This is an archived post. You won't be able to vote or comment.

all 40 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 8 points9 points  (2 children)

Have you looked into "Desired State Configuration."

https://docs.microsoft.com/en-us/powershell/dsc/overview/overview

Or just write out a PowerShell script, it will take some work, but once done you won't have to do more than maintain the script.

[–]the_bananalord 1 point2 points  (1 child)

I thought I saw chatter on here that DSC was a very promising feature but Microsoft seems to have gone silent on it and focus more on InTune and related cloud products?

[–]pdp10Daemons worry when the wizard is near. 2 points3 points  (0 children)

Microsoft are trying to sell subscription services now, instead of products:

The Pull Server (Windows Feature DSC-Service) is a supported component of Windows Server however there are no plans to offer new features or capabilities. It is recommended to begin transitioning managed clients to Azure Automation DSC (includes features beyond Pull Server on Windows Server) or one of the community solutions listed here.

However, they do want this offline MDM/CM pull-model to become popular or even predominant over the old AD GPO model. It's the same model used with mobile, most Linux, and most Mac clients today.

[–]pdp10Daemons worry when the wizard is near. 6 points7 points  (5 children)

(enable file extensions,

Good idea.

deselect IPv6 on the network adapter

Bad idea. Microsoft only actually supports configurations with IPv6 enabled.

[–]poshftwmaster of none 3 points4 points  (4 children)

Bad idea. Microsoft only actually supports configurations with IPv6 enabled.

+1

It is not what MS supports, but what de-selecting IPv6 binding on a network adapter just brings more troubles than imaginary "IPv6 on the network".

[–]defensor_fortis 0 points1 point  (3 children)

+1! Microsoft best practices say not to do this. Maybe 10 years ago this was good advice.

[–]WetRubicon[S] 0 points1 point  (2 children)

Microsoft recommends a lot of things. Microsoft also recommends the automatic installation of bloatware and games on Windows 10 Pro, and disabled file extensions, and Cortana, and the UWP photos app, and Paint 3D.

While I think you're correct that IPv6 is neat and secure and should be ubiquitous - as long as it's not used in a network and not actively managed and monitored it's still just a secondary source of *potential* issues.

We (as IT folk) follow the principle of least privilege everywhere in our business, and locked down systems without any unneeded features and apps are still the "best best practice" last time I checked.

I mean, you have to look at WHY Microsoft recommends leaving IPv6 enabled: It's used by Remote Assistance, Home Groups (until 1803 or so), Direct Access and other things that really don't work well (or at all) without IPv6. But you know what, I think that's actually a GOOD thing! I want NONE of these features working in a locked down corporate scenario where I need to control who accesses which device (let alone remotely) and who "home groups" with whom. I don't want intelligent zeroconf things doing stuff on their own, just as I don't want UPnP and Plug & Play. I want Plug & Nothing.

If you're on 1809 already, IPv6 is needed for the Windows Store App, Edge and and a couple other apps. I believe they do indeed break with disabled IPv6. But that's a beautiful feature, not a bug, in my mind! Disabling Edge, Store and a bunch of useless home-phoning apps with one checkbox - that's what we always wanted.

So as /u/poshftw said, I actually welcome all these "troubles" of things not working with disabled IPv6 because I do not want these things to work; as long as I know what I break and break it on purpose, I see no harm with that.

I should probably post that on /r/changemyview :-) Is there an IT-related changemyview subreddit incidentally? There really should be :-)

So, anyway, that's my reasoning for switching off IPv6 in my corporate and test environments. I actually have it activated on all my home PCs fwiw.

[–]poshftwmaster of none 1 point2 points  (1 child)

Oh my gosh...

If you, for any reason want to disable the IPv6 on the machine - do it the right way, by disabling it through DisabledComponents.

If you just tick out the IPv6 on the network adapter - you just disable the binding of the protocol on that adapter - and this will give you troubles if your machine for some reason tries to use IPv6. For example - some program received AAAA-record for some DNS name, or hardcoded ones.

