New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update-M365DSCModule, Update-M365DSCDependencies: Make Scope available #3621

Closed

fasteiner opened this issue Aug 30, 2023 · 2 comments · Fixed by #3622 or #3651

Contributor

fasteiner commented Aug 30, 2023

Description of the issue

The user might not be able to install modules as administrator, hence it would be wise to enable the option to specify the Scope:
Instead of:

Install-Module $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -AllowClobber -Force -Scope 'AllUsers'

Use:

[CmdletBinding()]
    param
    (
        [Parameter()]
        [Switch]
        $Force,

        [Parameter()]
        [Switch]
        $ValidateOnly,
        $Scope = "AllUsers"
    )
....
Install-Module $dependency.ModuleName -RequiredVersion $dependency.RequiredVersion -AllowClobber -Force -Scope '$Scope'

Microsoft 365 DSC Version

V1.23.823.1

Which workloads are affected

other

The DSC configuration

not relevant, it is a problem with the module dependency update

Verbose logs showing the problem

Import-Module reversedsc
subotitsch  ~\Documents\GIT\service-request-automation\feature  feature/ITOPSCONFI-2791-cloud-only-user-workflow  Update-M365DSCModule

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.DeviceManagement}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.Devices.CorporateManagement}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.DeviceManagement.Administration}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.DeviceManagement.Enrollment}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.Identity.DirectoryManagement}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.Identity.Governance}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.Identity.SignIns}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.Teams}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {Microsoft.Graph.Beta.DirectoryObjects}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {PnP.PowerShell}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Scanning Dependencies [Processing ]
Could not update or import {ReverseDSC}

Error-Mesage: Cannot update the dependencies for Microsoft365DSC. You need to run this command as a local administrator.

Uninstalling PnP.PowerShell Version {2.2.0}

Scanning Dependencies [Processing ]
Uninstalling ReverseDSC Version {2.0.0.18}

Scanning Dependencies [Processing ]
Checking Microsoft.Graph.Authentication

Scanning Dependencies [Processing ]
Uninstalling Microsoft.Graph.Authentication version {2.1.0}

Scanning Dependencies [Processing ]

Environment Information + PowerShell Version

OsName               : Microsoft Windows 10 Enterprise
OsOperatingSystemSKU : EnterpriseEdition
OsArchitecture       : 64-Bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 19041.1.amd64fre.vb_release.191206-1406
OsLanguage           : en-US
OsMuiLanguages       : {en-US, de-DE}


Name                           Value
----                           -----
PSVersion                      7.3.6
PSEdition                      Core
GitCommitId                    7.3.6
OS                             Microsoft Windows 10.0.19045
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

fasteiner added a commit to fasteiner/Microsoft365DSC that referenced this issue


          Install-M365DSCDevBranch, Update-M365DSCModule, Update-M365DSCDepende…

50125c1

…ncies: Make Scope available microsoft#3621

Co-authored-by: Thomas Subotitsch @tbone4711

This was referenced Aug 30, 2023

Install-M365DSCDevBranch, Update-M365DSCModule, Update-M365DSCDepende… fasteiner/Microsoft365DSC#1

Merged

#3621: Dependencies Make Scope available #3622

Merged

Member

ykuijs commented Aug 30, 2023

Please keep in mind:
Installing the modules in the CurrentUser scope has a major downside: It works fine for an export, but doesn't work for a config deployment. A config deployment is executed by the LCM, which is running as System by default. So if you install the modules in your user scope, the LCM is unable to access these.

Contributor Author

fasteiner commented Aug 30, 2023 •

edited

Loading

@ykuijs
You can as well deploy configurations without LCM using "Invoke-DscResource", therefore I would leave it open to the users how they want to install the Module, otherwise some might consider replicating the functionalities on their own instead.

Especially when you look at automation that uses DSC to provision resources with parameters, you do not want to run it in admin context, as it is simply not required:

....
$groupParams = @{
        Name       = 'AADGroup'
        Property   = @{
            Description           = $json.description
            DisplayName           = $DisplayName
            Ensure                = ($json.requestType -notlike "Delete*")? ("Present") : ("Absent")
            Members               = $groupMembers
            SecurityEnabled       = (!$mail)
            MailEnabled           = ($mail) ? ($true) : ($false)
            MailNickname          = $mail ? $mail.Split("@")[0]: "00000000-0000-0000-0000-000000000000"
            ApplicationId         = $env:APPREGID
            TenantId              = $env:AzureTenant
            CertificateThumbprint = $thumbprint
        }
        ModuleName = 'Microsoft365DSC'
    }
    $state = Invoke-DscResource @groupParams -Method Test
    if (-not $state.InDesiredState) {
        Invoke-DscResource @groupParams -Method Set | Out-Null
    }
....

ykuijs linked a pull request

that will close this issue

#3621: Dependencies Make Scope available #3622

Merged

fasteiner added a commit to fasteiner/Microsoft365DSC that referenced this issue


          Update-M365DSCModule, Update-M365DSCDependencies: Make Scope available …

b289ed4

…microsoft#3621

update changelog

Co-authored-by: Thomas Subotitsch @tbone4711

ykuijs closed this as completed in #3622

ykuijs added a commit that referenced this issue


          Merge pull request #3622 from fasteiner/Dev

4b13379

#3621: Dependencies Make Scope available

NikCharlebois mentioned this issue

Release 1.23.906.1 #3651

Merged

andikrueger mentioned this issue

Improve the logging of the Install and Update M365DSC cmdlet. #3660

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment