DSC
DSC copied to clipboard
PowerShell
Failed to serialize properties into CimInstance
Prerequisites
- [x] Write a descriptive title.
- [x] Make sure you are able to repro it on the latest version
- [x] Search the existing issues.
Summary
If a DSC resource uses custom CIM types in this case for AccessControlDsc/NTFSAccessEntry serialization will fail. This resource utilizes two nested custom types NTFSAccessControlEntry and NTFSAccessControlList.
https://github.com/mcollera/AccessControlDsc/blob/Dev/DscResources/NTFSAccessEntry/NTFSAccessEntry.schema.mof
Steps to reproduce
Took this example and turned it into dsc v3 notation: https://github.com/mcollera/AccessControlDsc/blob/Dev/Examples/NtfsAccessEntry_example.ps1
$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
resources:
- name: test
type: AccessControlDSC/NTFSAccessEntry
properties:
Path: c:\temp\test
AccessControlList:
- Principal: Everyone
AccessControlEntry:
- AccessControlType: Allow
FileSystemRights: FullControl
Inheritance: This folder and files
Ensure: Present
Expected behavior
Works
Actual behavior
2025-07-24T04:31:29.303209Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496:
Message : Failed to serialize properties into CimInstance.
Data : {}
InnerException :
TargetSite : Microsoft.Management.Infrastructure.CimInstance SerializeIntoCimInstance(System.Management.Automation.Language.DynamicKeyword, Microsoft.PowerShell.Commands.ModuleSpecification, System.Collections.Hashtable)
StackTrace : at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.SerializeIntoCimInstance(DynamicKeyword resourceInfo, ModuleSpecification moduleSpecification, Hashtable property)
at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.CreateParametersCollection()
at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
HelpLink :
Source : Microsoft.Windows.DSC.CoreConfProviders
HResult : -2146233076
2025-07-24T04:31:29.304567Z ERROR dsc_lib::dscresources::command_resource: 896: PID 27496: Exception: Failed to serialize properties into CimInstance.
2025-07-24T04:31:29.322548Z DEBUG dsc_lib::dscresources::command_resource: 660: Process 'powershell' id 27496 exited with code 1
2025-07-24T04:31:29.323978Z ERROR dsc::subcommand: 75: Command: Resource 'powershell' [exit code 1] manifest description: Error
Error details
2025-07-24T04:31:28.204698Z DEBUG dsc_lib::configure::depends_on: 90: Resource invocation order: [Resource { resource_type: "Microsoft.Windows/WindowsPowerShell", name: "AccessControlDSC/NTFSAccessEntry", depends_on: None, kind: None, properties: Some({"resources": Array [Object {"name": String("AccessControlDSC/NTFSAccessEntry"), "type": String("AccessControlDSC/NTFSAccessEntry"), "properties": Object {"Path": String("c:\\temp\\test"), "AccessControlList": Array [Object {"Principal": String("Everyone"), "AccessControlEntry": Array [Object {"AccessControlType": String("Allow"), "FileSystemRights": String("FullControl"), "Inheritance": String("This folder and files"), "Ensure": String("Present")}]}]}}]}), metadata: None, condition: None }]
2025-07-24T04:31:28.205089Z DEBUG dsc_lib::configure: 860: Invoke property expressions
2025-07-24T04:31:28.205443Z TRACE dsc_lib::configure: 868: Invoke property expression for resources: [{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}]
2025-07-24T04:31:28.205767Z DEBUG dsc_lib::configure: 860: Invoke property expressions
2025-07-24T04:31:28.206177Z TRACE dsc_lib::configure: 868: Invoke property expression for name: "AccessControlDSC/NTFSAccessEntry"
2025-07-24T04:31:28.206498Z DEBUG dsc_lib::parser: 48: Parsing statement: AccessControlDSC/NTFSAccessEntry
2025-07-24T04:31:28.206826Z DEBUG dsc_lib::parser: 72: Parsing string literal: AccessControlDSC/NTFSAccessEntry
2025-07-24T04:31:28.207156Z TRACE dsc_lib::configure: 868: Invoke property expression for type: "AccessControlDSC/NTFSAccessEntry"
2025-07-24T04:31:28.207498Z DEBUG dsc_lib::parser: 48: Parsing statement: AccessControlDSC/NTFSAccessEntry
2025-07-24T04:31:28.207817Z DEBUG dsc_lib::parser: 72: Parsing string literal: AccessControlDSC/NTFSAccessEntry
