DSCResources/DSC_xDSCWebService/en-US/about_xDSCWebService.help.txt

.NAME
    xDSCWebService
 
.DESCRIPTION
    This resource is used to configure a DSC Pull Server on a Windows Server with
    IIS.
 
    ## Notes
 
    Configuring a Windows Firewall rule (exception) for a DSC Pull Server instance
    by using the xDscWebService resource is considered deprecated and thus will
    be removed in the future.
 
    DSC will issue a warning when the ConfigureFirewall property is set to
    true. Currently the default value is true to maintain backwards
    compatibility with existing configurations. At a later time the default value
    will be set to false and in the last step the support to create a
    firewall rule using xDscWebService will be removed.
 
    All users are requested to adjust existing configurations so that the
    ConfigureFirewall is set to false and a required Windows Firewall rule
    is created by using the Firewall resource from the
    https://github.com/dsccommunity/NetworkingDsc module.
 
    ## Creating a custom Application Pool
 
    If the ApplicationPoolName parameter is specified the default pool name of 'PSWS'
    will not be used. In this case a new pool will need to be created. Preferably
    the new application pool is created by using the _xWebAppPool_ resource from the
    https://github.com/dsccommunity/xWebAdministration DSC module.
 
    ## Using Security Best Practices
 
    Setting the UseSecurityBestPractices parameter to $true will reset registry
    values under HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL.
    This environment change enforces the use of stronger encryption cypher and may
    affect legacy applications. More information can be found at
    https://support.microsoft.com/en-us/kb/245030 and
    https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx.
 
.PARAMETER EndpointName
    Key - String
    Prefix of the WCF SVC file.
 
.PARAMETER AcceptSelfSignedCertificates
    Write - Boolean
    Specifies is self-signed certs will be accepted for client authentication.
 
.PARAMETER ApplicationPoolName
    Write - String
    The IIS Application Pool to use for the Pull Server. If not specified a pool with name 'PSWS' will be created.
 
.PARAMETER CertificateSubject
    Write - String
    The subject of the Certificate in CERT:\LocalMachine\MY\ for Pull Server.
 
.PARAMETER CertificateTemplateName
    Write - String
    The certificate Template Name of the Certificate in CERT:\LocalMachine\MY\ for Pull Server.
 
.PARAMETER CertificateThumbPrint
    Write - String
    The thumbprint of the Certificate in CERT:\LocalMachine\MY\ for Pull Server.
 
.PARAMETER ConfigurationPath
    Write - String
    The location on the disk where the Configuration is stored.
 
.PARAMETER ConfigureFirewall
    Write - Boolean
    Enable incoming firewall exceptions for the configured DSC Pull Server port. Defaults to true.
 
.PARAMETER DatabasePath
    Write - String
    The location on the disk where the database is stored.
 
.PARAMETER DisableSecurityBestPractices
    Write - StringArray
    Allowed values: SecureTLSProtocols
    A list of exceptions to the security best practices to apply.
 
.PARAMETER Enable32BitAppOnWin64
    Write - Boolean
    Enable the DSC Pull Server to run in a 32-bit process on a 64-bit operating system.
 
.PARAMETER Ensure
    Write - String
    Allowed values: Present, Absent
    Specifies if the DSC Web Service should be installed.
 
.PARAMETER ModulePath
    Write - String
    The location on the disk where the Modules are stored.
 
.PARAMETER PhysicalPath
    Write - String
    The physical path for the IIS Endpoint on the machine (usually under inetpub).
 
.PARAMETER Port
    Write - UInt32
    The port number of the DSC Pull Server IIS Endpoint.
 
.PARAMETER RegistrationKeyPath
    Write - String
    The location on the disk where the RegistrationKeys file is stored.
 
.PARAMETER SqlConnectionString
    Write - String
    The connection string to use to connect to the SQL server backend database. Required if SqlProvider is true.
 
.PARAMETER SqlProvider
    Write - Boolean
    Enable DSC Pull Server to use SQL server as the backend database.
 
.PARAMETER State
    Write - String
    Allowed values: Started, Stopped
    Specifies the state of the DSC Web Service.
 
.PARAMETER UseSecurityBestPractices
    Required - Boolean
    This property will ensure that the Pull Server is created with the most secure practices.
 
.PARAMETER DSCServerUrl
    Read - String
    The URL of the DSC Pull Server.
 
.EXAMPLE 1
 
 
#Requires -Module xPSDesiredStateConfiguration
#Requires -Module @{ ModuleName = 'NetworkingDsc'; RequiredVersion = '7.4.0.0' }
#Requires -Module @{ ModuleName = 'xWebAdministration'; RequiredVersion = '3.0.0.0' }
 
<#
    .DESCRIPTION
        This configuration sets up a DSC pull server that is capable for client nodes to
        register with it and retrieve configuration documents with configuration names
        instead of configuration id.
 
        Prerequisite: 1 - Install a certificate in 'CERT:\LocalMachine\MY\' store
                          For testing environments, you could use a self-signed
                          certificate. (New-SelfSignedCertificate cmdlet could
                          generate one for you). For production environments, you
                          will need a certificate signed by valid CA. Registration
                          only works over https protocols. So to use registration
                          feature, a secure pull server setup with certificate is
                          necessary.
                      2 - To configure a Firewall Rule (Exception) to allow external
                          connections the [NetworkingDsc](https://github.com/PowerShell/NetworkingDsc)
                          DSC module is required.
                      3 - The [xWebAdministration](https://github.com/PowerShell/xWebAdministration)
                          DSC module is required to configure the IIS Application Pool
 
    .PARAMETER CertificateThumbPrint
        Certificate thumbprint for creating an HTTPS endpoint. Use
        "AllowUnencryptedTraffic" for setting up a non SSL based endpoint.
 
    .PARAMETER RegistrationKey
        This key will be used by client nodes as a shared key to authenticate
        during registration. This should be a string with enough entropy
        (randomness) to protect the registration of clients to the pull server.
        The example creates a new GUID for the registration key.
 
    .PARAMETER Port
        The TCP port on which the Pull Server will listen for connections
 
    .PARAMETER ApplicationPoolName
        The IIS Application Pool to use with the new Pull Server
 
    .EXAMPLE
        $thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
        $registrationKey = [System.Guid]::NewGuid()
 
        xDscWebService_Preferred_Config -RegistrationKey $registrationkey -CertificateThumbPrint $thumbprint
#>
Configuration xDscWebService_Preferred_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $CertificateThumbPrint,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $RegistrationKey,
 
        [Parameter()]
        [ValidateRange(1, 65535)]
        [System.UInt16]
        $Port = 8080,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $ApplicationPoolName
    )
 
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
    Import-DscResource -ModuleName xWebAdministration -ModuleVersion 3.0.0.0
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xWebAppPool PSDSCPullServerPool
        {
            Ensure = 'Present'
            Name = $ApplicationPoolName
            IdentityType = 'NetworkService'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Present'
            EndpointName = 'PSDSCPullServer'
            ApplicationPoolName = $ApplicationPoolName
            Port = $Port
            PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint = $CertificateThumbPrint
            ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State = 'Started'
            RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $true
            Enable32BitAppOnWin64 = $false
            UseSecurityBestPractices = $true
            ConfigureFirewall = $false
            DependsOn = '[WindowsFeature]DSCServiceFeature', '[xWebAppPool]PSDSCPullServerPool'
        }
 
        File RegistrationKeyFile
        {
            Ensure = 'Present'
            Type = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents = $RegistrationKey
        }
 
        Firewall PSDSCPullServerRule
        {
            Ensure = 'Present'
            Name = "DSC_PullServer_$Port"
            DisplayName = "DSC PullServer $Port"
            Group = 'DSC PullServer'
            Enabled = $true
            Action = 'Allow'
            Direction = 'InBound'
            LocalPort = $Port
            Protocol = 'TCP'
            DependsOn = '[xDscWebService]PSDSCPullServer'
        }
    }
}
 
.EXAMPLE 2
 
 
#Requires -Module xPSDesiredStateConfiguration
#Requires -Module @{ ModuleName = 'NetworkingDsc'; RequiredVersion = '7.4.0.0' }
 
<#
    .DESCRIPTION
        This configuration sets up a DSC pull server that is capable for client nodes
        to register with it and use SQL Server as a backend DB.
 
