Comments (3)
tysonjhayes
commented on June 14, 2024
IMO opinion most desired state configuration software (Chef, Puppet, DSC etc) don't really support this use case. The configuration is only aware of the state you've given it. So in your example it'd only be aware of Site-A and Site-B and would have no concept of the other sites. By the design you'd have to explicitly disallow those sites. Though I could be totally wrong. 😁
from webadministrationdsc.
ScriptAutomate
commented on June 14, 2024
You would have to explicitly setup your DSC configuration to say Ensure: Absent for the specific websites and app pools that you do not wish to have present. There isn't a way to do a "Search for all sites that exist which don't match Site-A and Site-B" short of scripting it outside of DSC, or creating a custom catch-all DSC resource call (which should not be used, in my opinion).
In Chef I know you technically could run a script-block in a recipe that checks to see if anything is returned from a PowerShell query that is searching for non-matching sites, but that is bad practice.
You have to make sure that any changes being done to an environment are being done via your configuration management solution, as DSC will only be aware of what it has been directed to target. If you are worried others are logging on and making websites that they should not, you may need to evaluate changes to the way change management is done and modifying the Administrative permissions that people have on those target nodes.
from webadministrationdsc.
hahndorf
commented on June 14, 2024
@ScriptAutomate - I understand DSC much better now and agree with everything you said.
Yes it would be nice to have a very strictly managed environment where admin always follow the rules, but in the real world, that's not how it works.
On my servers as part of my monitoring scripts I check for the number of users, installed features running websites etc. and generate an alert if a non-desired number has been found.
I initially thought, it would be nice if these checks would be part of DSC and would be corrected automatically, but that could break things.
I now think its better to keep this alert system parallel with DSC and then manually look into any changes and potentially roll them back or add them to the DSC configuration.
from webadministrationdsc.
Related Issues (20)
- xWebConfigPropertyCollection: Adding system.webServer/security/authorization fails Test-TargetResource HOT 3
- xWebAdministration: Rename master branch to main
- Parameter 'PhysicalPath' should point to existing path, on Azure File Share HOT 4
- Unable to configure IIS using PowerShell DSC Resource xWebAdministration v3.20 HOT 3
- Can you set multiple file extensions to allowed for request filtering? HOT 1
- Suported? - xWebSite - Windows Authentication - Advanced Settings/Providers HOT 2
- WebApplication: Integration test failing
- How to add credentials with empty password in xWebAppPool. HOT 2
- Confusing package names in PowerShell Gallery HOT 5
- Name will not take ".Net6 Core ", Net6 Core works but want the "." HOT 1
- WebAppPoolDefaults : Add Missing Configuration Items
- xWebAppPool and xWebApplication cannot delete entities in use and do nothing HOT 1
- Website: PowerShell DSC resource DSC_WebSite failed to execute Test-TargetResource functionality with error message: System.Exception: Please ensure that the PowerShell module 'WebAdministration' is installed.
- Website: unable to change advanced Authentication Settings HOT 1
- IisFeatureDelegation wipes out config HOT 1
- IIS site binding new SSL flags
- IisMimeTypeMapping ansible config? HOT 1
- WebAdministrationDsc: Move historic change log back to the file CHANGELOG.md
- WebConfigPropertyCollection needs to allow null or empty strings for specific collection items like '/system.webServer/security/requestFiltering/hiddenSegments'
- IisModule - Using to remove at server level doesn't work HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webadministrationdsc.