DSCResources/DSC_SmbServerConfiguration/DSC_SmbServerConfiguration.psm1

$modulePath = Join-Path -Path (Split-Path -Path (Split-Path -Path $PSScriptRoot -Parent) -Parent) -ChildPath 'Modules'

# Import the ComputerManagementDsc Common Modules
Import-Module -Name (Join-Path -Path $modulePath `
        -ChildPath (Join-Path -Path 'ComputerManagementDsc.Common' `
            -ChildPath 'ComputerManagementDsc.Common.psm1')) -Force

Import-Module -Name (Join-Path -Path $modulePath -ChildPath 'DscResource.Common')

# Import Localization Strings
$script:localizedData = Get-LocalizedData -DefaultUICulture 'en-US'

$resourceData = Import-LocalizedData `
    -BaseDirectory $PSScriptRoot `
    -FileName 'DSC_SmbServerConfiguration.data.psd1'

$script:smbServerSettings = $resourceData.smbServerSettings

<#
    .SYNOPSIS
        Returns the current state of the SMB Server.
 
    .PARAMETER IsSingleInstance
        Specifies the resource is a single instance, the value must be 'Yes'.
#>

function Get-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Collections.Hashtable])]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateSet('Yes')]
        [System.String]
        $IsSingleInstance
    )

    Write-Verbose -Message ($script:localizedData.GetTargetResourceMessage)

    $smbReturn = @{}
    $smbServer = Get-SmbServerConfiguration -ErrorAction 'SilentlyContinue'
    $smbReturn.Add('IsSingleInstance', $IsSingleInstance)

    foreach ($smbServerSetting in $script:smbServerSettings)
    {
        $smbReturn.Add($smbServerSetting, $smbServer.$smbServerSetting)
    }

    return $smbReturn
}

<#
    .SYNOPSIS
        Determines if the SMB Server is in the desired state.
 
    .PARAMETER IsSingleInstance
        Specifies the resource is a single instance, the value must be 'Yes'.
 
    .PARAMETER AnnounceComment
        Specifies the announce comment string.
 
    .PARAMETER AnnounceServer
        Indicates that this server announces itself by using browser announcements.
 
    .PARAMETER AsynchronousCredits
        Specifies the asynchronous credits.
 
    .PARAMETER AuditSmb1Access
        Enables auditing of SMB version 1 protocol in Windows Event Log.
 
    .PARAMETER AutoDisconnectTimeout
        Specifies the auto disconnect time-out.
 
    .PARAMETER AutoShareServer
        Specifies that the default server shares are shared out.
 
    .PARAMETER AutoShareWorkstation
        Specifies whether the default workstation shares are shared out.
 
    .PARAMETER CachedOpenLimit
        Specifies the maximum number of cached open files.
 
    .PARAMETER DurableHandleV2TimeoutInSeconds
        Specifies the durable handle v2 time-out period, in seconds.
 
    .PARAMETER EnableAuthenticateUserSharing
        Specifies whether authenticate user sharing is enabled.
 
    .PARAMETER EnableDownlevelTimewarp
        Specifies whether down-level timewarp support is disabled.
 
    .PARAMETER EnableForcedLogoff
        Specifies whether forced logoff is enabled.
 
    .PARAMETER EnableLeasing
        Specifies whether leasing is disabled.
 
    .PARAMETER EnableMultiChannel
        Specifies whether multi-channel is disabled.
 
    .PARAMETER EnableOplocks
        Specifies whether the opportunistic locks are enabled.
 
    .PARAMETER EnableSMB1Protocol
        Specifies whether the SMB1 protocol is enabled.
 
    .PARAMETER EnableSMB2Protocol
        Specifies whether the SMB2 protocol is enabled.
 
    .PARAMETER EnableSecuritySignature
        Specifies whether the security signature is enabled.
 
    .PARAMETER EnableStrictNameChecking
        Specifies whether the server should perform strict name checking on incoming connects.
 
    .PARAMETER EncryptData
        Specifies whether the sessions established on this server are encrypted.
 
    .PARAMETER IrpStackSize
        Specifies the default IRP stack size.
 
    .PARAMETER KeepAliveTime
        Specifies the keep alive time.
 
    .PARAMETER MaxChannelPerSession
        Specifies the maximum channels per session.
 
    .PARAMETER MaxMpxCount
        Specifies the maximum MPX count for SMB1.
 
    .PARAMETER MaxSessionPerConnection
        Specifies the maximum sessions per connection.
 
    .PARAMETER MaxThreadsPerQueue
        Specifies the maximum threads per queue.
 
    .PARAMETER MaxWorkItems
        Specifies the maximum SMB1 work items.
 
    .PARAMETER NullSessionPipes
        Specifies the null session pipes.
 
