Rapid Provisioning System Release Notes

Last updated on April 20, 2021.

Released on February 28, 2020

What's new in 3.1.0 (Feb 28)

New PowerShell CMDLETS
- New-RpsGroupCondition: Creates a Condition object to add to a Resource Group or Target Group to dynamically add Members.
- Get-RpsGroupFilter: Gets the filter object on a Resource Group or Target Group
- Remove-RpsGroupCondition: Removes a condition from a Resource Group or Target Group
- Get-RpsResolvedParameter: Resolves a Parameter against a Target Item.
- New-RpsPackageStream: Creates new Package Stream and Packages
- New-RpsPackage: Creates a new Package object and adds it to a Package Stream
- Update-RpsPackageStream: Updates an existing Package Stream
- Remove-RpsPackage: Removes an existing Package from a Package Stream and optionally removes all assignments
- Remove-RpsPackageStream: Removes an existing Package Stream, Packages, and optionally removes all assignments
- Get-RpsPackage: Gets an existing Package
- Get-RpsPackageStream: Gets an existing Package Stream
- Get-RpsMaintenanceWindow: Gets an existing Maintenance Window
- New-RpsMaintenanceWindow: Creates a new Maintenance Window
- Remove-RpsMaintenanceWindow: Removes an existing Maintenance Window
- Set-RpsMaintenanceWindow: Sets a Maintenance Window if it exists or creates a new Maintenance Window if it doesn't exist
- Enable-RpsCdn: Turns On/Off Bits and/Or Dfsr communication.
Updated PowerShell CMDLETS
- New-RpsResourceGroup: Add parameters Operator and Condition
- New-RpsTargetGroup: Add parameters Operator and Condition
Updated DSC Utilities for resolving PowerShell Parameters to take a TargetItem and the ParameterMetedata object. You now do not need to have a resource assignment to a DSC partial or the parameter imported into the CMDB. You would use this in an external PowerShell script to resolve properties from the CMDB.
Updated PowerShell Functions
- Resolve-RpsNode: (Breaking change) The function now requires user to be in an active session context or connected to a SQL database. It no longer uses hard-coded strings to resolve the names of nodes.
- Resolve-RpsNode: Can optionally return the Node object versus just the string name
- Resolve-RpsNode: Added ability to filter out default node
Updated RPS Installer
- Added ability to deploy a preconfigured RHEL virtual machine with the RHELTemplateFilename switch parameter
- Group ContentCreators that has permission to the CDN folder for adding content (e.g. Packages)
Sync Changes
- Item Properties have a SyncScope to define how the property should be synchronized
  - Public - synchronize
  - Private - do not synchronize
  - Internal - synchronize only to internal nodes
  - InternalDownstream - synchronize only to internal children
  - InternalUpstream - synchronize only to internal parents
CDN Changes
- New properties on Node to define the protocol: ParentCdnProtocol and ChildCdnProtocol - This will be BITS or DFSR so the nodes know how to communicate with one another
- Set-RpsResourceType: Add parameters:
  - CDNDirection (Upstream or Downstream) - This can be used by content (e.g. Packages) to specify the direction it should be synchronized
  - IsContentDistribution - This indicates whether a resource refers to content that will be synchronized
- New Resource Item call CdnSettings that gets globally created with two Internal properties, IsBitsEnabled and IsDfsrEnabled. The two properties only sync within internal nodes. i.e. within a unit.
New RPS Type Definitions
- Package: Defines a Package and its properties
- Package Stream: Defines a Package Stream and its properties
New DSC Resources
- RPS Package Manager: DSC Resource for RPS Package Streams and Packages. Provides tools to Get, Set, and Test Packages for a Target
New PowerShell Modules
- RPS Package Provider: Provides methods to Find, Install, or Uninstall packages; Get list of installed packages; Add or Remove Packages Sources
New RPS Web UI Features
- Packaging section added (RPS Menu > Distribution > Packaging)
  - Approvals tab: Approve or Reject Package Streams
  - Scheduling tab: Create, Edit, and Delete Maintenance Windows
  - History tab: View the deployment status of Package Streams, Packages, and Assignments
Added new function Test-DscModuleConflict to use for testing for required DSC Module conflicts across all assigned partials for a single Target Item.
Added Get-AdminRoleCredential to Rps-Api-Utilities; used to determine which credential role to use in a task