        Prerequisite: 1 - Install a certificate in 'CERT:\LocalMachine\MY\'
                          store. For testing environments, you could use a
                          self-signed certificate. (New-SelfSignedCertificate
                          cmdlet could generate one for you). For production
                          environments, you will need a certificate signed by
                          valid CA. Registration only works over https
                          protocols. So to use registration feature, a secure
                          pull server setup with certificate is necessary.
                      2 - Install and Configure SQL Server, preferably using
                          [SqlServerDsc](https://github.com/PowerShell/SqlServerDsc)
                      3 - To configure a Firewall Rule (Exception) to allow external
                          connections the [NetworkingDsc](https://github.com/PowerShell/NetworkingDsc)
                          DSC module is required.
 
    .PARAMETER CertificateThumbPrint
        Certificate thumbprint for creating an HTTPS endpoint. Use
        "AllowUnencryptedTraffic" for setting up a non SSL based endpoint.
 
    .PARAMETER RegistrationKey
        This key will be used by client nodes as a shared key to authenticate
        during registration. This should be a string with enough entropy
        (randomness) to protect the registration of clients to the pull server.
        The example creates a new GUID for the registration key.
 
    .PARAMETER Port
        The TCP port on which the Pull Server will listen for connections
 
    .EXAMPLE
        $thumbprint = (New-SelfSignedCertificate -Subject $env:COMPUTERNAME).Thumbprint
        $registrationKey = [System.Guid]::NewGuid()
 
        xDscWebService_RegistrationUseSQLProvider_Config -RegistrationKey $registrationKey -CertificateThumbPrint $thumbprint -Verbose
#>
Configuration xDscWebService_RegistrationUseSQLProvider_Config
{
    param
    (
        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $CertificateThumbPrint,
 
        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $RegistrationKey,
 
        [Parameter()]
        [ValidateRange(1, 65535)]
        [System.UInt16]
        $Port = 8080
    )
 
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
    # To explicitly import the resource WindowsFeature and File.
    Import-DscResource -ModuleName PSDesiredStateConfiguration
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Present'
            EndpointName = 'PSDSCPullServer'
            Port = $Port
            PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint = $CertificateThumbPrint
            ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State = 'Started'
            DependsOn = '[WindowsFeature]DSCServiceFeature'
            RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $true
            UseSecurityBestPractices = $true
            SqlProvider = $true
            SqlConnectionString = "Provider=SQLNCLI11;Data Source=(local)\SQLExpress;User ID=SA;Password=Password12!;Initial Catalog=master;"
            ConfigureFirewall = $false
        }
 
        File RegistrationKeyFile
        {
            Ensure = 'Present'
            Type = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents = $RegistrationKey
        }
 
        Firewall PSDSCPullServerRule
        {
            Ensure = 'Present'
            Name = "DSC_PullServer_$Port"
            DisplayName = "DSC PullServer $Port"
            Group = 'DSC PullServer'
            Enabled = $true
            Action = 'Allow'
            Direction = 'InBound'
            LocalPort = $Port
            Protocol = 'TCP'
            DependsOn = '[xDscWebService]PSDSCPullServer'
        }
 
    }
}
 
.EXAMPLE 3
 
 
#Requires -Module xPSDesiredStateConfiguration
#Requires -Module @{ ModuleName = 'NetworkingDsc'; RequiredVersion = '7.4.0.0' }
 
<#
    .DESCRIPTION
        This configuration sets up a DSC pull server that is capable for client
        nodes to register with it.
 
        Prerequisite: 1 - Install a certificate in 'CERT:\LocalMachine\MY\' store
                          For testing environments, you could use a self-signed
                          certificate. (New-SelfSignedCertificate cmdlet could
                          generate one for you). For production environments, you
                          will need a certificate signed by valid CA. Registration
                          only works over https protocols. So to use registration
                          feature, a secure pull server setup with certificate is
                          necessary.
                      2 - To configure a Firewall Rule (Exception) to allow external
                          connections the [NetworkingDsc](https://github.com/PowerShell/NetworkingDsc)
                          DSC module is required.
 
    .PARAMETER CertificateThumbPrint
        Certificate thumbprint for creating an HTTPS endpoint. Use
        "AllowUnencryptedTraffic" for setting up a non SSL based endpoint.
 
    .PARAMETER RegistrationKey
        This key will be used by client nodes as a shared key to authenticate
        during registration. This should be a string with enough entropy
        (randomness) to protect the registration of clients to the pull server.
        The example creates a new GUID for the registration key.
 
