Deploying Remote Desktop Services using PowerShell Desired State Configuration (#PSDSC)

After finally feeling familiar with PowerShell Desired State Configuration (PSDSC), I decided to begin expanding the capabilities provided by the resource kits published by Microsoft. What better area to focus on than Remote Desktop Services?! Therefore, I have created a new DSC resource for Deploying Remote Desktop Services using PowerShell Desired State Configuration: cRemoteDesktopServices.

Why RDS is tricky to deploy with DSC?

RDS provides a distributed services across multiple machines. Unfortunately, a new deployment cannot be created from the individual machines involved in the environment. A new deployment must consist of a connection broker, a web access server and a session host. In a production environment, these role services will reside on separate machines requiring PowerShell remoting to create the necessary configuration across he involved machines.

Due to the fact that the Local Configuration Manager (LCM) is executed under the SYSTEM account, a new RDS deployment requires domain credentials to access the nodes involved in the environment.

When using PowerShell remoting double-hop scenarios are very likely to occur. In such a scenario you remote into a machine or execute a command with alternate credentials and then you need to access another machine like a file share. In such a situation, you need to use the Credential Security Support Provider (CredSSP) - which is a prerequisite for this resource to work.

How to use this DSC Resource

The resource contains four examples to demonstrate the capabilities of the release. These examples are contained in the following files:

  1. Script to compile the examples: Configuration.ps1
  2. Data file to define nodes (configuration data): Configuration.psd1
  3. Composite resource to process configuration data: Configuration.psm1

The last file contains the following examples:

The Quick Deployment will deploy all three roles on a single node:

cRDSessionDeployment QuickDeployment {
    ConnectionBroker     = $Node.NodeName
    WebAccess            = $Node.NodeName
    SessionHost          = $Node.NodeName
    Credential           = $Credential
    DependsOn            = '[WindowsFeature]FeatureRDCB', '[WindowsFeature]FeatureRDSH', '[WindowsFeature]FeatureRDWA'
}

A Standard Deployment is similar to the quick deployment but configures the required roles on separate machines:

cRDSessionDeployment Deployment {
    ConnectionBroker     = $Node.NodeName
    WebAccess            = $AllNodes.Where{$_.Role -icontains 'WebAccess'}.NodeName
    SessionHost          = $AllNodes.Where{$_.Role -icontains 'SessionHost'}.NodeName
    Credential           = $Credential
    DependsOn            = '[WindowsFeature]FeatureRDCB'
}

As soon as a deployment exists, it will be necessary to introduce redundancy by adding a New Session Host

cRDSessionHost Deployment {
    Ensure               = 'Present'
    ConnectionBroker     = $AllNodes.Where{$_.Role -icontains 'ConnectionBroker'}.NodeName
    Credential           = $Credential
    DependsOn            = '[WindowsFeature]RDS-RD-Server'
}

… or a New Web Access Host

cRDWebAccessHost Deployment {
    Ensure               = 'Present'
    ConnectionBroker     = $AllNodes.Where{$_.Role -icontains 'ConnectionBroker'}.NodeName
    Credential           = $Credential
    DependsOn            = '[WindowsFeature] RDS-Web-Access'
}

Note that the resource is class-based and required the Windows Management Framework 5 to be installed. It was tested against the February Preview.

Where to get this DSC Resource

The resource is maintained in GitHub for version control and release management. Browse here to look at the repository in your browser.

You will always find the latest release here.

How to participate

There are many ways to participate in the development of this DSC resource:

Feedback is always welcome! If you'd like to get in touch with me concerning the contents of this article, please use Twitter.