Known Issues in 3.1.0

Web UI
- Closing the Remove Resource modal resets filters
  - From the Resources screen, if you have a filter added for Packages and you confirm and remove a package it will clear your filters
  - Workaround: Manually re-apply your filters
- Cannot assign Target Items to an Item Group from the Web UI
  - From the RPS Web UI menu: Targeting > Item Groups
  - Open the patchable target group by clicking on the name
  - Open the Members accordion
  - When you try to click “+ Add New Item” you’ll receive an error
  - Workaround: PowerShell can be used to add Target Items to an Item Group:
```
$ti = Get-RpsTargetItem -Id IdOfMyTargetItem
$tg = Get-RpsTargetGroup -Id IdOfMyGroup
$tg.AddChildItem($ti)
$tg.Update()
```
- glyphicons halflings are not signed and do not display in Web UI when deployed due to STIG
  - Some icons (e.g. status icons for Packages) do not display in Internet Explorer when deployed due to STIG
  - Workaround: The status can be easily discerned by font color and wording of the statuses.
API
- Dates are parsed out of Properties as strings and we always lose timezone specifications
  - This could cause some times to be slightly incorrect depending on how they were stored and/or retrieved
  - Workaround: No known workaround.
- Currently there is no support for Maintenance Windows that span across 2 or more days
  - Workaround: Create 2 maintenance windows - one for each day so it covers the entire period of time desired.
PowerShell cmdlets
- DateTime for Start/End date in Get-RpsMaintenanceWindow displays inaccurate time
  - Get-RpsMaintenanceWindow returns the Start/End date which includes a time, however, the time is inaccurate and it conflicts with the start/end times that are also returned to the user
  - Workaround: No known workaround. This is a visual/display issue. The time portion included alongside the Start/End dates that are shown are not what is being used. The actual times being used are displayed separately.
Package Manifest Conditions element Value field does not support multiple values separated by the pipe delimiter |
- Error Details: The following PackageManifest code snippet is an example using pipe delimiter | in Conditions, which will fail:
```
<InstallerFileName>opera.msi</InstallerFileName>
<Conditions>
  <PackageAssignmentCondition>
    <Property>Name</Property>
    <Operator>Eq</Operator>
    <Value>AD.master.rps|APP.master.rps</Value>
  </PackageAssignmentCondition>
</Conditions>
```
  The resulting behavior: Only the first Value listed will be assigned to; all other Values after the pipe delimiter | are ignored.
  
  In this particular example, AD.master.rps is assigned the opera Package, because it was listed before the pipe delimiter | . APP.master.rps is not assigned the opera Package, because it was listed after the pipe delimiter | .
- Current Workaround for pipe delimiter | : Utilize the Match Operator <Operator>Match</Operator>, with each value in the Value field wrapped in parentheses () and with a trailing question mark ? . Example:
```
<Conditions>
    <PackageAssignmentCondition>
        <Property>ComputerName</Property>
        <Operator>Match</Operator>
        <Value>(NFA)?(WNM)?(WNMA)?</Value>
    </PackageAssignmentCondition>
</Conditions>
```
  In this particular example, a Target with a Property of ComputerName will be assigned if its Value contains NFA, WNM, and/or WNMA. This implementation only requires a partial Value match.
  
  For an exact Value match, the full string in the Value field must be enclosed with a caret ^ and a dollar sign $ . Example:
```
<Conditions>
    <PackageAssignmentCondition>
        <Property>ComputerName</Property>
        <Operator>Match</Operator>
        <Value>^(NFA)?(WNM)?(WNMA)?$</Value>
    </PackageAssignmentCondition>
</Conditions>
```
  In this particular example, a Target with a Property of ComputerName will be assigned if its Value contains NFA, WNM, and WNMA.
Making changes to child node prevents properties from being visible from ancestor nodes when in session Error Details: The following PowerShell example shows how making changes to a child node fails to display properties from ancestor nodes (e.g. parent node):
```
$parent = New-RpsNode -Name parent -hostname parent -IPAddress parent
$child = New-RpsNode -Name child -HostName child -IPAddress child -ParentNodeId $parent.Id
$child.Property1 = 'value1'
$child.Properties # This will show Property1
$child.Update() # Calling the Update method will commit the property changes but they still won't be visible on the parent object
$parent.ChildNodes[0].Properties # This will show the child node without Property1
```
Note
The .Update() API method (in 3.1; not available in 4.x) and Update-RpsNode (in 3.1; not available in 4.x) have no effect.

Current Workaround for displaying child node properties at parent node level: After making changes to any node that has a Parent Node use the following PowerShell command to fix the issue:
```
```PowerShell
$parent.AddChildNode($child)
```
![Workaround Fix Example](../../../Images/v3.1.0/ChildParentWorkaroundFix.png)
```
Note
This method works regardless of the ancestry depth. Re-adding a grandchild to its parent makes the properties visible when accessed from the parent and the grandparent.
2GB RPS Package size limitation

The maximum supported RPS Package size is 2GB. Any RPS Package zip file that is larger than 2GB will throw an exception when RPS tries to open the package and read the manifest file from the package zip file.
- This exception can occur in two scenarios:
  - When creating a new package stream with a package where the zip file size is greater than 2GB.
  - When adding a new package to an existing package stream where the package zip file size is greater than 2GB.
  The resulting behavior:
  
  Figure: Example of the error encountered when an RPS Package zip file greater than 2GB is used.

Released on September 20, 2019

What's new in 3.0.3 (Sep 20)

The primary update in this Hotfix release is to address:

#23726 Fix: Provisioning Node App Server fails to configure DSC. Login failed for user.

Released on September 19, 2019

What's new in 3.0.2 (Sep 19)

The following are work items completed in support of the 3Q19 Release and delivered in Hotfix 3.0.2. These fixes include Critical and High Risk Factor mitigations.

#23542 Fix: Address .NET 2.0 Vulnerabilities
#23543 Fix: Address .NET 3.0 Vulnerabilities
#23556 Fix: Address CVE-2017-8529 mitigation for Internet Explorer vulnerability
#23555 Fix: Address 'Memory Management\FeatureSettingsOverride' mitigations
#23547 Fix: Address Visual C++ 2008 SP1 Vulnerability
#23548 Fix: Address GPO setting "Hardened UNC Paths" (KB3000483)
#23544 Fix: Address .NET 3.5 Vulnerabilities
#23545 Fix: Address SQL Server 2012 SP4 Vulnerability (KB4057116)
#23550 Fix: Address SSL Version 2 and 3 Protocol Detection

Important

The ContentStore has been updated to include various "binary" patches, such as for SQL Server, and Microsoft .NET. Additionally, the 3Q19 .vhdx / .iso have been updated to include additional Windows patches. Please ensure the latest ContentStore and the 3Q19-2012R2-0919 from the Release are used.

What's new in 3.0.1 (Sep 05)

#23286 Fix: Task Management Service will throw errors after running for a long time

What's new in 3.0.0 (Aug 23)

#19833 Timestamp Logic for BITS
#23135 Certificates issued by RPSRoot do not have FQDN in the SAN
#22992 Test DCA deployment without a PFX certificate
#23147 Resource Group membership cannot be updated by subsequent node imports
#23230 RpsDomainJoin account doesnt get the correct permissions to add a computer to the domain that is prestaged
#23229 RpsProvisioning dns record is set to Interanl nic instead of 996 and 59 NIC
#23227 Web Config files are being overwritten by RPSGUI, RPSProvisioning, and TrustedElementRepository DSC Partials
#23093 xDFSR uses Domain Admin account
#23049 RVP configured with specific registry settings for compliance
#21370 Master-Controller fails to resume after service or machine restart
#23210 SQL SA account name conflict
#23026 Content Delivery Network Partial is missing a mandatory parameter

What's new in 3.0.0-beta (Aug 16)

#22496 Update PSScriptAnalyzer to 1.18.1
#22311 When installing the content store to a directory other than c:/contentstore certificates are installed in the wrong path
#22432 Remove RVPS GUI files and install and powerstig from the release
#23035 RpsDomainJoin accounts are set to Create = False within RpsAccounts.csv file
#22647 Configure a new Packaging Repository and migrate our code out of Core.
#22684 Updates needed to the Ports and Protocols section of the RPS Install Guide.pdf
#21495 RPS currently does not have a way to continually re-publish DSC partials
#22537 Update OSS registrations and Third Party Notices file
#22913 Files located under the folder c:\ContentStore\Export are not encrypted (on the APP VM)
#22948 Failing resource on RVP - [xPackage]ACCM
#19973 Deploy PowerSTIG 3.3.0
#22541 Add a script resource RpsDomainController.ps1 to execute certutil.exe - installdefaulttemplates
#22243 Automate Axway Desktop Validator Enterprise
#22483 Need to update SkipRules for DSC PowerStig configuration
#22433 Access Database partial is assigned in colorless baseline data for RVP
#22683 RPS Install does not work per published installation directions
#22694 Export-NodeData Runbook variable $TargetItem is not correctly referenced
#21970 Unable to export taskmap definitions with Export-RpsData
#22015 Update RPS logging during deployment to better characterize issues
#21971 Lot 7 NOSC NIPR RVP ActivClientAppInstall patch fails (RPS 2.4.5)
#22607 Failing resource - [xPackage]ActivClient71
#21560 DSC Partials should only require OSCore when necessary
#22549 Update DCA Assignments.psd1
#22557 Update source Certificate locations and update the Certificates.psd1 and CertificationAuthority partial.
#20605 TrustElementRootPath gets set to wrong path
#21458 APP and AD VMs do not have PowerStig configurations
#22246 Any website on the c:\ drive is a CAT II finding
#22248 RPSAdmin domain account password should be user configurable for APP and AD
#22417 Newly generated self-signed certificates sometimes not loaded into the CMDB
#22426 Import-NodeData fails on APP VM when importing node data
#22429 Duplicate Import-RPSNode Functions
#22436 OCSP website has request filters that need to be removed
#22449 RVP - CdnPath points to C$ instead of share
#22458 Registry resource failing to add registry keys for TER authorization
#22593 Update to only install McAfee agent 5.5
#22594 RVP - CdnPath points to C$ instead of share
#22598 Registry resource failing to add registry keys for TER authorization
#22670 DomainJoinAdmin gets access denied when joining RVP to the domain
#22677 Remove Install-MNRps.ps1 as it is no longer used.
#22682 RpsProvisioning folder path creation should not use the FQDN for folder name
#22691 Generated certificates are missing FQDN for subject name
#22743 RpsGUI not reaching desired state due to a certificate error
#22936 Existing WinRm settings on a target cause the set-winrm runbook to fail.
#23001 Missing SSL binding reg key in trust element reposistory partial
#23015 Provisioning node configuration has missing master key encryption role on several accounts
#23034 Copy-BaseImages references the wrong local account for credentials.
#22454 Failing resource on RVP - [AdcsOnlineResponder]OnlineResponder
#22464 OSCore New Computername Timing
#22666 Deploy the RPS 3.x codebase in Hyper-V
#22725 Install-Rps.ps1 does not update MN node target items' VhdTemplateFileName property
#22542 Replace $DomainAdmin with $CAServiceAccount in the CertificationAuthority.ps1 partial.
#22555 Inhibit and restart Tumbleweed service to the DesktopValidatorStandardAppInstall.ps1
#22587 Add the Certificate partial dependency to the CertificationAuthority partial.
#22945 Create a partial for the Exit Module
#23073 Update the CA Partial to use RPSadmin
#23074 DomainJoin resource fails on DCA
#23075 RVP needs to be a member of TPKI Writes AD Group

