-
-
Save jeffpatton1971/3aeb568130988a460738 to your computer and use it in GitHub Desktop.
Output of pasted in resource
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PS C:\projects\DSC-WorkInProgress> $ConfigurationData = | |
>> @{ | |
>> AllNodes = | |
>> @( | |
>> @{ | |
>> NodeName = "it08082"; | |
>> ActionAccount = "DOMAIN\SqlDefaultAction_sa" | |
>> LowPrivGroup = "DOMAIN\SqlMPLowPriv" | |
>> Registry = "HKLM:\Software\Microsoft\Microsoft SQL Server\" | |
>> PSDscAllowPlainTextPassword = $true | |
>> } | |
>> ); | |
>> } | |
>> | |
PS C:\projects\DSC-WorkInProgress> function Format-DscScriptBlock() | |
>> { | |
>> param( | |
>> [parameter(Mandatory=$true)] | |
>> [System.Collections.Hashtable] $Node, | |
>> [parameter(Mandatory=$true)] | |
>> [System.Management.Automation.ScriptBlock] $ScriptBlock | |
>> ) | |
>> $result = $scriptBlock.ToString(); | |
>> foreach( $key in $node.Keys ) | |
>> { | |
>> $result = $result.Replace("`$Node.$key", $node[$key]); | |
>> } | |
>> return $result; | |
>> } | |
>> | |
PS C:\projects\DSC-WorkInProgress> Configuration SQLLowPrivRegistry | |
>> { | |
>> Node $AllNodes.NodeName | |
>> { | |
>> Script TopLevelActionAccountPermissions | |
>> { | |
>> SetScript = Format-DscScriptBlock -Node $Node -ScriptBlock {$Acl | |
= Get-Acl -Path $Node.Registry;$Ace = New-Object System.Security.AccessControl.R | |
egistryAccessRule($Node.ActionAccount,[System.Security.AccessControl.RegistryRig | |
hts]::ReadKey,[System.Security.AccessControl.InheritanceFlags]::ContainerInherit | |
,[System.Security.AccessControl.PropagationFlags]::None,[System.Security.AccessC | |
ontrol.AccessControlType]::Allow);$Acl.SetAccessRule($Ace);} | |
>> TestScript = Format-DscScriptBlock -Node $Node -ScriptBlock {$Acl | |
= Get-Acl -Path $Node.Registry;$Aces = ($Acl |Select-Object -Property Access).A | |
ccess;if (($Aces |Where-Object {$_.IdentityReference -eq $Node.ActionAccount})){ | |
return $true;}else{return $false;}} | |
>> GetScript = Format-DscScriptBlock -Node $Node -ScriptBlock {$Acl | |
= Get-Acl -Path $Node.Registry;$Aces = ($Acl |Select-Object -Property Access).Ac | |
cess;if (($Aces |Where-Object {$_.IdentityReference -eq $Node.ActionAccount})){$ | |
Result = "Action Account has required permissions.";}else{$Result = "Action Acco | |
unt missing required permissions.";};return @{GetScript = $GetScript;SetScript = | |
$SetScript;TestScript = $TestScrip;Result = $Result};} | |
>> } | |
>> } | |
>> } | |
>> | |
PS C:\projects\DSC-WorkInProgress> SQLLowPrivRegistry -ConfigurationData $Config | |
urationData | |
Directory: C:\projects\DSC-WorkInProgress\SQLLowPrivRegistry | |
Mode LastWriteTime Length Name | |
---- ------------- ------ ---- | |
-a--- 7/2/2014 4:23 PM 3322 it08082.mof | |
PS C:\projects\DSC-WorkInProgress> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment