ComputerManagementDsc
ComputerManagementDsc copied to clipboard
dsccommunity
ScheduledTask: Support ValueQueries for event trigger
Problem description
I am trying to automate the 'Enable automatic rebinding of renewed certificates' setting within IIS. When you do this manually a scheduled task is created. The trigger definition you will find below.
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription><QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList></Subscription>
<ValueQueries>
<Value name="NewCertHash">Event/UserData/CertNotificationData/NewCertificateDetails/@Thumbprint</Value>
<Value name="OldCertHash">Event/UserData/CertNotificationData/OldCertificateDetails/@Thumbprint</Value>
</ValueQueries>
</EventTrigger>
</Triggers>
As you can see in the XML definition we have besides the event subscription a ValueQueries section. This ValueQueries option is missing in the ScheduledTask definition. According the documentation it's a list of key-values.
Verbose logs
N/A
DSC configuration
# Enable automatic rebind of renewed certificates.
ScheduledTask "IIS-AutoCertRebind" {
TaskName = "IIS-AutoCertRebind"
TaskPath = "\Microsoft\Windows\CertificateServicesClient"
ActionExecutable = "%SystemRoot%\System32\inetsrv\appcmd.exe"
ActionArguments = 'renew binding /oldcert:$(OldCertHash) /newcert:$(NewCertHash)'
ScheduleType = "OnEvent"
Ensure = "Present"
Enable = $true
BuiltInAccount = "SYSTEM"
AllowStartIfOnBatteries = $true
DisallowStartOnRemoteAppSession = $false
ExecutionTimeLimit = "0.01:00:00"
RestartCount = 3
RestartInterval = "0.00:10:00"
RunLevel = "Highest"
EventSubscription = "<QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList>"
#EventValueQueries is missing
}
Suggested solution
Add a property named EventValueQueries which can contain a hash table with the ValueQueries property value.
# Enable automatic rebind of renewed certificates.
ScheduledTask "IIS-AutoCertRebind" {
TaskName = "IIS-AutoCertRebind"
TaskPath = "\Microsoft\Windows\CertificateServicesClient"
ActionExecutable = "%SystemRoot%\System32\inetsrv\appcmd.exe"
ActionArguments = 'renew binding /oldcert:$(OldCertHash) /newcert:$(NewCertHash)'
ScheduleType = "OnEvent"
Ensure = "Present"
Enable = $true
BuiltInAccount = "SYSTEM"
AllowStartIfOnBatteries = $true
DisallowStartOnRemoteAppSession = $false
ExecutionTimeLimit = "0.01:00:00"
RestartCount = 3
RestartInterval = "0.00:10:00"
RunLevel = "Highest"
EventSubscription = "<QueryList><Query Id='0'><Select Path='Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational'>*[System[EventID=1001]]</Select></Query></QueryList>"
EventValueQueries = @{
"NewCertHash" = "Event/UserData/CertNotificationData/NewCertificateDetails/@Thumbprint";
"OldCertHash" = "Event/UserData/CertNotificationData/OldCertificateDetails/@Thumbprint"
}
}
I found a GIST with a PowerShell example how to configure the ValueQueries property.
Operating system the target node is running
OsName : Microsoft Windows Server 2022 Datacenter
OsOperatingSystemSKU : DatacenterServerEdition
OsArchitecture : 64-bit
WindowsVersion : 2009
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage : en-US
OsMuiLanguages : {en-US, en-GB}
PowerShell version and build the target node is running
Name Value
---- -----
PSVersion 5.1.20348.859
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.859
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
ComputerManagementDsc version
Name Version Path
---- ------- ----
ComputerManagementDsc 8.5.0 C:\Program Files\WindowsPowerShell\Modules\ComputerManagementDsc\8.5.0\ComputerManagementDsc.psd1