What's New in 3.0.0-beta (Aug 9)

#22432 Remove RVPS GUI files and install and powerstig from the release
#22311 When installing the content store to a directory other than c:/contentstore certificates are installed in the wrong path
#22684 Updates needed to the Ports and Protocols section of the RPS Install Guide.pdf
#22483 Need to update SkipRules for DSC PowerStig configuration
#22433 Access Database partial is assigned in colorless baseline data for RVP
#22694 Export-NodeData Runbook variable $TargetItem is not correctly referenced
#22549 Update DCA Assignments.psd1
#21458 APP and AD VMs do not have PowerStig configurations
#22670 DomainJoinAdmin gets access denied when joining RVP to the domain
#22429 Duplicate Import-RPSNode Functions
#22691 Generated certificates are missing FQDN for subject name
#22426 Import-NodeData fails on APP VM when importing node data
#22458 Registry resource failing to add registry keys for TER authorization
#22598 Registry resource failing to add registry keys for TER authorization
#22677 Remove Install-MNRps.ps1 as it is no longer used.
#22682 RpsProvisioning folder path creation should not use the FQDN for folder name
#22449 RVP - CdnPath points to C$ instead of share
#22594 RVP - CdnPath points to C$ instead of share
#20605 TrustElementRootPath gets set to wrong path
#22593 Update to only install McAfee agent 5.5
#22725 Install-Rps.ps1 does not update MN node target items' VhdTemplateFileName property
#22496 Update PSScriptAnalyzer to 1.18.1
#22647 Configure a new Packaging Repository and migrate our code out of Core.
#22537 Update OSS registrations and Third Party Notices file
#22541 Add a script resource RpsDomainController.ps1 to execute certutil.exe - installdefaulttemplates
#22243 Automate Axway Desktop Validator Enterprise
#22015 Update RPS logging during deployment to better characterize issues
#21560 DSC Partials should only require OSCore when necessary
#22555 Add inhibit and restart Tumbleweed service to the DesktopValidatorStandardAppInstall.ps1
#22587 Add the Certificate partial dependency to the CertificationAuthority partial.
#20407 Configure BITS/DFSR per node type

Files excluded from the drop!

In order to improve the speed with which RPS artifacts can be integrated with other code repositories, the decision was made to exclude files from Core which required modification later in the integration process for Mission Network. These files and folders are below:

DSC\Modules\NetworkingDSC\6.1.0.0\DSCResources\MSFT_HostsFile\MSFT_HostsFile.psm1
DSC\Modules\MN_OfficeDSC\
DSC\Modules\MN_SchemaExtensionDSC\
DSC\Modules\MN_xWinEventLog\
DSC\Modules\WINT_NetworkPolicyServer\
Modules\MN-AnalyzerRules\
Modules\MN-Automation\
Modules\MN-ISO\
Modules\MN-Rps-Api\
Modules\MN-Ssh\
Modules\MN-VMWare-Utilities\
DSC\PartialConfigurations\ActivClientAppInstall.ps1
DSC\PartialConfigurations\AdobeReaderAppInstall.ps1
DSC\PartialConfigurations\AdSchemaExtension.ps1
DSC\PartialConfigurations\ClientPki.ps1
DSC\PartialConfigurations\DesktopValidatorStandardAppInstall.ps1
DSC\PartialConfigurations\DoDInstallRootAppInstall.ps1
DSC\PartialConfigurations\FirefoxAppInstall.ps1
DSC\PartialConfigurations\Firewall.ps1
DSC\PartialConfigurations\GpoWmiFilter.ps1
DSC\PartialConfigurations\GroupPolicy.ps1
DSC\PartialConfigurations\McAfeeHBSSAppInstall.ps1
DSC\PartialConfigurations\MsftAppLocker.ps1
DSC\PartialConfigurations\MsftDnsServer.ps1
DSC\PartialConfigurations\NetBannerAppInstall.ps1
DSC\PartialConfigurations\OcspResponder.ps1
DSC\PartialConfigurations\Office2013AppInstall.ps1
DSC\PartialConfigurations\OpenSSLAppInstall.ps1
DSC\PartialConfigurations\OracleJDKAppInstall.ps1
DSC\PartialConfigurations\OracleJREAppInstall.ps1
DSC\PartialConfigurations\PuTTYAppInstall.ps1
DSC\PartialConfigurations\RvpsGUI.ps1
DSC\PartialConfigurations\SmartCardManager90MeterAppInstall.ps1
DSC\PartialConfigurations\SoftphoneAppInstall.ps1
DSC\PartialConfigurations\SolarWindsETAppInstall.ps1
DSC\PartialConfigurations\TeraTermAppInstall.ps1
DSC\PartialConfigurations\TigerVNCAppInstall.ps1
DSC\PartialConfigurations\TrustElementRepository.ps1
DSC\PartialConfigurations\VMWareClientIntegrationPlugInAppInstall.ps1
DSC\PartialConfigurations\VMWareRemoteConsoleAppInstall.ps1
DSC\PartialConfigurations\VMWareToolsAppInstall.ps1
DSC\PartialConfigurations\VMWarevSphereClientAppInstall.ps1
DSC\PartialConfigurations\VMWarevSpherevCLIAppInstall.ps1
DSC\PartialConfigurations\WaveDesktopCommunicatorAppInstall.ps1
Images\ESX\Grangeville.cfg
iPXE Distro\
Provisioning\Provisioning Vlan Address Space.csv
Runbooks\Copy-BaseImages.ps1
Runbooks\Get-TargetDhcpIPAddress.ps1
Runbooks\Import-VMWareVirtualAppliance.ps1
Runbooks\New-VMWareVirtualMachine.ps1
Runbooks\Remove-VMWareVirtualMachine.ps1
Setup\
Utilities\

