Config/LAPS.Nano.DSC.Config.ps1

Param
(
    [Parameter(Mandatory=$false)]
    [string]$AdminAccountName,          #specify if you want to manage custom account
    
    [Parameter(Mandatory=$false)]
    [Boolean]$Enabled=$true,            #solution 'Master Switch'
    
    [Parameter(Mandatory=$false)]
    [UInt32]$PasswordLength=14,         #chars in password
    
    [Parameter(Mandatory=$false)]
    [UInt32]$PasswordComplexity=3,      #0=Large, 1=LargeSmall ,2=LargeSmallNum, 3=LargeSmallNumSpec
    
    [Parameter(Mandatory=$false)]
    [UInt32]$PasswordAge=30,            #max password age in days
    
    [Parameter(Mandatory=$false)]
    [UInt32]$ManagementInterval=1200,   #seconds (20 mins)
    
    [Parameter(Mandatory=$false)]
    [bool]$ExpirationProtectionEnabled=$true,   #whether or not to allow password expiration behind the policy. $true=No, $false=Yes
    
    [Parameter(Mandatory=$false)]
    [UInt32]$LogLevel=0                 #0=Error, 1=ErrorsWarnings, 2=All

)

$ConfigData = @{
   AllNodes = @(
      @{ NodeName = "*" }
        )
}

Configuration LAPS_Nano_Config {
   Param (
 
      [Parameter()]
      [ValidateSet("Present","Absent")]
      [String]$Ensure = "Present"
   )
 
    $Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd'

    Import-DscResource -ModuleName 'PSDesiredStateConfiguration'
 
       if($AdminAccountName -ne $null)
    {
        Registry AdminAccountName
        {
            Ensure = $Ensure
            Key = $Key
            ValueName = 'AdminAccountName'
            ValueType = 'String'
            ValueData = $AdminAccountName
        }
    }
    else
    {
        Registry AdminAccountName
        {
            Ensure = "Absent"
            Key = $Key
            ValueName = 'AdminAccountName'
            ValueType = 'String'
        }
    }
 
   Registry Enabled
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'AdmPwdEnabled'
      ValueType = 'DWord'
      ValueData = ($Enabled -as [Int32])
   }
 
   Registry ExpirationProtectionEnabled
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'PwdExpirationProtectionEnabled'
      ValueType = 'DWord'
      ValueData = ($ExpirationProtectionEnabled -as [Int32])
   }

   Registry PasswordLength
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'PasswordLength'
      ValueType = 'DWord'
      ValueData = $PasswordLength
   }
 
   Registry PasswordComplexity
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'PasswordComplexity'
      ValueType = 'DWord'
      ValueData = $PasswordComplexity
   }
   
   Registry PasswordAge
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'PasswordAgeDays'
       ValueType = 'DWord'
      ValueData = $PasswordAge
   }
   
   Registry ManagementInterval
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'PwdManagementInterval'
       ValueType = 'DWord'
      ValueData = $ManagementInterval
   }
   
   Registry LogLevel
   {
      Ensure = $Ensure
      Key = $Key
      ValueName = 'LogLevel'
      ValueType = 'DWord'
      ValueData = $LogLevel
   }
}

LAPS_Nano_Config -ConfigurationData $ConfigData -Ensure Present