jeffpatton1971/sqldsc.ps1 Secret

## sqldsc.ps1
$ConfigurationData =
@{
    AllNodes =
    @(
        @{
            NodeName = "it08082";
            ActionAccount = "DOMAIN\SqlDefaultAction_sa"
            LowPrivGroup = "DOMAIN\SqlMPLowPriv"
            Registry = "HKLM:\Software\Microsoft\Microsoft SQL Server\"
            PSDscAllowPlainTextPassword = $true
            }
        );
    }

Configuration SQLLowPrivRegistry
{
    param
    (
        [string[]] $ComputerName = "localhost"
    )

    Import-DscResource -Module PowerShellAccessControl

    Node $ComputerName
    {
        cAccessControlEntry TopLevelActionAccountPermissions
        {
            Ensure = "Present"
            Path = "HKLM:\Software\Microsoft\Microsoft SQL Server\"
            ObjectType = "RegistryKey"
            AceType = "AccessAllowed"
            AccessMask = ([System.Security.AccessControl.RegistryRights]::ReadKey)
            Principal = "DOMAIN\SqlDefaultAction_sa"
        }
    }
}

SQLLowPrivRegistry -ConfigurationData $ConfigurationData

Start-DscConfiguration -Path .\SQLLowPrivRegistry -Wait -Verbose
	$ConfigurationData =
	@{
	AllNodes =
	@(
	@{
	NodeName = "it08082";
	ActionAccount = "DOMAIN\SqlDefaultAction_sa"
	LowPrivGroup = "DOMAIN\SqlMPLowPriv"
	Registry = "HKLM:\Software\Microsoft\Microsoft SQL Server\"
	PSDscAllowPlainTextPassword = $true
	}
	);
	}

	Configuration SQLLowPrivRegistry
	{
	param
	(
	[string[]] $ComputerName = "localhost"
	)

	Import-DscResource -Module PowerShellAccessControl

	Node $ComputerName
	{
	cAccessControlEntry TopLevelActionAccountPermissions
	{
	Ensure = "Present"
	Path = "HKLM:\Software\Microsoft\Microsoft SQL Server\"
	ObjectType = "RegistryKey"
	AceType = "AccessAllowed"
	AccessMask = ([System.Security.AccessControl.RegistryRights]::ReadKey)
	Principal = "DOMAIN\SqlDefaultAction_sa"
	}
	}
	}

	SQLLowPrivRegistry -ConfigurationData $ConfigurationData

	Start-DscConfiguration -Path .\SQLLowPrivRegistry -Wait -Verbose