JeaDsc/source/Examples/General Server Maintenance Demo Config.ps1 at master · AutomatedLab/JeaDsc · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
Configuration GeneralServerMaintenance
{
    Import-DscResource -Module JeaDsc

    File StartupScript
    {
        DestinationPath = 'C:\ProgramData\DnsManagementEndpoint\Startup.ps1'
        Contents        = @'
Write-Host 'General Server Maintenance Endpoint' -ForegroundColor Green
'@
        Ensure          = 'Present'
        Type            = 'File'
        Force           = $true
    }

    JeaRoleCapabilities GenleralLevel1
    {
        Path                    = 'C:\Program Files\WindowsPowerShell\Modules\GeneralServerMaintenance\RoleCapabilities\GeneralLevel1.psrc'
        Description             = 'This role capability exposes basic networking, security, and configuration settings for the local server.'
        VisibleCmdlets          = 'Get-WindowsFeature',
                                  'Get-HotFix',
                                  'Defender\*',
                                  'NetAdapter\*',
                                  'NetConnection\*',
                                  'NetSecurity\Get-*',
                                  'NetTCPIP\*',
                                  'Clear-DnsClientCache',
                                  'Set-DnsClientServerAddress',
                                  'Resolve-DnsName',
                                  'Get-Service',
                                  'Restart-Service',
                                  'Get-Process',
                                  'Stop-Process',
                                  'Get-SystemInfo',
                                  'Restart-Computer',
                                  'Test-Connection',
                                  'Microsoft.PowerShell.LocalAccounts\Get-*'
        VisibleExternalCommands = 'C:\Windows\System32\gpupdate.exe', 'C:\Windows\System32\gpresult.exe'
    }

    JeaRoleCapabilities GeneralLevel2
    {
        Path                    = 'C:\Program Files\WindowsPowerShell\Modules\GeneralServerMaintenance\RoleCapabilities\GeneralLevel2.psrc'
        Description             = 'This role capability exposes advanced networking, security, and configuration settings for the local server.'
        VisibleCmdlets          = 'ServerManager\*',
                                  'Get-WinEvent',
                                  '*-EventLog',
                                  'Get-HotFix',
                                  'Defender\*',
                                  'NetAdapter\*',
                                  'NetConnection\*',
                                  'NetSecurity\*',
                                  'NetTCPIP\*',
                                  'DnsClient\*',
                                  'Get-Service',
                                  'Restart-Service',
                                  'Resume-Service',
                                  'Set-Service',
                                  'Start-Service',
                                  'Stop-Service',
                                  'Suspend-Service',
                                  'Get-Process',
                                  'Stop-Process',
                                  'Get-SystemInfo',
                                  'Restart-Computer',
                                  'Stop-Computer',
                                  'Test-Connection',
                                  'Microsoft.PowerShell.LocalAccounts\Get-*'
        VisibleExternalCommands = 'C:\Windows\System32\gpupdate.exe', 'C:\Windows\System32\gpresult.exe'
    }

    JeaRoleCapabilities IisLevel1
    {
        Path           = 'C:\Program Files\WindowsPowerShell\Modules\GeneralServerMaintenance\RoleCapabilities\IisLevel1.psrc'
        Description    = 'This role capability enables management of a local IIS server.'
        VisibleCmdlets = 'WebAdministration\Get-*',
                         'Start-WebAppPool',
                         'Restart-WebAppPool',
                         'Stop-Website',
                         'Start-Website',
                         'Get-IISSite',
                         'Start-IISSite',
                         'Stop-IISSite',
                         'Get-IISAppPool'
    }

    JeaRoleCapabilities IisLevel2
    {
        Path           = 'C:\Program Files\WindowsPowerShell\Modules\GeneralServerMaintenance\RoleCapabilities\IisLevel2.psrc'
        Description    = 'This role capability enables management of a local IIS server and firewall rules.'
        VisibleCmdlets = 'WebAdministration\Clear-WebConfiguration',
                         'WebAdministration\ConvertTo-WebApplication',
                         'WebAdministration\Get-*',
                         'WebAdministration\New-WebBinding',
                         'WebAdministration\Remove-WebApplication',
                         'WebAdministration\Remove-WebAppPool',
                         'WebAdministration\Remove-WebBinding',
                         'WebAdministration\Remove-Website',
                         'WebAdministration\Remove-WebVirtualDirectory',
                         'WebAdministration\Restart-WebApppool',
                         'WebAdministration\Set-WebBinding',
                         'WebAdministration\Start-WebAppPool',
                         'WebAdministration\Start-Website',
                         'WebAdministration\Stop-WebAppPool',
                         'WebAdministration\Stop-Website',
                         'IISAdministration\Get-IISAppPool',
                         'IISAdministration\Remove-IISSite',
                         'IISAdministration\Start-IISSite',
                         'IISAdministration\Stop-IISSite',
                         'NetSecurity\*'
    }

    JeaSessionConfiguration GeneralServerMaintenanceEndpoint
    {
        Name                = 'GeneralServerMaintenance'
        TranscriptDirectory = 'C:\ProgramData\GeneralServerMaintenance\Transcripts'
        ScriptsToProcess    = 'C:\ProgramData\GeneralServerMaintenance\Startup.ps1'
        DependsOn           = '[JeaRoleCapabilities]GenleralLevel1', '[JeaRoleCapabilities]GenleralLevel2', '[JeaRoleCapabilities]IisLevel1', '[JeaRoleCapabilities]IisLevel2'
        SessionType         = 'RestrictedRemoteServer'
        RunAsVirtualAccount = $true
        RoleDefinitions     = "@{
            'Contoso\Chile'      = @{ RoleCapabilities = 'GeneralLevel1' }
            'Contoso\Peru'       = @{ RoleCapabilities = 'GeneralLevel1', 'GeneralLevel2' }
            'Contoso\Venezuela'  = @{ RoleCapabilities = 'IisLevel1' }
            'Contoso\Uruguay'    = @{ RoleCapabilities = 'IisLevel1', 'IisLevel2' }
        }"
    }

}

Remove-Item -Path C:\DscTest\* -ErrorAction SilentlyContinue
GeneralServerMaintenance -OutputPath C:\DscTest -Verbose

Start-DscConfiguration -Path C:\DscTest -Wait -Verbose -Force