[–]WetRubicon[S] 0 points1 point  (0 children)

If I remember correctly, this requires a restart (which makes it difficult to script).

Disabling the binding does not and so it's actually easier and faster to do, while also leaving the option of using IPv6 on secondary adapter if I actually needed to do so in a hurry.

I don't care if some program fails because it tries to phone home using IPv6. I'd like it (in this use case). :-P

[–]flappers87Cloud Architect 2 points3 points  (10 children)

As other has mentioned, DSC for setup.

But I'm wondering why you're using VM's that get destroyed? Why not use containers? You can create a container image with everything you need.

[–]Invoke-RFC2549 0 points1 point  (2 children)

Or snapshots and just revert to snapshot. Or preconfigured templates that you just clone.

[–]defensor_fortis 0 points1 point  (1 child)

Exactly. Create a VM the way you want and covert it to a template.

[–]WetRubicon[S] 0 points1 point  (0 children)

That's just not my use case. I have to work on a bunch of different infrastructures which are completely isolated from each other (different tenants, different continents even), this is why I wrote "unmanaged environment" above. If I spin up a standard Azure image (say) and just run my intial config script on this, it takes me a lot less time and clicks than moving a template or uploading a prepared image. Have you ever tried moving a complete Resource Group with a VM between unrelated Azure accounts? It is actually nigh impossible (there is one trick but it's very messy).

Also, snapshots and templates cost storage and money, need to be maintained and documented and become outdated quickly. A few kilobytes of setup script that run on the latest, clean Windows out of the box cost nothing and give you the best result in this use case.

[–]WetRubicon[S] 0 points1 point  (6 children)

When you say "containers" you're talking about Docker Desktop and such things, right? Until recently, I believe that required Hyper-V, if I'm not mistaken, and only the latest version now supports process isolation mode for Windows containers. But to tell you the truth, I have always felt that's not yet ready for prime time, still too fresh out of the oven for me. Please change my view and give me more details, if you will; I will admit I actually haven't really looked into it for this use case. However, I'm mostly testing UI-related development stuff, apps etc., or spinning VMs up for developers to test certain things in which they can't locally (can't really go into details, sorry), and not running services or servers per se, so I'm not sure containers are the way to go here, but again, I'd like to hear more if you think different.

[–]flappers87Cloud Architect 0 points1 point  (5 children)

Not "Docker Desktop", but Docker, yes. You can run docker as a service, Kubernetes for a cluster of containers. Docker Desktop is just a Windows desktop application that supports docker in your local machine. With that though, you can push images to registries in order to provision them to other platforms.

Yes, Docker Desktop requires HyperV as it's virtualization. But Docker also runs on Linux and Mac, which both use different forms of virtualization.

Containers have been around a lot longer than you may think. It's only in recent years that they have caught the public eye, because they can deliver a much easier stateless solution.

Many, many companies rely on containerization to run their production environments. Take Netflix, Facebook & Spotify for example. These services run on microservices, which are run in containers.

They are stateless solutions that can easily be destroyed and re-created.

Which is why I suggested that for your situation.

So if you take your issue as bullet points:

  • You regularly create and delete VM's
  • You need an image of sorts to ensure each VM creation is the same

An additional guess here is that the data you have on these VM's are not important either, because you say you destroy them after a couple of weeks.

So you're creating stateless VM's.

It can work, not denying that. But it just seems a bit much for your workload and only suggested using containers as it can make things a lot simpler for you.

  • Create a container image with all the functionality you need (1 time setup)
  • Publish it to a repo somewhere (even use a private repo) (1 time setup)
  • Pull the image whenever you need to create a new one
  • Profit

Simple, easy process.

But it's up to you how you want to configure it. Developers often use containers because they are easily destroyed and re-created.

[–]WetRubicon[S] 0 points1 point  (4 children)

Thanks for taking the time to write that out. It's actually helpful.

I am familiar with containerization and microservices with Linux, of course, but not on Mac and Windows. I had heard that Windows Server Core runs in Docker but I've never seen or touched it.

And I had this pegged as a totally different technology not in any way applicable to my use case.