What's New in 3.0

PowerShell

This release contains the following PowerShell enhancements:

Added Import-RpsInstanceDefinition and Export-RpsInstanceDefinition to Import/Export InstanceDefinitions as Json.
Added Import-RpsDataMapping and Export-RpsDataMapping to Import/Export Data Mappings as Json.
Added Import-RpsResourceItemJson and Export-RpsResourceItemJson to Import/Export Resource Items as Json.
Added Set-RpsDataImportMapping to the API from Rps-DataMapping module.
Added Set-RpsDataFilter to the API from Rps-DataMapping module.
Added Set-RpsDataCondition to the API from Rps-DataMapping module.
Added Set-RpsDataProperty to the API from Rps-DataMapping module.
Added Set-RpsDataAssociation to the API from Rps-DataMapping module.
Added Set-RpsMappingFilter to the API from Rps-DataMapping module.
Added Set-RpsDataVariable to the API from Rps-DataMapping module.
Added Set-RpsDataMapping to the API from Rps-DataMapping module.
Added Set-RpsDataFile to the API from Rps-DataMapping module.

Rps-Installer

This release contains the following Rps-Installer enhancements:

DSC

This release contains the following DSC enhancements:

MofStore location is now located within C:\ContentPath\DSC.
- OutputPath parameter is no longer set on the node, or set statically.
- Publish-DSCConfiguration now creates, and sets the OutputPath parameter for all assigned partials.
- Removed Mandatory flag from OutputPath parameter on all partials.
- Updated runbooks to pass OutputPath within calls to LCM functions.
- Default value for LCM functions within the RPS-DSC module is now the present working directory for stand alone use.

RPS API

This release contains the following API enhancements:

Adding the following Type Property constants:
- IsContentDistribution
- IsSoftwareDistribution
- IsColumnDisplay
Updated the Set-RpsResourceType cmdlet to indicate if the Resource Type is for software or content distribution. The IsContentDistribution and IsSoftwareDistribution switches are mutually exclusive in the cmdlet, however, setting the IsSoftwareDistribution switch will also set the IsContentDistribution flag on the Resource Type.
Updated the Set-RpsTypeProperty cmdlet to indicate if the Property Type can be used for Column Displays within the Admin UI.
Updated the New-RpsResourceGroup cmdlet to allow for properties to be provided at creation
Updated the Write-RpsLogItem cmdlet to write to the appropriate PS stream. Tokenization in MessageTemplate is also more forgiving.
Added Json support for InstanceDefintitions and Data Mappings to help make creation and updating easier.
Added Json support for Resource Items to have a readable and organized way of import/exporting resource items and sharing between nodes.
When TaskMaps are included in an export, their TaskMapSteps are also exported by default
Added an optional Certificate parameter for passing a certificate file (.cer) that will encrypt the resulting configuration file in the Exit-RpsSession and Export-RpsData cmdlets.
Added optional Certificate and password parameters for passing certificate file (.pfx) and password that will be used to decrypt a configuration file in the Enter-RpsSession and Import-RpsData cmdlets.
Added support to encrypt/decrypt export files during the install process.

RPS Sync Service

This release contains the following Sync Service enhancements:

RPS CDN

This release contains the following RPS Content Delivery Network (CDN) enhancements:

DFS-R is used for communication between Region and Site nodes.
BITS is still used for communication between Master and Region nodes.
Due to DFS-R mesh networking, all files are replicated to all Region and Site nodes within a domain, regardless of assignment.
Patches will still only be installed on assigned targets

Admin UI

This release contains the following Admin UI enhancements:

Replaced 'Patching' on the top menu bar with 'Distriburtion'
Added dynamically created sections under distriburtion for Content Distriburtion and Software Distriburtion

Resolved Issues

Top issues addressed in 3.0:

Fixed issue where the SMA runbook service account was denied access to the MofStore after STIGs were applied
Fixed issue where there was a credential conflict with the Windowsfeature Net-Framework-Core resource, between the RpsSMA, and RpsSQL partial.

