Image by Alexandra from Pixabay.

Creating DSC Configurations with DscBaseline

DscBaseline is a PowerShell module that creates DSC configurations based on the configuration of the current system. It aims to expedite the adoption of Microsoft Desired State Configuration (DSC) for configuration management. DscBaseline does not make any changes to the system. It only reads the current settings and creates several configuration files in the specified working directory. This post provides a very brief overview of DSC followed by how to use DscBaseline.

DSC Overview

If you’re new to DSC, the following three posts are a great place to start.

  1. DSC Overview for Developers
  2. DSC Overview for Decision Makers
  3. DSC Overview for Engineers

DscBaseline Overview

  1. Security Policy — Account Policy (SecurityPolicyDsc)
  2. Security Policy — Security Option (SecurityPolicyDsc)
  3. Security Policy — User Rights Assignment (SecurityPolicyDsc)
  4. Audit Policy (AuditPolicyDsc)
  5. Network (NetworkingDsc)
  6. Services (PSDscResources)
  7. *Group Policy — EXPERIMENTAL. See known issues for details. (PSDscResources)

DscBaseline should be launched in an elevated command prompt since many of the settings require that level of access.

Before proceeding, read this post in its entirety along with the README.

Installing and Importing

PowerShell Gallery

This is by far the easiest method; just run the following commands.

PS C:\> Install-Module DscBaseline
PS C:\> Import-Module DscBaseline


Download the source zip file and extract it to a desired directory or clone the repository. Then import the module by specifying the psd1 file.

PS C:\> Import-Module C:\DscBaseline\DscBaseline.psd1

Launching DscBaseline

Invoke-DscBaseline returns a hashtable object showing the configuration files it created.

DscBaseline usage and output


  1. There is a return statement early in the script to prevent accidentally running the configuration. If you wish to proceed, just remove or comment out that line.
  2. Set-LcmSetting is configured -RebootNodeIfNeeded $false. If you’re testing on a private VM you may want to change this setting to $true.

Review Configuration Files Before Use