource attributes to allow for descriptions that should be surfaced in the generated MOF file.

    Looking at how the MOF file is currently generated using Reflection this should be easy to implement.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
  20. Partial Configurations should support validating ExclusiveResource reservations during publish or pull

    In the current implementation for Partial Configurations, the ExclusiveResources in the configuration fragment can be used to reserve resource modules or resources to a specific fragment. However, this is not validated until runtime. So, if there are two fragments that are using same resource modules and one fragment has those resources exclusively locked, the configuration enact will fail during runtime.

    These exclusive resource reservation checks should be done either at the publish time (push) or before enacting the configuration after a pull is complete.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    survey  ·  0 comments  ·  Desired State Configuration (DSC)  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base