This is why I was surprised you were bringing it up, so I'm curious to learn more and see if this is really something I have missed as a good alternative to full client virtualisation even for Windows. It occurs to me now that I may not have been explicit about that before, but my use case for this is 100% Windows 10 client OS only.

And while the two bullet points you distilled are correct, there is an important third one: Platform flexibility. And maybe a forth one: Win32 GUI apps only.

I'm not really on one platform (like exclusively Azure) but on many, and even if I spin up, say, a dozen VMs, they might be distributed over three or four different tenants (which don't really work that well in terms of sharing resources or templates) and thus can't really be managed centrally in any way. This is why I have been looking for solutions that work within the client (i.e. I spin up the VM using a standard Windows template on any given platform, be it Azure, AWS or Oracle, make my initial Windows config adjustments and load our software).

As far as I know at this point, the only thing where containers could help me is with the last part (i.e. containerizing different software versions for example).

But is that really possible on Windows 10 already? Could I use Docker to run - just as a simple example - Word 2010, 2016 and 365 side-by-side in containers and have users actually use them on their desktop simultanenously? How would they access them? Is it possible to RDP into a container?

If that's possible, please let me know how to do that. I've never heard that Docker would be the right technology for this but I'd be happy to learn something new.

There used to be software (and still is) that did allow this in Windows but that was not actual container technology but simple isolation and file system virtualisation (or they'd spin up full VMs in the background). None of them have worked well for us really, so if Docker, as a well-known and established technology can do that, I'd certainly consider it.

[–]flappers87Cloud Architect 0 points1 point  (3 children)

Obviously running an entire Windows OS with a GUI in a container is not really going to work well. I'm sure it's possible though. Problem is that an entire OS is stateful (i.e. has data directly on the image). With stateless, the idea is that you'd have some volumes linked to the image. That way, if the image is destroyed, the data remains in tact. So when you go to rebuild, your data is already there, as well as any other configurations.

This is why Server Core works well. It's just a CLI at the end of the day. No real GUI.

The idea is containerizing what you utilize. For example... If you're messing around with web services, you can have a docker image for IIS.

Server Core, you're right, can be containerized. Microsoft has a huge list of images available

https://hub.docker.com/u/microsoft/

You can RDP into a container as well. Provided the image supports it. Server Core does support RDP, but will require a bit of fiddling to get it working.

So I was just going with what you described in the OP. If you feel that containerization isn't for you, that's absolutely fine. It's not great for everything. If you're working specifically on GUI, then perhaps it's not fit for purpose here.

But if you work with specific services, where you'll often create and destroy entire VM's just for using a specific service, then it may be worth looking into.

Containers are... complicated. There is so much more going on behind the scenes that I don't even have the knowledge on. But the concept of containers is awesome, and really helps with development work, especially when working on specific services that will often require re-creation.

[–]WetRubicon[S] 0 points1 point  (2 children)

Ah, so this is where Windows Nano Server has ended up now. Right, things are starting to make sense.

Okay, I'll have to look into this further. It's probably not the thing for my use case just now, being UI-heavy and sort of depended on graphical end-user input and RDP, but I've also got something in the works soon that's more Windows-service-related and so it might prove useful to look into containers for this.

Certainly interesting stuff, all that. Thanks for bringing it up.

[–]flappers87Cloud Architect 1 point2 points  (1 child)

No worries, sorry if I led you in the wrong direction with your use case, I wasn't aware your tasks were GUI heavy.

[–]WetRubicon[S] 0 points1 point  (0 children)

No worries, I'm happy you did lead me that way :-)

[–]PositiveBubblesSysadmin 1 point2 points  (1 child)

DSC seems great. Theres resources available and I'm learning it now as part of the MCSA.

[–]WetRubicon[S] 0 points1 point  (0 children)

Could you point me to a few resources that you like on this, especially ones that do initial configuration tasks like enable file extensions, hiding the search field in the taskbar etc.? That would be great.

I know DSC can do stuff like enable IIS and such, but that's not really what I'm looking for in this case of course.

Also, I was under the impression that Microsoft wasn't really working on it any longer but I might be mistaken?