2025-07-24T04:31:28.208135Z TRACE dsc_lib::configure: 868: Invoke property expression for properties: {"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}
2025-07-24T04:31:28.208433Z DEBUG dsc_lib::configure: 860: Invoke property expressions
2025-07-24T04:31:28.208769Z TRACE dsc_lib::configure: 868: Invoke property expression for Path: "c:\\temp\\test"
2025-07-24T04:31:28.209084Z DEBUG dsc_lib::parser: 48: Parsing statement: c:\temp\test
2025-07-24T04:31:28.209407Z DEBUG dsc_lib::parser: 72: Parsing string literal: c:\temp\test
2025-07-24T04:31:28.209775Z TRACE dsc_lib::configure: 868: Invoke property expression for AccessControlList: [{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]
2025-07-24T04:31:28.210094Z DEBUG dsc_lib::configure: 860: Invoke property expressions
2025-07-24T04:31:28.210305Z TRACE dsc_lib::configure: 868: Invoke property expression for Principal: "Everyone"
2025-07-24T04:31:28.210546Z DEBUG dsc_lib::parser: 48: Parsing statement: Everyone
2025-07-24T04:31:28.210846Z DEBUG dsc_lib::parser: 72: Parsing string literal: Everyone
2025-07-24T04:31:28.211208Z TRACE dsc_lib::configure: 868: Invoke property expression for AccessControlEntry: [{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]
2025-07-24T04:31:28.211482Z DEBUG dsc_lib::configure: 860: Invoke property expressions
2025-07-24T04:31:28.211768Z TRACE dsc_lib::configure: 868: Invoke property expression for AccessControlType: "Allow"
2025-07-24T04:31:28.212089Z DEBUG dsc_lib::parser: 48: Parsing statement: Allow
2025-07-24T04:31:28.212454Z DEBUG dsc_lib::parser: 72: Parsing string literal: Allow
2025-07-24T04:31:28.212772Z TRACE dsc_lib::configure: 868: Invoke property expression for FileSystemRights: "FullControl"
2025-07-24T04:31:28.213112Z DEBUG dsc_lib::parser: 48: Parsing statement: FullControl
2025-07-24T04:31:28.213452Z DEBUG dsc_lib::parser: 72: Parsing string literal: FullControl
2025-07-24T04:31:28.213745Z TRACE dsc_lib::configure: 868: Invoke property expression for Inheritance: "This folder and files"
2025-07-24T04:31:28.214070Z DEBUG dsc_lib::parser: 48: Parsing statement: This folder and files
2025-07-24T04:31:28.214426Z DEBUG dsc_lib::parser: 72: Parsing string literal: This folder and files
2025-07-24T04:31:28.214746Z TRACE dsc_lib::configure: 868: Invoke property expression for Ensure: "Present"
2025-07-24T04:31:28.215072Z DEBUG dsc_lib::parser: 48: Parsing statement: Present
2025-07-24T04:31:28.215429Z DEBUG dsc_lib::parser: 72: Parsing string literal: Present
2025-07-24T04:31:28.215771Z DEBUG dsc_lib::configure: 332: resource_type Microsoft.Windows/WindowsPowerShell
2025-07-24T04:31:28.216065Z TRACE dsc_lib::configure: 334: filter: {"resources":[{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}],"metadata":{"Microsoft.DSC":{"context":"configuration"}}}
2025-07-24T04:31:28.216450Z DEBUG dsc_lib::dscresources::dscresource: 218: Invoking get for 'Microsoft.Windows/WindowsPowerShell'
2025-07-24T04:31:28.216850Z DEBUG dsc_lib::dscresources::command_resource: 29: Invoking get for 'Microsoft.Windows/WindowsPowerShell'
2025-07-24T04:31:28.217189Z DEBUG dsc_lib::dscresources::command_resource: 775: Verify JSON for 'Microsoft.Windows/WindowsPowerShell'
2025-07-24T04:31:28.217553Z TRACE dsc_lib::dscresources::command_resource: 779: Validating against JSON: {"resources":[{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}],"metadata":{"Microsoft.DSC":{"context":"configuration"}}}
2025-07-24T04:31:28.217930Z TRACE dsc_lib::dscresources::command_resource: 432: Invoking validate on 'Microsoft.Windows/WindowsPowerShell' using '{"resources":[{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}],"metadata":{"Microsoft.DSC":{"context":"configuration"}}}'
2025-07-24T04:31:28.218303Z DEBUG dsc_lib::dscresources::command_resource: 762: No input kind specified
2025-07-24T04:31:28.218758Z INFO dsc_lib::dscresources::command_resource: 441: Invoking validate on 'Microsoft.Windows/WindowsPowerShell' using 'powershell'
