Decrypting the current MOF on WMF5

Decrypting the current MOF on WMF5

April 4, 2016

At the PowerShell Summit in Bellevue, I presented about how DSC now automatically encrypts the current.mof, in order to address some customer concerns about the existing encryption. After this talk, I was asked some questions about how to decrypt this new encryption. When I got back to work, I added a simple function, Unprotect-xDscConfiguration to the xDscDiagnostics module on GitHub. It takes a parameter for the name of the stage that you would like to decrypt (see the documention for the stage parameter of Remove-DSCConfigurationDocument). The function will currently only work locally (feel free to submit an issue or a PR) and must be run as administrator to be able to decrypt the MOF. Example usage and output are below as well.


At the time of the writing, the release version ( of xDscDiagnostics dose not have this change, but there are instruction on how to install the development version using PowerShell Get on GitHub.

Example Usage

Unprotect-xDscConfigurtion -Stage Previous

Example output

@GenerationDate=04/07/2016 16:54:16

instance of MSFT_LogResource as $MSFT_LogResource1ref
SourceInfo = "::1::24::log";
 ModuleName = "PsDesiredStateConfiguration";
 ResourceID = "[Log]example";
 Message = "example";

ModuleVersion = "1.0";
 ConfigurationName = "example";
instance of OMI_ConfigurationDocument


                        MinimumCompatibleVersion = "1.0.0";

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};


                        GenerationDate="04/07/2016 16:54:16";