DSCEA 1.2.0.0 has been released – Introducing exciting new updates to Start-DSCEAscan

***This post was written by Ralph Kyttle, PFE, and back linked to the original post. The original post can be found at: https://blogs.technet.microsoft.com/ralphkyttle/2017/04/05/dscea-1-2-0-0-has-been-released-introducing-exciting-new-updates-to-start-dsceascan/

For more information on DSCEA, please review the original post on the topic located at https://blogs.technet.microsoft.com/ralphkyttle/2017/03/21/introducing-dscea/ or https://blogs.technet.microsoft.com/askpfeplat/2017/04/04/introducing-dscea/

DSCEA 1.2.0.0 has been released!!!

Just as a recap on DSCEA:

DSC Environment Analyzer (DSCEA), is an open source PowerShell module that uses the declarative nature of Desired State Configuration to scan systems in an environment against a defined reference MOF file and generate compliance reports as to whether systems match the desired configuration.

DSCEA includes a customizable reporting engine that can provide reports on overall compliance and details on any DSC resource found to be non-compliant.  DSCEA utilizes the DSC processing engine and DSC resources to audit and report on the existing configuration of machines in an environment.

By using PowerShell Desired State Configuration at its core, DSCEA obtains some unique advantages. Most notably, by defining the desired configuration state using DSC, an admin can benefit from using the same work to both scan for compliance and then correct items that were found to be non-compliant. Building an audit file in DSC can help ease remediations, and in some cases it can be as simple as applying the same MOF file that was used to scan an environment onto systems to correct drift and bring things into the desired state.

DSCEA is hosted at https://github.com/Microsoft/DSCEA and can be downloaded from the PowerShell Gallery.

Details on this release are listed below:

  • Introduced exciting new updates to Start-DSCEAscan
    • Automatic copying of any custom resources needed for a scan from the management system to the remote endpoints being scanned
    • Added a new Path parameter, which allows Start-DSCEAscan to take in a folder path containing machine specific MOF files to allow for a scan of those systems against unique per system settings
  • Added additional config examples
    • Config that uses non built-in DSC resources
    • Config that showcases using the DSC script resource
      • Thank you to Patrick Mercier for your contributions and feedback on this!
  • Bug fixes
    • Fixed issue where errors were thrown when running Import-Module DSCEA
    • Fixed quote character issue when running Get-Help Start-DSCEAscan
  • Documentation updates
    • Clarified instructions on Report Generation with Power BI page
    • Clarified instructions on PowerShell Gallery – Offline Install page
    • Added page – Convert DSCEA scan result to CSV
    • Added page – DSCEA Functions Reference

Real world examples of how DSCEA can be used include

  • Verifying a single setting, for example if a registry key is set appropriately across your entire environment
  • Auditing your systems to ensure that they meet the base level system configuration settings that are required to be a part of your environment
  • Scanning the systems in your environment against all of the items that make up your organization’s security baseline
  • Verifying that settings configured via Group Policy are being applied correctly to the systems in your environment
  • Verifying settings configured on Windows Server 2016 Nano servers (which do not support Group Policy)

Links

https://www.powershellgallery.com/packages/DSCEA
https://github.com/Microsoft/DSCEA
https://microsoft.github.io/DSCEA