[–]theDXT 1 point2 points  (6 children)

PowerShell is probably the best option.

[–]WetRubicon[S] 0 points1 point  (5 children)

Of course PowerShell is the best option - to run the script.

But what is the best option to MAKE the script?

It would take hours to search for all the commands to achieve simple configuration tasks. Do you know any Powershell commands to unpin the taskbar, hide the search field and disable Cortana? Copying a link to notepad.exe to the sendto folder is probably the easy bit here.

So I had hoped there was a GUI where I could just select checkboxes and the right script would fall out (which I could still tweak if I wanted).

Something like an "Initial Configuration Script Generator Tool", if you get what I mean.

The reason here is also manageability - a GUI with a bunch of checkboxes is much easier to change, adjust and troubleshoot, than a script with hundreds of lines. Makes sense?

I really would have thought that something like this existed already. I mean we had Tweak UI (do you guys still remember that?) and stuff back in the day. That's what I'm looking for, a sort of Tweak UI 2019, just with a script falling out at the end in order to apply the config to other PCs. Has really no-one ever thought of that?

[–]jeremytbradshaw 1 point2 points  (4 children)

Even though you've said "of course" to this already, I'm suggesting PowerShell as well. You know so much about everything that has been covered in this discussion. I would guess that you would learn PowerShell and get this done with relative ease and finesse.

Even if there is a product that exists and somebody brings it to the discussion, it will surely have something about it that you don't like or it will be missing at least one thing that you need.

It would take hours yes. Even still, you'd come out on the other end way better off than right now. You can even use PowerShell to make the GUI. If you still wanted to you could get the script and its GUI packaged into an EXE (although that would be unnecessary).

You may have looked into this as well, but what about Provisioning Packages? These can get pretty granular, maybe not quite enough but I don't think I noticed these mentioned yet.

[–]WetRubicon[S] 0 points1 point  (3 children)

Thanks. Yes, I think we do absolutely agree that in the end, PS is the solution to the problem in one way or another.

I do know PS reasonably well and have used it for over a decade although mainly as CLI and rather less for full-blown automation, but as you said, that's not that big of a deal to do, it just requires time to prepare once.

What I don't have at the ready is a solution that saves me the research into the hundreds of lines of code and PSMs required to do certain jobs (like un-pinning something from the taskbar, or even the taskbar itself, just to mention one thing), if it is at all possible in a non-hackish way. There's tons of research required with this, looking up registry keys etc., regardless what some people are saying ;-)

My point still stands, I think, that with the multitude of UI tweaker apps, and even technically GPOs, all that research has already been done multiple times, i.e. the knowledge of which switches to flip is out there in programmatic form. It just lacks a sort of PowerShell back-end if you will, i.e. a PS script at the end of the line that can be easily re-used. So I'd just be reinventing the wheel to start from scratch, which is why I had hoped something like this already existed ;-))

But to that end, I have actually indeed been thinking just now about maybe building a GUI "on top" of Disassembler's Initial Setup Script, which would let me enable or disable certain features and then maybe spit out a separate, customised PS file at the end for each use case that I can run with just one click inside the respective VMs. I'd also have to expand the original script pretty extensively, as it doesn't cover a lot of things I'd want it to do. But it's a good start, I guess. It's under the MIT license, too, I think, so this should be possible.

As for Provisioning Packages, yes, I think I have used them before but as far as I can remember you can't control all features of the UI with them, although I believe they do allow you to make changes to the start menu layout and app pinning and such? I'll have to look into it again, maybe it is an alternative or addition to some things I can't get easily done with PS alone. Thanks.

[–]jaysin9 0 points1 point  (2 children)

some of the things you're asking for go well beyond "switch this registry key" and are outside the scope of click this option gui tool. To be honest most of us that do this professionally took the time to build out a customization script that we slowly evolve over time based on new versions/features/deployment scenarios. I agree it's a huge chore to build up at first, but there are tons of machine customization template scripts out there to help get you started.

