Friday, May 23, 2014

Configure the Service to run under different account name in , Windows PowerShell Desired State Configuration Service Resource.


1.  Introduction of Windows PowerShell “Desired State Configuration”.

2.  Installing Windows PowerShell 4.0 [Windows Management Framework 4.0].

3.  Getting Started With Desired State Configuration: DSC Syntax.

4.  Review of Desired State Configuration: The 3 easy steps.

5.  Write your First Desired State Configuration Script using ROLE Resource.

6.  Run your first "DSC" PowerShell Script.

7.Configuring Dependencies in "Desired State Configuration" script in PowerShell.

8.PowerShell and DSC : Using File Resource

9.Using Registry Resource

10. Using Archive Resource.

11. Using Group Resource.

12. Using User Resource

13. Using Service Resource.


i-alphabet-kids-coloring-pictures-printablen my previous blog post, I had wrote about , "How to use Service Resource" in "Desired State Configuration".

Sometimes, we have to run some "Windows Services" under a specific user account, the user account  can be a domain account or can be a local user account.

Using "Desired State Configuration" "Service Resource" , In our configuration script we can also set and configure services to use other user accounts rather then using the default one.

Today, I am not going in to much details about the "Service Resource", as we had already done the same in the our previous blog post.

Let' start.

In the below screenshot, you can see that, the status of the "Virtual Disk" service is "Stopped", and the "Startup Type" mode is set to "Manual" and the  service is running under the "Local System Account".

23-05-2014 15-29-58

Below is the "Desired State Configuration" script, which we are going to use in this demonstration. 

The most important lines in the below code are:

  1. The $ConfigData variable,
    1. In this variable, we are setting the configuration data for the destination Server, to allow us the use of the plain text passwords.{kindly check the User Resource blog post about the errors you may encounter}.
  2. The PSCredential object. This is the username and password on the account , under which we want our service to run.
    1. We are creating a PSCredential Object by using two things., the password and the username.
    2. In $secPassword, we are converting the plain text password to Secure String
    3. In $myCreads, we are creating a PSCredential object using the domain username and password ($secPassword).
  3. Set the Credential parameter value to the PSCredential Object which we just have created.



   1:  $ConfigData = @{
   2:      AllNodes = @(
   3:          @{
   4:              NodeName="Posh-Demo";
   5:              PSDscAllowPlainTextPassword = $true
   6:           }
   8:  )}
  10:  Configuration settingServices
  11:  {
  12:      $secpasswd = ConvertTo-SecureString "Passw0rd" -AsPlainText -Force
  13:      $mycreds = New-Object System.Management.Automation.PSCredential ("domain\YOURaCCOUNT", $secpasswd)
  15:      Node 'Posh-Demo'
  16:      {
  17:          Service virtualDiskService
  18:          {
  19:              Name = 'vds'
  20:              State = 'Running'
  21:              StartupType = 'Automatic'
  22:              Credential = $mycreds
  24:          }
  25:      }
  26:  }
  28:  settingServices -ConfigurationData $ConfigData

In my script, the name of the .PS1 script is "DSC_ServiceResourceDemo_cred.ps1". The name of the DSC configuration is "settingService" . In $ConfigData variable we are configuring our destination server to allow the use of plain text password.


23-05-2014 15-30-27

When you run the DSC configuration, please remember to add the -ConfigurationData parameter and the $confiData as the arugument.

Run the script, settingServices -ConfigurationData $ConfigData

and it will export and create the MOF File.

23-05-2014 15-31-10

Now, use the Start-DscConfiguration to start pushing the MOF file to the Posh-Demo server.

Start-DscConfiguration -Path .\settingServices -Wait -Verbose


You  can see in the below screenshot, that we have run the above command and it has been completed successfully.

23-05-2014 15-32-25

It's time to verify the settings.

You, can see in the below screenshot, that the 'Virtual Disk' service is running now, and the start-up mode is set to automatic, and the Logon ON AS account is set to our domain account.

Rather then running under the Local System or Network Account, this service is running under our domain account now.


23-05-2014 15-41-02

We are almost near the completion of the"Desired State Configuration" tutorial series. In June hopefully I may start a new tutorial series.

That's all for today , Have fun, and have a nice weekend.




Aman Dhally

If you like, you can follow me on Twitter and Facebook. You can also check my “You Tube channel for PowerShell video tutorials. You can download all of my scripts from “Microsoft TechNet Gallery”.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.