    .EXAMPLE
        $thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
        $registrationKey = [System.Guid]::NewGuid()
 
        xDscWebService_RegistrationWin2k12and2k12R2_Config -RegistrationKey $registrationKey -certificateThumbPrint $thumbprint -Verbose
#>
Configuration xDscWebService_RegistrationWin2k12and2k12R2_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $CertificateThumbPrint,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $RegistrationKey,
 
        [Parameter()]
        [ValidateRange(1, 65535)]
        [System.UInt16]
        $Port = 8080
    )
 
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
    # To explicitly import the resource WindowsFeature and File.
    Import-DscResource -ModuleName PSDesiredStateConfiguration
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Present'
            EndpointName = 'PSDSCPullServer'
            Port = $Port
            PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint = $CertificateThumbPrint
            ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State = 'Started'
            DependsOn = '[WindowsFeature]DSCServiceFeature'
            RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $true
            UseSecurityBestPractices = $true
            Enable32BitAppOnWin64 = $true
            ConfigureFirewall = $false
        }
 
        File RegistrationKeyFile
        {
            Ensure = 'Present'
            Type = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents = $RegistrationKey
        }
 
        Firewall PSDSCPullServerRule
        {
            Ensure = 'Present'
            Name = "DSC_PullServer_$Port"
            DisplayName = "DSC PullServer $Port"
            Group = 'DSC PullServer'
            Enabled = $true
            Action = 'Allow'
            Direction = 'InBound'
            LocalPort = $Port
            Protocol = 'TCP'
            DependsOn = '[xDscWebService]PSDSCPullServer'
        }
    }
}
 
.EXAMPLE 4
 
 
#Requires -Module xPSDesiredStateConfiguration
#Requires -Module @{ ModuleName = 'NetworkingDsc'; RequiredVersion = '7.4.0.0' }
 
<#
    .DESCRIPTION
        This sample configures a DSC Pull Server with enhanced security and a
        firewall rule to allow external connections that is capable for client
        nodes to register with it and retrieve configuration documents with
        configuration names instead of configuration id.
 
        Prerequisite: 1 - Install a certificate in 'CERT:\LocalMachine\MY\' store
                          For testing environments, you could use a self-signed
                          certificate. (New-SelfSignedCertificate cmdlet could
                          generate one for you). For production environments, you
                          will need a certificate signed by valid CA. Registration
                          only works over https protocols. So to use registration
                          feature, a secure pull server setup with certificate is
                          necessary.
                      2 - To configure a Firewall Rule (Exception) to allow external
                          connections the [NetworkingDsc](https://github.com/PowerShell/NetworkingDsc)
                          DSC module is required.
 
    .PARAMETER CertificateThumbPrint
        Certificate thumbprint for creating an HTTPS endpoint. Use
        "AllowUnencryptedTraffic" for setting up a non SSL based endpoint.
 
    .PARAMETER RegistrationKey
        This key will be used by client nodes as a shared key to authenticate
        during registration. This should be a string with enough entropy
        (randomness) to protect the registration of clients to the pull server.
        The example creates a new GUID for the registration key.
 
    .PARAMETER Port
        The TCP port on which the Pull Server will listen for connections
 
    .EXAMPLE
        $thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
        $registrationKey = [System.Guid]::NewGuid()
 
        xDscWebService_Registration_Config -RegistrationKey $registrationkey -CertificateThumbPrint $thumbprint
#>
Configuration xDscWebService_Registration_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $CertificateThumbPrint,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $RegistrationKey,
 
        [Parameter()]
        [ValidateRange(1, 65535)]
        [System.UInt16]
        $Port = 8080
    )
 
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Present'
            EndpointName = 'PSDSCPullServer'
            Port = $Port
            PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint = $CertificateThumbPrint
            ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State = 'Started'
            DependsOn = '[WindowsFeature]DSCServiceFeature'
            RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $true
            Enable32BitAppOnWin64 = $false
            UseSecurityBestPractices = $true
            ConfigureFirewall = $false
        }
 
        File RegistrationKeyFile
        {
            Ensure = 'Present'
            Type = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents = $RegistrationKey
        }
 
        Firewall PSDSCPullServerRule
        {
            Ensure = 'Present'
            Name = "DSC_PullServer_$Port"
            DisplayName = "DSC PullServer $Port"
            Group = 'DSC PullServer'
            Enabled = $true
            Action = 'Allow'
            Direction = 'InBound'
            LocalPort = $Port
            Protocol = 'TCP'
            DependsOn = '[xDscWebService]PSDSCPullServer'
        }
    }
}
 
.EXAMPLE 5
 
 
#Requires -Module xPSDesiredStateConfiguration
#Requires -Module @{ ModuleName = 'NetworkingDsc'; RequiredVersion = '7.4.0.0' }
 
<#
    .DESCRIPTION
        This configuration sets up a DSC pull server that is capable for client nodes
        to register with it and retrieve configuration documents with configuration names
        instead of configuration id.
 
