I have the following configuration.dsc.yaml file:
# yaml-language-server: $schema=https://aka.ms/configuration-dsc-schema/0.2
properties:
assertions:
- resource: Microsoft.Windows.Developer/OsVersion
directives:
description: Verify min OS version requirement
allowPrerelease: true
settings:
MinVersion: '10.0.19045'
resources:
- resource: Microsoft.WinGet.DSC/WinGetPackage
id: Docker
directives:
description: Install Docker
allowPrerelease: true
settings:
id: Docker.DockerDesktop
source: winget
configurationVersion: 0.2.0
Which will install docker when I run:
winget configure configuration.dsc.yaml
However because my domain user is not an administrator on my machine I need to add my user to the docker-users group. I can do that from a PowerShell command prompt with this:
net localgroup docker-users $ENV:USERDOMAIN$ENV:USERNAME /add
I have found the following documentation for DSC GroupSet Resource:
https://learn.microsoft.com/en-us/powershell/dsc/reference/resources/windows/groupsetresource?view=dsc-1.1
Is it possible to use this to configure adding users to a group in a .dsc.yaml file?
1
The following is a way of doing it using PSDscResources/Script that will work in windows 11 with Sudo for Windows enabled.
For windows 10 replace the sudo SetScript with:
$sh = new-object -com 'Shell.Application' ; $sh.ShellExecute('powershell', "-Command net localgroup docker-users $ENV:USERDOMAIN$ENV:USERNAME /add", '', 'runas')
Docker.dsc.yaml:
# yaml-language-server: $schema=https://aka.ms/configuration-dsc-schema/0.2
properties:
assertions:
- resource: Microsoft.Windows.Developer/OsVersion
directives:
description: Verify min OS version requirement
allowPrerelease: true
settings:
MinVersion: '10.0.19045'
- resource: PSDscResources/Script
id: domainuser
directives:
description: Checks that the user is running this as their Domain user.
settings:
GetScript: |
return ($ENV:USERDOMAIN -ne $ENV:COMPUTERNAME)
SetScript: |
return false
TestScript: |
return ($ENV:USERDOMAIN -ne $ENV:COMPUTERNAME)
resources:
- resource: PSDscResources/Script
id: DockerUsers
dependsOn:
- domainuser
directives:
description: Add user to docker-users group so that Docker can run as non-admin
settings:
GetScript: |
return (net localgroup docker-users | Select-String "$ENV:USERNAME" -SimpleMatch -Quiet)
SetScript:
sudo net localgroup docker-users $ENV:USERDOMAIN$ENV:USERNAME /add
TestScript: |
return (net localgroup docker-users | Select-String "$ENV:USERNAME" -SimpleMatch -Quiet)
- resource: Microsoft.WinGet.DSC/WinGetPackage
id: Docker
dependsOn:
- DockerUsers
directives:
description: Install Docker
allowPrerelease: true
settings:
id: Docker.DockerDesktop
source: winget
configurationVersion: 0.2.0