Decrypting the current MOF on WMF5

Decrypting the current MOF on WMF5
DSC
Published

April 4, 2016

At the PowerShell Summit in Bellevue, I presented about how DSC now automatically encrypts the current.mof, in order to address some customer concerns about the existing encryption. After this talk, I was asked some questions about how to decrypt this new encryption. When I got back to work, I added a simple function, Unprotect-xDscConfiguration to the xDscDiagnostics module on GitHub. It takes a parameter for the name of the stage that you would like to decrypt (see the documention for the stage parameter of Remove-DSCConfigurationDocument). The function will currently only work locally (feel free to submit an issue or a PR) and must be run as administrator to be able to decrypt the MOF. Example usage and output are below as well.

Installation

At the time of the writing, the release version (2.2.0.0) of xDscDiagnostics dose not have this change, but there are instruction on how to install the development version using PowerShell Get on GitHub.

Example Usage

Unprotect-xDscConfigurtion -Stage Previous

Example output

/*
@TargetNode='localhost'
@GeneratedBy=tplunk
@GenerationDate=04/07/2016 16:54:16
@GenerationHost=localhost
*/

instance of MSFT_LogResource as $MSFT_LogResource1ref
{
SourceInfo = "::1::24::log";
 ModuleName = "PsDesiredStateConfiguration";
 ResourceID = "[Log]example";
 Message = "example";

ModuleVersion = "1.0";
 ConfigurationName = "example";
};
instance of OMI_ConfigurationDocument

                    {
 Version="2.0.0";

                        MinimumCompatibleVersion = "1.0.0";

                        CompatibleVersionAdditionalProperties= {"Omi_BaseResource:ConfigurationName"};

                        Author="tplunk";

                        GenerationDate="04/07/2016 16:54:16";

                        GenerationHost="localhost";

                        Name="example";

                    };