2025-07-24T04:31:28.219087Z DEBUG dsc_lib::dscresources::command_resource: 699: Invoking command 'powershell' with args Some(["-NoLogo", "-NonInteractive", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", "$Input | ./psDscAdapter/powershell.resource.ps1 Validate"])
2025-07-24T04:31:28.493965Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 24376: PSVersion=5.1.26100.4652
2025-07-24T04:31:28.494651Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 24376: PSPath=C:\Windows\System32\WindowsPowerShell\v1.0
2025-07-24T04:31:28.494853Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 24376: PSModulePath=C:\Users\Thomas\Documents\PowerShell\Modules;C:\Program Files\PowerShell\Modules;c:\program files\powershell\7-preview\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
2025-07-24T04:31:28.519407Z DEBUG dsc_lib::dscresources::command_resource: 660: Process 'powershell' id 24376 exited with code 0
2025-07-24T04:31:28.520238Z DEBUG dsc_lib::dscresources::command_resource: 758: Parsing input as stdin
2025-07-24T04:31:28.520459Z INFO dsc_lib::dscresources::command_resource: 40: Invoking get 'Microsoft.Windows/WindowsPowerShell' using 'powershell'
2025-07-24T04:31:28.520639Z DEBUG dsc_lib::dscresources::command_resource: 699: Invoking command 'powershell' with args Some(["-NoLogo", "-NonInteractive", "-NoProfile", "-ExecutionPolicy", "Bypass", "-Command", "$Input | ./psDscAdapter/powershell.resource.ps1 Get"])
2025-07-24T04:31:28.525191Z TRACE dsc_lib::dscresources::command_resource: 616: Writing to command STDIN: {"resources":[{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}],"metadata":{"Microsoft.DSC":{"context":"configuration"}}}
2025-07-24T04:31:28.793046Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PSVersion=5.1.26100.4652
2025-07-24T04:31:28.793962Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PSPath=C:\Windows\System32\WindowsPowerShell\v1.0
2025-07-24T04:31:28.794275Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PSModulePath=C:\Users\Thomas\Documents\PowerShell\Modules;C:\Program Files\PowerShell\Modules;c:\program files\powershell\7-preview\Modules;C:\Program Files\WindowsPowerShell\Modules;C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules
2025-07-24T04:31:28.799464Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: jsonInput={"resources":[{"name":"AccessControlDSC/NTFSAccessEntry","type":"AccessControlDSC/NTFSAccessEntry","properties":{"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":[{"AccessControlType":"Allow","FileSystemRights":"FullControl","Inheritance":"This folder and files","Ensure":"Present"}]}]}}],"metadata":{"Microsoft.DSC":{"context":"configuration"}}}
2025-07-24T04:31:28.966549Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: Reading from Get-DscResource cache file C:\Users\Thomas\AppData\Local\dsc\WindowsPSAdapterCache.json
2025-07-24T04:31:29.002836Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: Checking cache for stale PSModulePath
2025-07-24T04:31:29.021851Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PSModulePath diff ''
2025-07-24T04:31:29.022739Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: Checking cache for stale entries
2025-07-24T04:31:29.078800Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: OS version: Microsoft Windows NT 10.0.26100.0
2025-07-24T04:31:29.079753Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PowerShell version: 5.1.26100.4652
2025-07-24T04:31:29.081659Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: PSDesiredStateConfiguration module version: 1.1
2025-07-24T04:31:29.096396Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: DSC resource implementation: ScriptBased
2025-07-24T04:31:29.125143Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496: Module: AccessControlDSC, Name: NTFSAccessEntry, Property: {"Path":"c:\\temp\\test","AccessControlList":[{"Principal":"Everyone","AccessControlEntry":""}]}
2025-07-24T04:31:29.303209Z DEBUG dsc_lib::dscresources::command_resource: 902: PID 27496:
Message : Failed to serialize properties into CimInstance.
