Skip to content

ApplyingMofToEndpoints

Jump to bottom
Michael Rasmussen edited this page Feb 27, 2026 · 1 revision

Applying a MOF to Endpoints with PowerShell DSC

This page explains how to apply a compiled .mof file using PowerShell DSC and Start-DscConfiguration.

Prerequisites

Before applying a MOF, confirm the following:

  • The MOF has already been compiled (for example, localhost.mof or <ComputerName>.mof).
  • The target machine has the required DSC resources installed (for example, PowerSTIG, PSDscResources).
  • You are running PowerShell as Administrator.
  • WinRM is enabled and reachable for remote application scenarios.

Screenshot placeholder: [Screenshot: Prerequisites / module versions installed]

Step 1: Confirm the MOF Output Folder

Example compile output path:

C:\temp\mof

Example contents:

  • localhost.mof for local application
  • <NodeName>.mof for node-targeted application

Screenshot placeholder: [Screenshot: Folder showing generated MOF file(s)]

Step 2: Apply the MOF Locally

Use Start-DscConfiguration against the folder containing the MOF.

Start-DscConfiguration -Path 'C:\temp\mof' -Wait -Verbose -Force

Parameter notes:

  • -Path points to the folder containing the MOF.
  • -Wait keeps the command attached until completion.
  • -Verbose shows progress details for troubleshooting.
  • -Force overwrites any pending configuration if needed.

Screenshot placeholder: [Screenshot: Start-DscConfiguration local run with verbose output]

Step 3: Apply a Node-Named MOF

If your configuration contains a Node block, the MOF is named after the node.

Example:

  • Server01.mof

When applying from the target machine itself, run:

Start-DscConfiguration -Path 'C:\temp\mof' -Wait -Verbose -Force

DSC automatically picks the MOF matching the local node name.

Step 4: Verify Configuration Status

After application, verify current state:

Get-DscConfigurationStatus

To view the currently applied configuration details:

Get-DscConfiguration

Screenshot placeholder: [Screenshot: Get-DscConfigurationStatus result]

Applying to Remote Endpoints

Start-DscConfiguration can push configurations to remote endpoints using CIM sessions.

$session = New-CimSession -ComputerName 'Server01'

Start-DscConfiguration -Path 'C:\temp\mof' -CimSession $session -Wait -Verbose -Force

Notes:

  • The MOF file name must align with the target node name.
  • Required DSC resources must exist on the remote endpoint.
  • Network and WinRM access must be configured correctly.

Screenshot placeholder: [Screenshot: Remote Start-DscConfiguration with CimSession]

Common Errors and Fixes

Missing DSC Resource

Symptom: Error indicates a required resource/module cannot be found.

Fix:

  • Install missing modules (for example, PowerSTIG, PSDscResources) on the target endpoint.
  • Confirm module versions match those referenced in the configuration.

Access Denied / Remoting Failure

Symptom: Unable to connect to target endpoint.

Fix:

  • Run as Administrator.
  • Validate WinRM connectivity and firewall rules.
  • Confirm credentials and endpoint access policy.

MOF Not Found / Wrong MOF Name

Symptom: DSC cannot find a matching configuration document.

Fix:

  • Confirm MOF exists in the folder passed to -Path.
  • Confirm node name in MOF matches target endpoint name.

Recommended Workflow

  1. Compile configuration to MOF.
  2. Validate module/resource presence on target endpoint.
  3. Apply with Start-DscConfiguration -Verbose -Wait.
  4. Verify with Get-DscConfigurationStatus.
  5. Record output and results for change tracking/audit.

Related Commands

# Apply configuration
Start-DscConfiguration -Path 'C:\temp\mof' -Wait -Verbose -Force

# Check last run status
Get-DscConfigurationStatus

# View current config state
Get-DscConfiguration

# View available DSC resources
Get-DscResource

PowerStig

Clone this wiki locally