Known Issues

SQL Server 2012

This release contains the following SQL enhancements:

Microsoft SQL Server 2012 has been upgraded from Service Pack 2 (SP2) to SP4

PowerShell

This release contains the following PowerShell enhancements:

Added support to allow certificate store parameter to be passed from CMDB.
Added support for additional certificate roles:
- CAp7b
- CertificationAuthorityPFX
- CACertificateChain
- Added Force switch for Set-RpsResourceItem, Set-RpsTargetItem, New-RpsResourceItem, New-RpsTargetItem, New-RpsResourceGroup, and New-RpsTargetGroup
Removed module RPS-Credentials and functions:
- Get-Credential
- New-Credential
- Get-ServiceAccount
  - Added data files for Users and Certificates. They can be found here 'Setup\Configuration\Data\RpsAccounts.csv' and here 'Setup\Configuration\Data\RpsCertificates.csv'. For both data files, if no password is provided in the password column, a password will be randomly generated per user/certificate.

Rps-Credential

New-RpsCredential was updated to allow generation of a password, with or without a provided password policy.

Rps-Installer

Import-RpsCredential was updated to allow generation of a password, with or without a provided password policy.
MofStore location was changed from C:\Windows\Temp to C:\ContentStore\DSC

DSC

This release contains the following DSC enhancements:

Added Certification Authority Partial to install and configure a Certification Authority node.
Domain Admins no longer joins machines to the domain.
The RpsDomainJoin account now joins staged computer objects, within the Computers OU, to the domain using the minimum permissions required.
ContentDeliveryNetwork partial updated to install DFS-R for Region and Site nodes
Updated Dsc Modules to the following versions:

Module Core Version

AccessControlDsc 1.3.0.0

ComputerManagementDsc 6.2.0.0

PowerStig 3.1.0

xWebAdministration 2.5.0.0

ResourceControllerDSC 2.0.1

Module	Core Version
AccessControlDsc	1.3.0.0
ComputerManagementDsc	6.2.0.0
PowerStig	3.1.0
xWebAdministration	2.5.0.0
ResourceControllerDSC	2.0.1

RPS API

This release contains the following API enhancements:

Updated the Set-RpsTargetItem and Update-RpsTargetItem cmdlets to not allow the altering of an existing Parent if it has already been set.
Adding the following ResourceType constants:
- CATemplate
- OcspUriPath
- CdpUriPath
- AiaUriPath
- RegistryItem
- Crl
- NPSPolicyMap
- NPSClient
- RegistryAccessEntry
- RegistryAccessControlList
- RegistryAccessRule
- CertificationAuthority
BREAKING CHANGE: TypeDefinitions are now enforced on Target Items. All required params will have to be set when creating the target item.
Added Instance Definitions, which are pre-defined complex, default data for the purpose of quickly defining data but also codifying configuration data
Added a User Profile context to the Rps API in order to provide and track the current user. This provides the foundation for a RBAC implementation.
Added an optional method of export to provide the user with a plaintext XML file where protected properties are in the clear.
Added an optional CertificateThumbprint parameter to the Enter-RpsSession, Exit-RpsSession, Export-RpsData, and Import-RpsData cmdlets in order to encrypt/decrypt file exports and imports.
Added Get-RpsPasswordPolicy cmdlet
Added Set-RpsPasswordPolicy cmdlet
Added New-RpsPassword cmdlet
Added Update-MasterKey cmdlet
Added Get-RpsProtectedProperty cmdlet.
Added Instance Definition Nodes, which are pre-defined objects that can be used to create Nodes that are associated with Instance Definitions
Added Set-RpsTargetType cmdlet.
Added Set-RpsResourceType cmdlet.
Added Set-RpsSubType cmdlet.
Added Set-RpsChildType cmdlet.
Added Set-RpsTypeProperty cmdlet.
Added Set-RpsTypeRA cmdlet.
Added Set-RpsTargetAction cmdlet.
Added Set-RpsResourceGroupType cmdlet.
Added Get-RpsCredential cmdlet.
Added New-RpsCredential cmdlet.
Added Get-UnixHash cmdlet

Added Set-RpsTargetGroupType cmdlet.

Sample:

    $secureResult = Get-RpsProtectedProperty -TargetItem $targetItem -Name $name
    $secureResult = Get-RpsProtectedProperty -ResourceItem $resourceItem -Name $name
    $secureResult = Get-RpsProtectedProperty -Node $node -Name $name
    $secureResult = Get-RpsProtectedProperty -TaskMapAssignment $taskMapAssignment -Name $name
    $secureResult = Get-RpsProtectedProperty -ResourceGroup $resourceGroup -Name $name
    $secureResult = Get-RpsProtectedProperty -TargetGroup $targetGroup -Name $name

    # parameter setup
    $name = "propertiy name"

    # return variable to plain text
    $plainText = ConvertFrom-SecureString $secureString

Added Set-RpsProtectedProperty cmdlet.