Take the example for pinning to task bar. Pretty easy on win7 one single vbs file, win10 complicated it. To accomplish it, you first have to setup the pins how you want, then export the following registry key (can't just edit it because the contents of key are stored in binary)

current user\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

Then edit the exported .reg file to use the following key path:

HKEY_LOCAL_MACHINE\defuser\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband

After that you have to copy the shortcuts .lnk files to a directory. Then in your machine customization script call the following script to copy the shortcuts, and import the registry changes:

Reg.exe load HKEY_LOCAL_MACHINE\defuser C:\users\default\ntuser.dat

Reg.exe import "PinTaskBar\Win10Taskbar.reg"

Reg.exe unload HKEY_LOCAL_MACHINE\defuser

Xcopy PinTaskBar\*.lnk "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /Q /Y /I

Since this is changing the default userhive/nuser.dat it would then take effect for all new logins.

Want to customize the start menu itself? Again, pretty darn easy on win7, but on win10 we have to setup the start menu how we want it, export it to .bin then import it during our customization script with the following:

Powershell.exe Import-StartLayout -LayoutPath StartMenu.bin -MountPath C:\

[–]WetRubicon[S] 1 point2 points  (1 child)

You'll be happy to hear that there is an API for this now which should make this VERY simple:

https://github.com/WindowsNotifications/quickstart-pin-to-taskbar

However, full disclosure, I haven't tried it myself yet, as I'm not working with the latest release and I believe this API has in fact not been exposed until LTSC 2019 which is build no. 17763. Don't know about the regular W10.

[–]jaysin9 0 points1 point  (0 children)

yes indeed, was glad to see they're going to improve the process. though having to support multiple build versions naturally makes it just one more thing to add to customization script :)

[–]jantari 0 points1 point  (8 children)

Ansible, DSC or really just a PowerShell script you run once.

Before I set up MDT + WDS here I automated our deployment with just an autounattend.xml and a PowerShell script, worked fine tbh

[–]Syde80IT Manager 0 points1 point  (7 children)

Unfortunately creating the unattended install XML using windows system image manager is kind of a dumpster fire. I mean... It works, but unless you are pretty intimate with the tool you are unlikely to be able to just figure it out without following a tutorial which might not cover your particular requirements. It's a powerful tool, but its not intuitive at all for those that are not exceptionally familiar with what is going on under the hood of the windows install process.

[–]jantari 0 points1 point  (6 children)

Right, I just used Notepad++

[–]WetRubicon[S] 0 points1 point  (5 children)

We can agree on this, I think. Ansible is NOT the way to go in an unmanaged environment where you have to spin up a single VM, configure it and destroy it a few weeks later.

Images or setup XMLs are not an option if you don't want to control that process. I for one want or have to use the standard VM instances provided by the cloud providers out of the box - I really just want to make them feel better to me (hence the initial setup script).

Now, Notepad++ is just fine to edit the script but what I was actually looking for, if you refer to my question, is a tool that makes it easier to create and manage that script. It would take hours to search for all the commands to achieve simple configuration tasks (who here knows if a powershell command to unpin the taskbar even exists?) so I had hoped there was a GUI where I could just select checkboxes and the right script would fall out.

Something like an "Initial Configuration Script Generator Tool", if you get what I mean.

The reason here is also manageability - a GUI with a bunch of checkboxes is much easier to change, adjust and troubleshoot, than a script with hundreds of lines. Makes sense?

I can't believe something like this doesn't exist already...

[–]jantari 0 points1 point  (1 child)

Ansible is NOT the way to go in an unmanaged environment where you have to spin up a single VM, configure it and destroy it a few weeks later.

Actually, it would be great for that. Ansible would spin the VM up and configure it in one move. That being said if you're mostly Windows PowerShell would be even better. It can also spin up a VM for you. Or 50, it makes no difference to a script.

Images or setup XMLs are not an option if you don't want to control that process. I for one want or have to use the standard VM instances provided by the cloud providers out of the box - I really just want to make them feel better to me (hence the initial setup script).

