PowerShell Desired State Configuration (DSC) Journey – Day 4

.MOF stands for Managed Object Format. (Got it on the first try!)

If you haven’t already, I strongly urge you to read this article on Using Event Logs to Diagnose Errors in Desired State Configuration.

Today I am going to focus on learning how the Attributes Property of the File Resource in DSC works.  If that goes well I may get real crazy and start messing around with the Contents Property.

I run the command:

Which shows me that the Attributes property has a property type of [String[]], is not mandatory, and accepts the Values Archive, Hidden, ReadOnly, and System.  Because I like to break things, I immediately wonder, can I make my DSC folder on the TargetServer a Hidden, ReadOnly, Archive?

First things first, here is my current (working!) DSC Configuration.

So, let’s add an attribute and see what happens (for now I am going to leave the existing directory in place on the TargetServer).

Why did I pick System?  Because that’s the one I know the least about, and I am curious what happens.  I Invoke the Configuration AND…the job completed with no errors as seen in the log of the Start-DSCConfiguration below.

When I look at the properties of my file, I don’t see anything different.  However, if I go to the delete the file, I get this pop-up.


I know that my attribute was set because I have deleted the file numerous times so far.  I do a quick google search and find that “System, when set, indicates that the hosting file is a critical system file that is necessary for the computer to operate properly.”  Chalking up this test as a success.

Of course, the question now is, how do I remove that Attribute?  I am going to assume you would do that by just removing the Attributes property from the Resource.  So let’s try that and see what happens.  Nothing appears to have happened, if I go to delete the file I get the same error message as above.  Interesting, was not expecting that.  Looking over the File Resource documentation on TechNet I don’t see anything about Removing an existing attribute.  I have to believe there is a way to do this because if you wanted to prevent a file or folder from becoming marked ReadOnly you would need a way to do that.

Leaving that thought for now, let’s see if changing the Attribute to Hidden wipes out the System Attribute.  I make the change in my Configuration and Invoke it.

It fails like a boss with the error message “Access is denied.”  I am going to assume because it’s flagged as a system file.  I delete the folder structure and Invoke my Configuration again.  This time, it completes successfully.  The folder DSCTest and the PowerShell .ps1 file underneath are both marked as Hidden.  So, can I know make this a Hidden Archive?

I change my Attributes line in the Configuration to this, and Invoke the Configuration.

Nope, it hates it.  The error message seems to indicate that there can be only one Value for the Attributes Property.

Just to make sure, I try this change first:

You can’t see the squiggly line in the code block, but PowerShell ISE straight up tells you “Duplicate property assignments are not allowed in an instance definition.”  So no luck there.  Well, I guess we will try removing the Hidden attribute and see what happens.  Nothing happens, the folder and file are still marked as hidden.  I change the Attribute to Archive.  The Hidden flag is removed from the folder, but not from the file.  And the folder is not an archive.  The Start-DSC Verbose Logging also says “The destination object was found and no action is required”.  Which sounds like nothing happened but some things did change.

Now I want to see what happens if I delete my folder and Invoke the Configuration from the start with the Archive Attribute.  That works, and if you un-check the settings shown below and Invoke the Configuration again, those boxes will be checked again.


Some Google searching does nothing to help me answer my question about how I can remove an Attribute using DSC, so I will have to do some more digging (and thinking) and see if I can come up with that (beyond deleting and recreating the file with the new attribute that I want).

Things I Learned Today:

  • Only one attribute can be specified per instance
  • I don’t know how to tell a file or folder to NOT have a specific Attribute
  • The available Attributes are System,Archive,ReadOnly and Hidden
  • What the System and Archive attributes actually are doing behind the scenes

Tomorrow I will explore the Contents Property of the File Resource.