How to Configure a DSC Pull Server on Windows Server 2016

Introduction

PowerShell Desired State Configuration (DSC) Pull Server on Windows Server 2016 provides a centralised configuration management service. Target nodes automatically pull their configuration MOF files and report compliance status back, enabling drift detection and automatic remediation at scale.

Installing Pull Server Prerequisites

Install required features and modules:

Install-WindowsFeature DSC-Service, Web-Server -IncludeManagementTools
Install-Module xPSDesiredStateConfiguration -Force

Configuring the Pull Server

Deploy the pull server using a DSC configuration:

Configuration PullServer {
    Import-DSCResource -ModuleName xPSDesiredStateConfiguration
    Node localhost {
        WindowsFeature DSCSvc { Ensure='Present'; Name='DSC-Service' }
        xDscWebService PullSvc {
            Ensure              = 'Present'
            EndpointName        = 'PSDSCPullServer'
            Port                = 8080
            PhysicalPath        = 'C:inetpubPSDSCPullServer'
            CertificateThumbPrint = 'AllowUnencryptedTraffic'
            ModulePath          = 'C:Program FilesWindowsPowerShellDscServiceModules'
            ConfigurationPath   = 'C:Program FilesWindowsPowerShellDscServiceConfiguration'
            State               = 'Started'
            DependsOn           = '[WindowsFeature]DSCSvc'
        }
    }
}
PullServer -OutputPath C:DSC
Start-DscConfiguration -Path C:DSC -Wait -Verbose -Force

Creating and Publishing Node Configurations

Author and publish a node configuration MOF:

Configuration WebBaseline {
    Node WebServer {
        WindowsFeature IIS { Ensure='Present'; Name='Web-Server' }
        Service W3SVC { Name='W3SVC'; StartupType='Automatic'; State='Running' }
    }
}
WebBaseline -OutputPath C:DSCConfigs
New-DscChecksum -Path C:DSCConfigsWebServer.mof
Copy-Item C:DSCConfigsWebServer.mof 'C:Program FilesWindowsPowerShellDscServiceConfiguration'
Copy-Item C:DSCConfigsWebServer.mof.checksum 'C:Program FilesWindowsPowerShellDscServiceConfiguration'

Configuring a Pull Client

Set a target node to pull its configuration:

[DSCLocalConfigurationManager()]
Configuration LCMConfig {
    Node WebServer01 {
        Settings {
            RefreshMode = 'Pull'
            ConfigurationID = '11111111-1111-1111-1111-111111111111'
            RefreshFrequencyMins = 30
            RebootNodeIfNeeded = $true
        }
        ConfigurationRepositoryWeb PullSrv {
            ServerURL = 'http://dscpull.contoso.com:8080/PSDSCPullServer.svc'
        }
    }
}
LCMConfig -OutputPath C:DSCLCM
Set-DscLocalConfigurationManager -Path C:DSCLCM -ComputerName WebServer01

Checking Compliance

Verify DSC compliance across managed servers:

$nodes = @('WebServer01','WebServer02')
foreach ($n in $nodes) {
    $status = Test-DscConfiguration -ComputerName $n
    Write-Host "$n In Desired State: $($status.InDesiredState)"
}

Summary

DSC Pull Server on Windows Server 2016 provides centralised, automated configuration management. Nodes self-heal by periodically pulling and applying their configuration, ensuring consistent baselines across your server fleet without manual intervention or configuration drift.