Skip to content

Applying and Monitoring Configurations

Desired State Configuration (DSC) is not only about defining the desired state of a system. Its real power emerges when configurations are applied, enforced, and monitored over time. In large environments, systems must remain consistent even as administrators make changes, software updates occur, or configuration drift appears. DSC provides a structured, predictable mechanism to apply configurations and continuously verify that systems remain compliant.

This section explains how configurations are applied to target nodes, how the Local Configuration Manager (LCM) enforces them, and how administrators can monitor compliance.

1. Applying a DSC Configuration

Once a configuration has been written and compiled into a MOF file, it must be applied to the target node. The application process is handled by the Local Configuration Manager (LCM), which reads the MOF file and ensures the system matches the declared state.

1.1 Compiling the configuration

A configuration script produces MOF files when executed:

WebServerConfig

This generates a folder containing one MOF file per node, such as:

.\WebServerConfig\Server01.mof

The MOF file is the actual document that DSC uses to enforce configuration.

1.2 Applying the configuration to a node

To apply the configuration:

Start-DscConfiguration -Path .\WebServerConfig -Wait -Verbose

Explanation:

  • Path specifies the folder containing the MOF file.
  • Wait keeps the console open until the configuration is applied.
  • Verbose displays detailed progress information.

The LCM reads the MOF file and performs the necessary actions to bring the system into compliance.

2. How the Local Configuration Manager (LCM) Enforces State

The LCM is the engine that runs on every DSC‑managed node. It is responsible for:

  • Applying configurations
  • Checking for drift
  • Correcting drift
  • Reporting compliance

The LCM operates according to its own configuration, which defines how often it checks for drift and whether it should automatically correct deviations.

2.1 LCM modes

The LCM supports several modes:

Mode Behavior
ApplyOnly Applies the configuration once; no monitoring or correction
ApplyAndMonitor Applies the configuration and reports drift but does not correct it
ApplyAndAutoCorrect Applies the configuration and automatically corrects drift

For large environments, ApplyAndAutoCorrect is the most common, as it ensures continuous compliance.

3. Monitoring Configuration Status

DSC provides built‑in cmdlets to check the status of applied configurations and detect drift.

3.1 Checking the current configuration

Get-DscConfiguration

This displays the configuration currently enforced on the node.

3.2 Checking the last configuration run

Get-DscConfigurationStatus

This shows:

  • Whether the last run succeeded
  • What changes were made
  • Any errors encountered
  • The time of the last consistency check

This is essential for troubleshooting.

3.3 Viewing the LCM settings

Get-DscLocalConfigurationManager

This reveals:

  • The LCM mode
  • The refresh frequency
  • The configuration source
  • Whether automatic correction is enabled

Understanding LCM settings is crucial for predicting how DSC behaves on each node.

4. Detecting and Correcting Configuration Drift

Configuration drift occurs when a system deviates from its declared state.

Examples include:

  • A service being stopped
  • A feature being uninstalled
  • A file being modified or deleted

The LCM periodically checks for drift based on its refresh interval.

4.1 Manual drift correction

You can force DSC to reapply the configuration:

Start-DscConfiguration -UseExisting -Wait -Verbose

This instructs the LCM to re‑enforce the current MOF file.

4.2 Automatic drift correction

If the LCM is set to ApplyAndAutoCorrect, it will:

  • Detect drift
  • Automatically reapply the configuration
  • Restore compliance without administrator intervention

This is one of DSC’s most powerful features.

5. Logging and Reporting

DSC writes detailed logs that administrators can use for auditing and troubleshooting.

5.1 Viewing DSC logs

DSC logs are stored in the Windows Event Log under:

Applications and Services Logs → Microsoft → Windows → Desired State Configuration

These logs include:

  • Resource operations
  • Errors
  • Drift detection events
  • LCM activity

Event logs are essential for diagnosing configuration failures.

5.2 Integration with monitoring systems

DSC can integrate with:

  • Azure Automation State Configuration
  • System Center
  • SIEM platforms
  • Custom dashboards

These tools provide centralized visibility into configuration compliance across many nodes.

6. Summary

Applying and monitoring configurations is the operational heart of DSC. The process involves:

  • Compiling configurations into MOF files
  • Applying them using Start-DscConfiguration
  • Relying on the LCM to enforce and maintain compliance
  • Monitoring configuration status and drift
  • Using logs and reporting tools for visibility

This model ensures that systems remain consistent, predictable, and aligned with organizational standards, even in large and dynamic environments.

© TutoriaLibre. All rights reserved.

Submit feedback / Report issue

Privacy Policy

Terms of Use