Data : {}
InnerException :
TargetSite : Microsoft.Management.Infrastructure.CimInstance SerializeIntoCimInstance(System.Management.Automation.Language.DynamicKeyword, Microsoft.PowerShell.Commands.ModuleSpecification, System.Collections.Hashtable)
StackTrace : at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.SerializeIntoCimInstance(DynamicKeyword resourceInfo, ModuleSpecification moduleSpecification, Hashtable property)
at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.CreateParametersCollection()
at Microsoft.PowerShell.DesiredStateConfiguration.Commands.InvokeDscResourceMethodCommand.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
HelpLink :
Source : Microsoft.Windows.DSC.CoreConfProviders
HResult : -2146233076
2025-07-24T04:31:29.304567Z ERROR dsc_lib::dscresources::command_resource: 896: PID 27496: Exception: Failed to serialize properties into CimInstance.
2025-07-24T04:31:29.322548Z DEBUG dsc_lib::dscresources::command_resource: 660: Process 'powershell' id 27496 exited with code 1
2025-07-24T04:31:29.323978Z ERROR dsc::subcommand: 75: Command: Resource 'powershell' [exit code 1] manifest description: Error
Environment data
7.6-preview4
Version
3.2.-preview3
Visuals
No response
@ThomasNieto is it a composite resource? Might be a known limitation https://github.com/ansible/ansible/issues/43975#issuecomment-504685316
@theJasonHelmick, @mgreenegit, @michaeltlombardi is this something you folks are familiar with? The error is coming out of MMI, so I don't know what DSC needs to do to make this work
@SteveL-MSFT in the module's tests you can see how they initialize the CIM Instance.
https://github.com/mcollera/AccessControlDsc/blob/1c4d77c8d7fbbf8d57e17163f30138d4fed3c579/Tests/TestHelper.psm1#L175-L180
In their tests they don't call Invoke-DscResource but the underlying function with hashtable containing custom CIM Instance types.
https://github.com/mcollera/AccessControlDsc/blob/1c4d77c8d7fbbf8d57e17163f30138d4fed3c579/Tests/Unit/NTFSAccessEntry.Tests.ps1#L51C8-L51C79
I ran into this (extremely painful) problem when I was working on the DSC shim for Puppet.
Long story short, you need to reverse-recursively create the CIM instances to pass them over.
https://github.com/puppetlabs/ruby-pwsh/blob/47fc6513876645e6785d346001fd9f96c520a8c9/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb#L886
https://github.com/puppetlabs/ruby-pwsh/blob/47fc6513876645e6785d346001fd9f96c520a8c9/lib/puppet/provider/dsc_base_provider/dsc_base_provider.rb#L815-L860
There's really no fun way to do this for Windows PowerShell. We would need to implement code in the Windows PowerShell adapter to:
- Discover which resource properties need to be represented as nested cim instances
- Recursively discover nested cim instance properties
- Create objects representing the nested cim instance properties from most deeply nested upward (because the deepest level is required to create a higher level)
- Pass the finally-created object to
Invoke-DscResource.