        Prerequisite: 1 - Install a certificate in 'CERT:\LocalMachine\MY\'
                          store. For testing environments, you could use a
                          self-signed certificate. (New-SelfSignedCertificate
                          cmdlet could generate one for you). For production
                          environments, you will need a certificate signed by
                          valid CA. Registration only works over https
                          protocols. So to use registration feature, a secure
                          pull server setup with certificate is necessary.
                      2 - Install and Configure SQL Server, preferably using
                          [SqlServerDsc](https://github.com/PowerShell/SqlServerDsc)
                      3 - To configure a Firewall Rule (Exception) to allow external
                          connections the [NetworkingDsc](https://github.com/PowerShell/NetworkingDsc)
                          DSC module is required.
 
    .PARAMETER NodeName
        The name of the node being configured as a DSC Pull Server.
 
    .PARAMETER CertificateThumbPrint
        Certificate thumbprint for creating an HTTPS endpoint. Use
        "AllowUnencryptedTraffic" for setting up a non SSL based endpoint.
 
    .PARAMETER RegistrationKey
        This key will be used by client nodes as a shared key to authenticate
        during registration. This should be a string with enough entropy
        (randomness) to protect the registration of clients to the pull server.
        The example creates a new GUID for the registration key.
 
    .PARAMETER Port
        The TCP port on which the Pull Server will listen for connections
 
    .EXAMPLE
        $thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
        $registrationKey = [System.Guid]::NewGuid()
 
        xDscWebService_RegistrationWithSecurityBestPractices_Config -RegistrationKey $registrationKey -certificateThumbPrint $thumbprint
#>
Configuration xDscWebService_RegistrationWithSecurityBestPractices_Config
{
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $CertificateThumbPrint,
 
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.String]
        $RegistrationKey,
 
        [Parameter()]
        [ValidateRange(1, 65535)]
        [System.UInt16]
        $Port = 8080
    )
 
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
    # To explicitly import the resource WindowsFeature and File.
    Import-DscResource -ModuleName PSDesiredStateConfiguration
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Present'
            EndpointName = 'PSDSCPullServer'
            Port = $Port
            PhysicalPath = "$env:SystemDrive\inetpub\PSDSCPullServer"
            CertificateThumbPrint = $CertificateThumbPrint
            ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
            ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
            State = 'Started'
            DependsOn = '[WindowsFeature]DSCServiceFeature'
            RegistrationKeyPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService"
            AcceptSelfSignedCertificates = $true
            UseSecurityBestPractices = $true
            ConfigureFirewall = $false
        }
 
        File RegistrationKeyFile
        {
            Ensure = 'Present'
            Type = 'File'
            DestinationPath = "$env:ProgramFiles\WindowsPowerShell\DscService\RegistrationKeys.txt"
            Contents = $RegistrationKey
        }
 
        Firewall PSDSCPullServerRule
        {
            Ensure = 'Present'
            Name = "DSC_PullServer_$Port"
            DisplayName = "DSC PullServer $Port"
            Group = 'DSC PullServer'
            Enabled = $true
            Action = 'Allow'
            Direction = 'InBound'
            LocalPort = $Port
            Protocol = 'TCP'
            DependsOn = '[xDscWebService]PSDSCPullServer'
        }
    }
}
 
.EXAMPLE 6
 
 
#Requires -Module xPSDesiredStateConfiguration
 
<#
    .DESCRIPTION
        This DSC configuration removes a DSC Pull Server and Compliance Server.
#>
configuration xDscWebService_Removal_Config
{
    Import-DscResource -ModuleName xPSDesiredStateConfiguration
 
    Node localhost
    {
        WindowsFeature DSCServiceFeature
        {
            Ensure = 'Present'
            Name = 'DSC-Service'
        }
 
        xDscWebService PSDSCPullServer
        {
            Ensure = 'Absent'
            EndpointName = 'PSDSCPullServer'
            CertificateThumbPrint = 'notNeededForRemoval'
            UseSecurityBestPractices = $false
        }
    }
}