This repository has been archived by the owner on Nov 16, 2020. It is now read-only.
forked from gpoguy/ADMXToDSC
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathConvertTo-DSC
144 lines (135 loc) · 6.14 KB
/
ConvertTo-DSC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
<#
.Synopsis
ConvertTo-DSC allows you to get registry keys and values configured in existing GPOS
and use that information to create DSC docuemnts.
.DESCRIPTION
Group Policy Objects have been created, managed, configured, re-configured, deleted,
backed up, imported, exported, inspected, detected, neglected and rejected for many years.
Now with the advent of Desired State Configuration (DSC) ensuring that the work with regards
to configuring registry policy, is not lost. ConvertTo-DSC is a cmdlet (advanced function)
that was created to address this sceanario. The ConvertTo-DSC cmdlet requires the GroupPolicy
PowerShell Module. The GP cmdlets are avaialbe on machines where the GPMC is installed.
The <gponame>.ps1 file will be opened in the PowerShell ISE as a convenience.
.PARAMETER GPOName
The parameter GPOName is the displayname of the Group Policy Object to be referenced for
the operation. The 'GPOName' parameter is aliased as 'GPO' for convenience and to conform
to other GP cmdlets.
.PARAMETER OutputPath
The 'OutputPath' parameter points to the directory where the DSC document will be created.
This parameter is aliased as 'Path' for convenience and to conform to other cmdlets.
.EXAMPLE
ConvertTo-DSC -GPOName <gpo> -OutputFolder <folder where to create DSC .ps1 file>
.EXAMPLE
GP2DSC -GPOName <GPO> -OutputFolder <folder>
.LINK
Http://www.github.com/gpoguy
#>
function ConvertTo-DSC
{
# add additional cmdletBinding information to make the experience more robust.
[CmdletBinding()]
[Alias("GP2DSC")]
[OutputType([int])]
# possible new scenarios... optional open in ISE when complete.
# optional create of .mof file, including target test machine. This scenario would
# be an e2e test where the GPO is selected, Registry data is converted to .ps1 config
# the configuration is called and .mof is created and DSC configuration is started targeting
# a test machine.
Param
# possibly re-work parameter names.
([Parameter(Mandatory=$true)]
[Alias("GPO")]
[string]$GPOName,
[Parameter(Mandatory=$true)]
[Alias("Path")]
[string] $OutputFolder
)
Process
{
function ADMtoDSC
{
param
(
[String] $gpo,
[String] $path
)
$policies = Recurse_PolicyKeys -key "HKLM\Software\Policies" -gpo $gpo
# ADD SOME OUTPUT IF THERE IS NO SETTINGS IN THIS REGISTRY HIVE CONTINUE SILENTLY AND
# MENTION IN VERBOSE OUTPUT "No settings in "HKLM\Software\Policies"
$policies += Recurse_PolicyKeys -key "HKLM\Software\Microsoft\Windows NT\CurrentVersion" -gpo $gpo
# ADD SOME OUTPUT IF THERE IS NO SETTINGS IN THIS REGISTRY HIVE CONTINUE SILENTLY AND
# MENTION IN VERBOSE OUTPUT "No settings in "HKLM\Software\Microsoft\Winodws NT\CurrentVersion"
# build the DSC configuration doc
GenConfigDoc -path $path -gpo $gpo -policies $policies
# add error/debug and verbose.
}
function Recurse_PolicyKeys
# This function goes through the registry.pol data and finds entries associated with the
# two policy hives mentioned above. Consider rename of the function to be more modular and
# powershell'ish
{
param
(
[string]$key,
[string]$gpoName
)
# Get-GPRegistryValue is from the GroupPolicy PowerShell module.
$current = Get-GPRegistryValue -Name $gpo -Key $key
foreach ($item in $current)
{
if ($item.ValueName -ne $null)
{
[array]$returnVal += $item
}
else
{
Recurse_PolicyKeys -Key $item.FullKeyPath -gpoName $gpo
}
}
return $returnVal
# hmmmmm
}
function GenConfigDoc
# consider rename of function - New-DSCDoc
# add verbose output, error handling and debugging
{
param
(
[string] $path,
[string] $gpo,
[array] $policies
)
#parse the spaces out of the GPO name, since we use it for the Configuration name
$gpo = $gpo -replace " ","_"
$outputFile = "$path\$gpo.ps1"
"Configuration `"$gpo`"" | out-file -FilePath $outputFile
'{' | out-file -FilePath $outputFile -Append
'Node localhost' | out-file -FilePath $outputFile -Append
' {' | out-file -FilePath $outputFile -Append
foreach ($regItem in $policies)
{
if ($regItem.FullKeyPath -eq $null) #throw away any blank entries
{
continue
}
# now build the resources
# exploring other ways to create the resource info.
# figure out if certain encoding is needed for the output. ISE shows spaces as
# unicode character.
" Registry `"" + $regItem.ValueName + "`""| out-file -FilePath $outputFile -Append
' {' | out-file -FilePath $outputFile -Append
" Ensure = `"Present`"" | out-file -FilePath $outputFile -Append
" Key = `""+ $regItem.FullKeyPath + "`""| out-file -FilePath $outputFile -Append
" ValueName = `"" + $regItem.ValueName + "`"" | out-file -FilePath $outputFile -Append
" ValueType = `"" +$regItem.Type + "`"" | out-file -FilePath $outputFile -Append
" ValueData = `"" +$regItem.Value + "`""| out-file -FilePath $outputFile -Append
' }' | out-file -FilePath $outputFile -Append
}
' }' | out-file -FilePath $outputFile -Append
'}' | out-file -FilePath $outputFile -Append
$gpo | out-file -FilePath $outputFile -Append
}
ADMToDSC -gpo $gpoName -path $outputFolder
ISE "$outputfolder\$gponame.ps1"
}
}