@michaeltlombardi will investigate if this just works with PSDSCv2 module and if so, we should consider having a Microsoft.Windows.PowerShell/PSDesiredStateConfigurationv2 module that depends on PSDSCv2 module (separately installed) and uses Invoke-DscResource
Just FYI when testing, custom CIM types are used extensively in Microsoft365DSC e.g.
https://microsoft365dsc.com/resources/azure-ad/AADApplication/
https://microsoft365dsc.com/resources/azure-ad/AADAdministrativeUnit/
https://microsoft365dsc.com/resources/azure-ad/AADGroup/
An issue has been raised here https://github.com/microsoft/Microsoft365DSC/issues/6120
Would changing the CIM types to classes (as in PsDSCV2) making it work? We were discussing this at Microsoft365DSC, but there is a really big pain point with PSBoundParameters not being available in classes, and the workaround doesn‘t function properly with the LCM.
From our testing, if we use classes, then it works, but not when using CIM types.
@FabienTschanz if you convert to Class based, there's no MOF so this wouldn't be a problem
I've run into this as well. I've managed to wrangle it into deploying an assignments block by modifying win_psDscAdapter.psm1
The resulting metadata is very verbose though - I'm wondering if it might cause issues "up the chain" when comparing to other resources?
metadata:
Microsoft.DSC:
version: 3.1.0
operation: set
executionType: actual
startDatetime: 2025-12-09T10:36:13.935716500+10:30
endDatetime: 2025-12-09T10:39:28.180622800+10:30
duration: PT194.2449063S
securityContext: elevated
results:
- metadata:
Microsoft.DSC:
duration: PT189.4902449S
name: LAPSPolicy
type: Microsoft.Windows/WindowsPowerShell
result:
beforeState:
resources:
- name: ALL-LAPS
type: Microsoft365DSC/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
properties:
CertificateThumbprint: ###
AutomaticAccountManagementNameOrPrefix: null
AutomaticAccountManagementTarget: null
ApplicationSecret: null
Identity: 3ce9e2ff-7534-4e43-84aa-c6a92cfeed94
Assignments: []
DisplayName: ALL-LAPS
TenantId: ###
AccessTokens: null
PasswordAgeDays: null
AdPasswordEncryptionPrincipal: null
ManagedIdentity: false
PasswordComplexity: 3
PsDscRunAsCredential: null
PassphraseLength: null
AdPasswordEncryptionEnabled: null
PSComputerName: localhost
Credential: null
RoleScopeTagIds:
- '0'
PasswordExpirationProtectionEnabled: null
ResourceId: null
AdministratorAccountName: ###
AutomaticAccountManagementRandomizeName: null
ApplicationId: ###
Ensure: Present
Description: Windows LAPS Policy
AutomaticAccountManagementEnableAccount: null
BackupDirectory: 1
AutomaticAccountManagementEnabled: null
ModuleVersion: 1.25.1112.1
SourceInfo: null
ConfigurationName: null
passwordagedays_aad: 30
AdEncryptedPasswordHistorySize: null
PostAuthenticationActions: 5
ModuleName: Microsoft365DSC
DependsOn: null
PostAuthenticationResetDelay: 1
PasswordLength: 14
afterState:
result:
- name: ALL-LAPS
type: Microsoft365DSC/IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicy
properties:
CertificateThumbprint: ###
AutomaticAccountManagementNameOrPrefix: null
AutomaticAccountManagementTarget: null
ApplicationSecret: null
Identity: 3ce9e2ff-7534-4e43-84aa-c6a92cfeed94
Assignments:
- CimClass:
CimSuperClassName: null
CimSuperClass: null
CimClassProperties:
- Name: collectionId
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The collection Id that is the target of the assignment.(ConfigMgr)
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: dataType
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The type of the target assignment.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: ValueMap
Value: '#microsoft.graph.groupAssignmentTarget #microsoft.graph.allLicensedUsersAssignmentTarget #microsoft.graph.allDevicesAssignmentTarget #microsoft.graph.exclusionGroupAssignmentTarget #microsoft.graph.configurationManagerCollectionAssignmentTarget'
CimType: 30
Flags: EnableOverride, ToSubclass
- Name: Values
Value: '#microsoft.graph.groupAssignmentTarget #microsoft.graph.allLicensedUsersAssignmentTarget #microsoft.graph.allDevicesAssignmentTarget #microsoft.graph.exclusionGroupAssignmentTarget #microsoft.graph.configurationManagerCollectionAssignmentTarget'
CimType: 30
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: deviceAndAppManagementAssignmentFilterDisplayName
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The display name of the filter for the target assignment.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: deviceAndAppManagementAssignmentFilterId
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The Id of the filter for the target assignment.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: deviceAndAppManagementAssignmentFilterType
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The type of filter of the target assignment i.e. Exclude or Include. Possible values are:none, include, exclude.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: ValueMap
Value: none include exclude
CimType: 30
Flags: EnableOverride, ToSubclass
- Name: Values
Value: none include exclude
CimType: 30
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: groupDisplayName
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The group Display Name that is the target of the assignment.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
- Name: groupId
Value: null
CimType: 14
Flags: Property, NullValue
Qualifiers:
- Name: Description
Value: The group Id that is the target of the assignment.