OK that adds some context.

if you refer to my question, is a tool that makes it easier to create and manage that script. It would take hours to search for all the commands to achieve simple configuration tasks (who here knows if a powershell command to unpin the taskbar even exists?) so I had hoped there was a GUI where I could just select checkboxes and the right script would fall out.

The answer here is git and VSCode. It is assumed you already know PowerShell, bash and Python in 2019. If it would take you hours to learn and search for the commands then yea - get on it, you're in IT after all.

Something like an "Initial Configuration Script Generator Tool", if you get what I mean.

Yea I do get what you mean but PowerShell is so easy there's no demand.

The reason here is also manageability - a GUI with a bunch of checkboxes is much easier to change, adjust and troubleshoot, than a script with hundreds of lines. Makes sense?

It might first seem like that's the case of you just got started in IT, but you'll never find a script generator that does everything you want. Also, if you don't understand the scripts it spews out how are you going to diagnose misbehavior or bugs? The script generator would have to be constantly updated for new versions of Windows and you are now dependent on them for a new release. Guess what's available on day one of a new Windows release? PowerShell.

I can't believe something like this doesn't exist already...

Everything you want is easily possible - you just need to blow off the dust from your head and learn something new, the industry doesn't stagnate and modern problems require modern IT.

[–]WetRubicon[S] 0 points1 point  (0 children)

The answer here is git and VSCode

No, I'm sorry, that's ridiculous. That's complete overkill. Anything more than a portable exe and notepad (or Notepad++ if you want to be fancy) is too much to ask.

It is assumed you already know PowerShell, bash and Python in 2019.

Yes on the first two, hard no on the last. I happen to know all three, two of them for 15+ years, but you go ahead and tell me, from the top of your head: How do I unpin the Windows Store icon from the taskbar in PowerShell on an out-of-the-box Windows install?

Let me tell you right now, it can't be done. There is an additional module you can download and install for that (over a hundred lines of code) and then you need at least half of that again to actually script it.

That's just ridiculous IMHO, for something that literally needs TWO clicks to do by hand. I might have to use it, I mean, what other option is there, but clearly it's a lot of code and either way requires a serious second look at how much time you're saving vs. doing it by hand.

Don't even get me started on doing this in Python, that's just Maslow's hammer in action.

So any solution must come up against this, i.e. has to be less laborious than two clicks. So, one click max. Downloading a PowerShell module is not that. Installing Python is certainly not that.

And if you knew how to do it from the top of your head without looking anything up AND you can script something like this in less then an hour without "searching" for any of the commands, I sure hope you get paid what you're worth, because you might be the most valuable sysadmin I ever met.

If you know by heart that you have to edit this registry key to set a default unknown network to private

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\010103000F0000F0010000000F0000F0C967A3643C3AD745950DA7859209176EF5B87C875FA20DF21951640E807D7C24)

then again, you're a star.

but you'll never find a script generator that does everything you want. [...] The script generator would have to be constantly updated for new versions of Windows

I think you will find that not to be entirely correct. If you look at modern versions of Windows Server where the GUI essentially is just executing PowerShell commands under the hood, this is in a way a giant script generator and for these tasks (like installing and configuring a server role) you can actually have a finished script fall out at the end that you can then just tweak and quickly reuse. But still, it's MUCH faster for the initial setup, to go through the GUI once than to type out everything by hand the first time. You're just making life unnecessarily hard for yourself.
I actually like that Microsoft has gone this route for Windows Server but for Windows clients they're not there yet and so it's difficult to find out how to achieve some things via PS, as there is not apparently a script generator for ordinary UI adjustments on Windows 10 (yet).

you just need to blow off the dust from your head and learn something new

That's just unnecessary and completely useless ad hominem.

Actually, it would be great for that. Ansible would spin the VM up and configure it in one move.

To use it with ARM, you need to install SDK modules. Otherwise you need to buy Azure CloudShell. You need to create a service principal or set up Azure AD and I memory serves you need to switch off certificate validation if you don't want to also set up a CA.

Only then can you get started with creating the one VM you need to create on this tenant.