Sample:

    Set-RpsProtectedProperty -TargetItem $targetItem -Name $name -Value $securePwd
    Set-RpsProtectedProperty -ResourceItem $resourceItem -Name $name  -Value $securePwd
    Set-RpsProtectedProperty -Node $node -Name $name -Value $securePwd
    Set-RpsProtectedProperty -TaskMapAssignment $taskMapAssignment -Name $name -Value $securePwd
    Set-RpsProtectedProperty -ResourceGroup $resourceGroup -Name $name -Value $securePwd
    Set-RpsProtectedProperty -TargetGroup $targetGroup -Name $name -Value $securePwd

    # parameter setup
    $name = "propertiy name"
    $value = ConvertTo-SecureString "Value" -AsPlainText -Force

Enhanced Set-RpsTargetItem and Set-RpsResourceItem cmdlets to accept protected properties from a hashtable using the SecureString type. Sample:

  Set-RpsTargetItem  -Name $name -Type $type -Properties @{ Protected = $secureString }
  Set-RpsResourceItem  -Name $name -Type $type -Properties @{ Protected = $secureString }
  ```

Breaking Change: Marked New-RPSTaskMapStructure cmdlet as Obsolete.
Modified the API to mask protected properties when they are returned to the console.

Added New-RpsInstanceDefinition Cmdlet. Sample:

    $hs = @{
    Prop1 = "value1"
    Prop2 = "value2"
    New-RpsInstanceDefinition -Name testName -Properties $hs

Added New-RpsInstanceDefinitionItem Cmdlet. Sample: An Instance Definition Item is a wrapper for an RPS type and associated Properties. PowerShell New-RpsInstanceDefinitionItem -EntityName testEntityName -Name name2 -Properties @{Prop1 = "Value1"} -TypeDefinitionId $typedefinition.id
Added Invoke-RpsInstanceDefinition Cmdlet. PowerShell Invoke-RpsInstanceDefItem -Settings $resourceItem -InstanceDef $instanceDefinition

Added Set-RpsInstanceDefinition Cmdlet. Sample:

    Set-RpsInstanceDefinition -Name $Name1
    Set-RpsInstanceDefinition -Name $Name1 -Properties @{Prop1 = "Value1"}

Added Remove-RpsInstanceDefinitionItem Cmdlet.

    Remove-RpsInstanceDefinitionItem -Id "8825A09C-CCE3-4BB0-BCE1-03B4729AC423"
    Remove-RpsInstanceDefinitionItem -InstanceDefinitionItem $InstanceDefinitionItem

Added Get-RpsInstanceDefinition Cmdlet. Sample:

    Get-RpsInstanceDefinition -Id "8825A09C-CCE3-4BB0-BCE1-03B4729AC423"
    Get-RpsInstanceDefinition -Name MyInstanceDef

Added Remove-RpsInstanceDefinition Cmdlet. Sample:

 Remove-RpsInstanceDefinition -Id "8825A09C-CCE3-4BB0-BCE1-03B4729AC423"
 Remove-RpsInstanceDefinition -InstanceDefinition $InstanceDefinition

Added Set-RpsInstanceDefinitionItem Cmdlet. Sample:

    Set-RpsInstanceDefinitionItem -Name $Name1 -TypeDefinitionId $id -EntityName $entityName
    Set-RpsInstanceDefinitionItem -Name $Name1 -TypeDefinitionId $id -Properties @{Prop1 = "Value1"} -EntityName $entityName

Added Get-RpsInstanceDefinitionReference. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
$reference = Get-RpsInstanceDefinitionReference -Name "name" -InstanceDefinition $instanceDef -InstanceDefinitionItem $instanceDefItem

Added New-RpsInstanceDefinitionReference. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
$taskMapIDs = "5b8b0340-091f-4823-b2f9-de937b5b4114", "a83b5445-3cc0-433e-b5e0-0fcf70389988"
$reference = New-RpsInstanceDefinitionReference -Name "name" -InstanceDefinition $instanceDef -InstanceDefinitionItem $instanceDefItem -TaskMapIDs $taskMapIDs

Added Remove-RpsInstanceDefinitionReference. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
Remove-RpsInstanceDefinitionReference -Name "name" -InstanceDefinition $instanceDef -InstanceDefinitionItem $instanceDefItem

Added Remove-RpsInstanceDefinitionAssociation. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
$instanceDefItem2 = Get-RpsInstanceDefinitionItem -Name "MyItem2"
Remove-RpsInstanceDefinitionAssociation-InstanceDefinition $instanceDef -PrimaryReference $instanceDefItem -Secondaryreference $instanceDefItem2

Added New-RpsInstanceDefinitionAssociation. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
$instanceDefItem2 = Get-RpsInstanceDefinitionItem -Name "MyItem2"
New-RpsInstanceDefinitionAssociation-InstanceDefinition $instanceDef -PrimaryReference $instanceDefItem -Secondaryreference $instanceDefItem2

Added Get-RpsInstanceDefinitionAssociation. Sample:

$instanceDef = Get-RpsInstanceDefinition -Name "MyDefinition"
$instanceDefItem = Get-RpsInstanceDefinitionItem -Name "MyItem"
$instanceDefItem2 = Get-RpsInstanceDefinitionItem -Name "MyItem2"
Get-RpsInstanceDefinitionAssociation-InstanceDefinition $instanceDef -PrimaryReference $instanceDefItem -Secondaryreference $instanceDefItem2

Added New-InstanceDefinitionNode. Sample:

New-RpsInstanceDefinitionNode -EntityName testEntityName -Name name2 -Hostname hostname -IPAddress 1.1.1.1 -SyncEndpointUrl syncEndpoint -certificateThumbprint certThumbprint -pollingInterval 1