CimType: 14
Flags: EnableOverride, ToSubclass
- Name: write
Value: true
CimType: 1
Flags: EnableOverride, ToSubclass
ReferenceClassName: null
CimClassQualifiers:
- Name: ClassVersion
Value: 1.0.0.0
CimType: 14
Flags: EnableOverride, Restricted
CimClassMethods: []
CimSystemProperties:
Namespace: root/Microsoft/Windows/DesiredStateConfiguration
ServerName: localhost
ClassName: MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments
Path: null
CimInstanceProperties:
- Name: collectionId
Value: null
CimType: 14
Flags: Property, NotModified, NullValue
IsValueModified: false
- Name: dataType
Value: '#microsoft.graph.allDevicesAssignmentTarget'
CimType: 14
Flags: Property, NotModified
IsValueModified: false
- Name: deviceAndAppManagementAssignmentFilterDisplayName
Value: Windows 11 OS Version
CimType: 14
Flags: Property, NotModified
IsValueModified: false
- Name: deviceAndAppManagementAssignmentFilterId
Value: 36592116-1852-4f17-adca-18cb4ebfd6e9
CimType: 14
Flags: Property, NotModified
IsValueModified: false
- Name: deviceAndAppManagementAssignmentFilterType
Value: include
CimType: 14
Flags: Property, NotModified
IsValueModified: false
- Name: groupDisplayName
Value: All devices
CimType: 14
Flags: Property, NotModified
IsValueModified: false
- Name: groupId
Value: null
CimType: 14
Flags: Property, NotModified, NullValue
IsValueModified: false
CimSystemProperties:
Namespace: root/Microsoft/Windows/DesiredStateConfiguration
ServerName: localhost
ClassName: MSFT_IntuneAccountProtectionLocalAdministratorPasswordSolutionPolicyAssignments
Path: null
DisplayName: ALL-LAPS
TenantId: ###
AccessTokens: null
PasswordAgeDays: null
AdPasswordEncryptionPrincipal: null
ManagedIdentity: false
PasswordComplexity: 3
PsDscRunAsCredential: null
PassphraseLength: null
AdPasswordEncryptionEnabled: null
PSComputerName: localhost
Credential: null
RoleScopeTagIds:
- '0'
PasswordExpirationProtectionEnabled: null
ResourceId: null
AdministratorAccountName: ###
AutomaticAccountManagementRandomizeName: null
ApplicationId: ###
Ensure: Present
Description: Windows LAPS Policy
AutomaticAccountManagementEnableAccount: null
BackupDirectory: 1
AutomaticAccountManagementEnabled: null
ModuleVersion: 1.25.1112.1
SourceInfo: null
ConfigurationName: null
passwordagedays_aad: 30
AdEncryptedPasswordHistorySize: null
PostAuthenticationActions: 5
ModuleName: Microsoft365DSC
DependsOn: null
PostAuthenticationResetDelay: 1
PasswordLength: 14
changedProperties:
- result
messages: []
hadErrors: false
Time permitting, I might have a crack at implementing what @michaeltlombardi outlines above