    .PARAMETER NullSessionShares
        Specifies the null session shares.
 
    .PARAMETER OplockBreakWait
        Specifies how long the create caller waits for an opportunistic lock break.
 
    .PARAMETER PendingClientTimeoutInSeconds
        Specifies the pending client time-out period, in seconds.
 
    .PARAMETER RejectUnencryptedAccess
        Specifies whether the client that does not support encryption is denied access if it attempts to connect to an encrypted share.
 
    .PARAMETER RequireSecuritySignature
        Specifies whether the security signature is required.
 
    .PARAMETER ServerHidden
        Specifies whether the server announces itself.
 
    .PARAMETER Smb2CreditsMax
        Specifies the maximum SMB2 credits.
 
    .PARAMETER Smb2CreditsMin
        Specifies the minimum SMB2 credits.
 
    .PARAMETER SmbServerNameHardeningLevel
        Specifies the SMB Service name hardening level.
 
    .PARAMETER TreatHostAsStableStorage
        Specifies whether the host is treated as the stable storage.
 
    .PARAMETER ValidateAliasNotCircular
        Specifies whether the aliases that are not circular are validated.
 
    .PARAMETER ValidateShareScope
        Specifies whether the existence of share scopes is checked during share creation.
 
    .PARAMETER ValidateShareScopeNotAliased
        Specifies whether the share scope being aliased is validated.
 
    .PARAMETER ValidateTargetName
        Specifies whether the target name is validated.
#>

function Set-TargetResource
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateSet('Yes')]
        [System.String]
        $IsSingleInstance,

        [Parameter()]
        [System.String]
        $AnnounceComment,

        [Parameter()]
        [System.Boolean]
        $AnnounceServer,

        [Parameter()]
        [System.Uint32]
        $AsynchronousCredits,

        [Parameter()]
        [System.Boolean]
        $AuditSmb1Access,

        [Parameter()]
        [System.Uint32]
        $AutoDisconnectTimeout,

        [Parameter()]
        [System.Boolean]
        $AutoShareServer,

        [Parameter()]
        [System.Boolean]
        $AutoShareWorkstation,

        [Parameter()]
        [System.Uint32]
        $CachedOpenLimit,

        [Parameter()]
        [System.Uint32]
        $DurableHandleV2TimeoutInSeconds,

        [Parameter()]
        [System.Boolean]
        $EnableAuthenticateUserSharing,

        [Parameter()]
        [System.Boolean]
        $EnableDownlevelTimewarp,

        [Parameter()]
        [System.Boolean]
        $EnableForcedLogoff,

        [Parameter()]
        [System.Boolean]
        $EnableLeasing,

        [Parameter()]
        [System.Boolean]
        $EnableMultiChannel,

        [Parameter()]
        [System.Boolean]
        $EnableOplocks,

        [Parameter()]
        [System.Boolean]
        $EnableSMB1Protocol,

        [Parameter()]
        [System.Boolean]
        $EnableSMB2Protocol,

        [Parameter()]
        [System.Boolean]
        $EnableSecuritySignature,

        [Parameter()]
        [System.Boolean]
        $EnableStrictNameChecking,

        [Parameter()]
        [System.Boolean]
        $EncryptData,

        [Parameter()]
        [System.Uint32]
        $IrpStackSize,

        [Parameter()]
        [System.Uint32]
        $KeepAliveTime,

        [Parameter()]
        [System.Uint32]
        $MaxChannelPerSession,

        [Parameter()]
        [System.Uint32]
        $MaxMpxCount,

        [Parameter()]
        [System.Uint32]
        $MaxSessionPerConnection,

        [Parameter()]
        [System.Uint32]
        $MaxThreadsPerQueue,

        [Parameter()]
        [System.Uint32]
        $MaxWorkItems,

        [Parameter()]
        [System.String]
        $NullSessionPipes,

        [Parameter()]
        [System.String]
        $NullSessionShares,

        [Parameter()]
        [System.Uint32]
        $OplockBreakWait,

        [Parameter()]
        [System.Uint32]
        $PendingClientTimeoutInSeconds,

        [Parameter()]
        [System.Boolean]
        $RejectUnencryptedAccess,

        [Parameter()]
        [System.Boolean]
        $RequireSecuritySignature,

        [Parameter()]
        [System.Boolean]
        $ServerHidden,

        [Parameter()]
        [System.Uint32]
        $Smb2CreditsMax,

        [Parameter()]
        [System.Uint32]
        $Smb2CreditsMin,

        [Parameter()]
        [System.Uint32]
        $SmbServerNameHardeningLevel,

        [Parameter()]
        [System.Boolean]
        $TreatHostAsStableStorage,

        [Parameter()]
        [System.Boolean]
        $ValidateAliasNotCircular,

        [Parameter()]
        [System.Boolean]
        $ValidateShareScope,

        [Parameter()]
        [System.Boolean]
        $ValidateShareScopeNotAliased,

        [Parameter()]
        [System.Boolean]
        $ValidateTargetName
    )

    $null = $PSBoundParameters.Remove('IsSingleInstance')
    $null = $PSBoundParameters.Add('Confirm', $false)

    Write-Verbose -Message ($script:localizedData.UpdatingProperties)

    Set-SmbServerConfiguration @PSBoundParameters
}

<#
    .SYNOPSIS
        Determines if the SMB Server is in the desired state.
 