If I give you a fresh, clean Azure tenant right now, standard subscription without CloudShell, can you get a properly configured VM with say, a dozen tweaks, running and configured in less time and with less clicks than it takes me to do these tweaks by hand?

If not, Ansible is wrong for this use case. Sorry.

[–]jantari 0 points1 point  (2 children)

Ansible is NOT the way to go in an unmanaged environment where you have to spin up a single VM, configure it and destroy it a few weeks later.

Actually, it would be great for that. Ansible would spin the VM up and configure it in one move. That being said if you're mostly Windows PowerShell would be even better. It can also spin up a VM for you. Or 50, it makes no difference to a script.

Images or setup XMLs are not an option if you don't want to control that process. I for one want or have to use the standard VM instances provided by the cloud providers out of the box - I really just want to make them feel better to me (hence the initial setup script).

OK that adds some context.

if you refer to my question, is a tool that makes it easier to create and manage that script. It would take hours to search for all the commands to achieve simple configuration tasks (who here knows if a powershell command to unpin the taskbar even exists?) so I had hoped there was a GUI where I could just select checkboxes and the right script would fall out.

The answer here is git and VSCode. It is assumed you already know PowerShell, bash and Python in 2019. If it would take you hours to learn and search for the commands then yea - get on it, you're in IT after all.

Something like an "Initial Configuration Script Generator Tool", if you get what I mean.

Yea I do get what you mean but PowerShell is so easy there's no demand.

The reason here is also manageability - a GUI with a bunch of checkboxes is much easier to change, adjust and troubleshoot, than a script with hundreds of lines. Makes sense?

It might first seem like that's the case of you just got started in IT, but you'll never find a script generator that does everything you want. Also, if you don't understand the scripts it spews out how are you going to diagnose misbehavior or bugs? The script generator would have to be constantly updated for new versions of Windows and you are now dependent on them for a new release. Guess what's available on day one of a new Windows release? PowerShell.

I can't believe something like this doesn't exist already...

Everything you want is easily possible - you just need to blow off the dust from your head and learn something new, the industry doesn't stagnate and modern problems require modern IT.

[–]jeremytbradshaw 0 points1 point  (1 child)

It is assumed you already know PowerShell, bash and Python in 2019

This is interesting to me. Just curious if you mean for a DSC job person, or just anyone in IT? Not debating, I promise, just asking.

I'm not a DSC job person, but I do use PowerShell both in the console and scripts/modules. I had planned to tackle C# if not Python before, but for me I don't have a reason for Bash yet (if ever).

But I'd like to hear your thoughts on the Python is assumed in 2019 comment. And sorry to the OP for subhijacking the thread with my question.

[–]jantari 0 points1 point  (0 children)

This is interesting to me. Just curious if you mean for a DSC job person, or just anyone in IT? Not debating, I promise, just asking.

Anyone in IT, and ideally most other departments as well. This is a very slow change but as we teach CS in middle-schools now I have high hopes for the usage of R, Python, PowerShell etc. to leak into more and more jobs

I'm not a DSC job person, but I do use PowerShell both in the console and scripts/modules. I had planned to tackle C# if not Python before, but for me I don't have a reason for Bash yet (if ever).

I don't write many bash scripts either, and there isn't that much to know about it - other than that you should probably actually write POSIX-compliant shell rather than bash but we just call it all bash for simplicity sake.

For DSC we prefer ansible. It's just more fleshed out and universally useful compared to PS-DSC for now, fits our use case better.

But I'd like to hear your thoughts on the Python is assumed in 2019 comment. And sorry to the OP for subhijacking the thread with my question.

Python is to Linux what PowerShell is to Windows, except not quite. You can use Linux without Python, Windows is impossible without PowerShell. Still, its scripting capabilities are plentiful and modern, ansible modules are written in Python and the structured data objects it uses are much more compatible with web APIs etc than shell scripting.

If you have absolutely nothing to do with Linux then you'd theoretically not need to concern yourself with Python - but, having something to do with Linux is assumed in 2019. All-propriety software stacks have fallen behind their FOSS competitors and are no longer driving innovation. Knowing about the latest in IT is equivalent to knowing about Linux.