    .PARAMETER IsSingleInstance
        Specifies the resource is a single instance, the value must be 'Yes'.
 
    .PARAMETER AnnounceComment
        Specifies the announce comment string.
 
    .PARAMETER AnnounceServer
        Indicates that this server announces itself by using browser announcements.
 
    .PARAMETER AsynchronousCredits
        Specifies the asynchronous credits.
 
    .PARAMETER AuditSmb1Access
        Enables auditing of SMB version 1 protocol in Windows Event Log.
 
    .PARAMETER AutoDisconnectTimeout
        Specifies the auto disconnect time-out.
 
    .PARAMETER AutoShareServer
        Specifies that the default server shares are shared out.
 
    .PARAMETER AutoShareWorkstation
        Specifies whether the default workstation shares are shared out.
 
    .PARAMETER CachedOpenLimit
        Specifies the maximum number of cached open files.
 
    .PARAMETER DurableHandleV2TimeoutInSeconds
        Specifies the durable handle v2 time-out period, in seconds.
 
    .PARAMETER EnableAuthenticateUserSharing
        Specifies whether authenticate user sharing is enabled.
 
    .PARAMETER EnableDownlevelTimewarp
        Specifies whether down-level timewarp support is disabled.
 
    .PARAMETER EnableForcedLogoff
        Specifies whether forced logoff is enabled.
 
    .PARAMETER EnableLeasing
        Specifies whether leasing is disabled.
 
    .PARAMETER EnableMultiChannel
        Specifies whether multi-channel is disabled.
 
    .PARAMETER EnableOplocks
        Specifies whether the opportunistic locks are enabled.
 
    .PARAMETER EnableSMB1Protocol
        Specifies whether the SMB1 protocol is enabled.
 
    .PARAMETER EnableSMB2Protocol
        Specifies whether the SMB2 protocol is enabled.
 
    .PARAMETER EnableSecuritySignature
        Specifies whether the security signature is enabled.
 
    .PARAMETER EnableStrictNameChecking
        Specifies whether the server should perform strict name checking on incoming connects.
 
    .PARAMETER EncryptData
        Specifies whether the sessions established on this server are encrypted.
 
    .PARAMETER IrpStackSize
        Specifies the default IRP stack size.
 
    .PARAMETER KeepAliveTime
        Specifies the keep alive time.
 
    .PARAMETER MaxChannelPerSession
        Specifies the maximum channels per session.
 
    .PARAMETER MaxMpxCount
        Specifies the maximum MPX count for SMB1.
 
    .PARAMETER MaxSessionPerConnection
        Specifies the maximum sessions per connection.
 
    .PARAMETER MaxThreadsPerQueue
        Specifies the maximum threads per queue.
 
    .PARAMETER MaxWorkItems
        Specifies the maximum SMB1 work items.
 
    .PARAMETER NullSessionPipes
        Specifies the null session pipes.
 
    .PARAMETER NullSessionShares
        Specifies the null session shares.
 
    .PARAMETER OplockBreakWait
        Specifies how long the create caller waits for an opportunistic lock break.
 
    .PARAMETER PendingClientTimeoutInSeconds
        Specifies the pending client time-out period, in seconds.
 
    .PARAMETER RejectUnencryptedAccess
        Specifies whether the client that does not support encryption is denied access if it attempts to connect to an encrypted share.
 
    .PARAMETER RequireSecuritySignature
        Specifies whether the security signature is required.
 
    .PARAMETER ServerHidden
        Specifies whether the server announces itself.
 
    .PARAMETER Smb2CreditsMax
        Specifies the maximum SMB2 credits.
 
    .PARAMETER Smb2CreditsMin
        Specifies the minimum SMB2 credits.
 
    .PARAMETER SmbServerNameHardeningLevel
        Specifies the SMB Service name hardening level.
 
    .PARAMETER TreatHostAsStableStorage
        Specifies whether the host is treated as the stable storage.
 
    .PARAMETER ValidateAliasNotCircular
        Specifies whether the aliases that are not circular are validated.
 
    .PARAMETER ValidateShareScope
        Specifies whether the existence of share scopes is checked during share creation.
 
    .PARAMETER ValidateShareScopeNotAliased
        Specifies whether the share scope being aliased is validated.
 
    .PARAMETER ValidateTargetName
        Specifies whether the target name is validated.
#>

function Test-TargetResource
{
    [CmdletBinding()]
    [OutputType([System.Boolean])]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateSet('Yes')]
        [System.String]
        $IsSingleInstance,

        [Parameter()]
        [System.String]
        $AnnounceComment,

        [Parameter()]
        [System.Boolean]
        $AnnounceServer,

        [Parameter()]
        [System.Uint32]
        $AsynchronousCredits,

        [Parameter()]
        [System.Boolean]
        $AuditSmb1Access,

        [Parameter()]
        [System.Uint32]
        $AutoDisconnectTimeout,

        [Parameter()]
        [System.Boolean]
        $AutoShareServer,

        [Parameter()]
        [System.Boolean]
        $AutoShareWorkstation,

        [Parameter()]
        [System.Uint32]
        $CachedOpenLimit,

        [Parameter()]
        [System.Uint32]
        $DurableHandleV2TimeoutInSeconds,

        [Parameter()]
        [System.Boolean]
        $EnableAuthenticateUserSharing,

        [Parameter()]
        [System.Boolean]
        $EnableDownlevelTimewarp,

        [Parameter()]
        [System.Boolean]
        $EnableForcedLogoff,

        [Parameter()]
        [System.Boolean]
        $EnableLeasing,

        [Parameter()]
        [System.Boolean]
        $EnableMultiChannel,

        [Parameter()]
        [System.Boolean]
        $EnableOplocks,

        [Parameter()]
        [System.Boolean]
        $EnableSMB1Protocol,

        [Parameter()]
        [System.Boolean]
        $EnableSMB2Protocol,

        [Parameter()]
        [System.Boolean]
        $EnableSecuritySignature,

        [Parameter()]
        [System.Boolean]
        $EnableStrictNameChecking,

        [Parameter()]
        [System.Boolean]
        $EncryptData,

        [Parameter()]
        [System.Uint32]
        $IrpStackSize,

        [Parameter()]
        [System.Uint32]
        $KeepAliveTime,

        [Parameter()]
        [System.Uint32]
        $MaxChannelPerSession,

        [Parameter()]
        [System.Uint32]
        $MaxMpxCount,

        [Parameter()]
        [System.Uint32]
        $MaxSessionPerConnection,

        [Parameter()]
        [System.Uint32]
        $MaxThreadsPerQueue,

        [Parameter()]
        [System.Uint32]
        $MaxWorkItems,

        [Parameter()]
        [System.String]
        $NullSessionPipes,

        [Parameter()]
        [System.String]
        $NullSessionShares,

        [Parameter()]
        [System.Uint32]
        $OplockBreakWait,

        [Parameter()]
        [System.Uint32]
        $PendingClientTimeoutInSeconds,

        [Parameter()]
        [System.Boolean]
        $RejectUnencryptedAccess,

        [Parameter()]
        [System.Boolean]
        $RequireSecuritySignature,

        [Parameter()]
        [System.Boolean]
        $ServerHidden,

        [Parameter()]
        [System.Uint32]
        $Smb2CreditsMax,

        [Parameter()]
        [System.Uint32]
        $Smb2CreditsMin,

        [Parameter()]
        [System.Uint32]
        $SmbServerNameHardeningLevel,

        [Parameter()]
        [System.Boolean]
        $TreatHostAsStableStorage,

        [Parameter()]
        [System.Boolean]
        $ValidateAliasNotCircular,

        [Parameter()]
        [System.Boolean]
        $ValidateShareScope,

        [Parameter()]
        [System.Boolean]
        $ValidateShareScopeNotAliased,

        [Parameter()]
        [System.Boolean]
        $ValidateTargetName
    )

    Write-Verbose -Message ($script:localizedData.TestTargetResourceMessage)

    $resourceCompliant = $true

    $currentSmbServerConfiguration = Get-TargetResource -IsSingleInstance Yes

    foreach ($smbParameter in $script:smbServerSettings)
    {
        if ($PSBoundParameters.ContainsKey($smbParameter))
        {
            Write-Verbose -Message ($script:localizedData.EvaluatingProperties `
                -f $smbParameter, $currentSmbServerConfiguration.$smbParameter, $PSBoundParameters.$smbParameter)

            if ($PSBoundParameters.$smbParameter -ne $currentSmbServerConfiguration.$smbParameter)
            {
                $resourceCompliant = $false
            }
        }
    }

    return $resourceCompliant
}