Added Set-InstanceDefinitionNode. Sample: PowerShell Set-RpsInstanceDefinitionNode -Name name1 -EntityName testEntityName2 -Hostname hostname2 -IPAddress 2.2.2.2 -SyncEndpointUrl syncEndpoint2 -certificateThumbprint certThumbprint2 -pollingInterval 2
Added Get-InstanceDefinitionNode. Sample: PowerShell $instanceDefNode = Get-RpsInstanceDefinitionNode -Name name1
Added Remove-InstanceDefinitionNode. Sample: PowerShell Remove-RpsInstanceDefinitionNode -Id "8825A09C-CCE3-4BB0-BCE1-03B4729AC423" Remove-RpsInstanceDefinitionNode -InstanceDefDefinitionNode $InstanceDefinitionNode
Updated demo data scaffolding to support DCA image testing.
- Added NOP79190 node to Nodes.psd1 to support DCA image testing.
- Added NOP79190 target item to TargetItems folder to support DCA testing.
- Updated Assignments.psd1, ResourceGroups.psd1, and Initialize-Image.ps1 to support DCA image testing.
Updated demo data scaffolding to support NDM image testing.
- Updated TCN79192 demo data scaffolding to support NDM image testing.
- Added TCN79192 node to Nodes.psd1 to support NDM testing.
- Added TCN79192 target item to TargetItems folder to support NDM testing.
- Updated Assignments.psd1, ResourceGroups.psd1, and Initialize-Image.ps1 for NDM image testing.
Modified Initialize-Baseline.ps1 to support dynamic testing of images.
Updated PartialConfigurations-cmdb.tests.ps1 to support dynamic testing of images. Now includes the DCA and NDM image.

Admin UI

Added Generate Random Password functionality for Resource Item, Target Item, and Patch Password fields.
Added the ability for Generate Random Password to be based on a Password Policy.
Modified the UI to mask protected properties.
Added password/protected property reveal functionality to the UI.
Added the ability to supply a certificate thumbprint for encrypting/decrypting CMDB file export/import via the UI.
Updated the Task Map Step Number and Depends On columns, so it has a consistent sort order.

Resolved Issues

Top issues addressed in 3.0:

Fixed issue in the the RPS Install that was causing DSC to fail on Node Registration and import.
Fixed issue with SID translation that would force manual intervention.
Fixed issue where user rights assignment settings within the core repo were conflicting when STIGs were applied.

Known Issues

Issues Addressed in RPS release 2.4.6

#21479 LCM Configuration Mode is not controllable per target from the CMDB
#21445 Missing utilities folder in local content store
#21422 RpsProvisioning cannot configure virtual drive
#21557 Rps-encryption breaking SAN's
#21558 Rps-Network doesnt allow existing exclusion assignments
#21559 RpsDomainController only applies tombstone lifetime to primary dc
#20900 2Q19 User Principal Name suffix isn't being configured on DSC VM or AD.rps.local
#21469 Access Database partial is assigned in colorless baseline data for RVP
#21483 Remove RVPS GUI files and install and powerstig from the release
#21538 Prov Vlan updates from GDMS
#21539 TaskMap Updates from GDMS
#21566 Runbook retries implemented where network communications can be a factor
#21536 GPO Updates to UnifiedAD
#20788 Duplicate Import-RPSNode Functions
#21472 OCSP website has request filters that need to be removed
#20670 PowerSTIG Service rules fail if the expected service does not exist

Issues Addressed in RPS release 2.4.5

#21275 Cannot add patches to a target and republish
#21396 RVP computer account on Dev node deployment not added to correct OU
#21371 OsCore does not create a Disk resource for targets with multiple disks
#20952 2Q19 Update to only install McAfee agent 5.5
#21269 Publish-DSCPatch.ps1 pathing bug breaks Patching
#20951 2Q19 Update VMware-tools-10.3.10-12406962
#16291 RVP - CdnPath points to C$ instead of share
#20897 RVP missing ImagesParentPath property
#20867 New-ProvisioningNodeConfiguration.ps1 has incorrect property name images parent folder property
#20875 Unneeded array item causes a duplicate resource ID error during compilation
#20674 Failing resource on DSC - [xADForestProperties]
#20878 RpsSQL and RpsSMA resource controller has incorrect import version
#17860 On a running Prov Laptop APP VM, when a taskmap assignment and RunOnLocalNode has been issued, the first 3 workflows fail
#21354 Get-DSCStatus is not assigned to targets therefore patch status is not updated
#20897 RVP missing ImagesParentPath property
#20928 2Q19 Utilities and Certificates not present in localContent Store Path
#20931 Created Dev Enclave/Node to reduce the complexity of deployments across teams
#20932 Remove hardcoded data from installer. Modify Hyper-V VM creation scripts to ensure VM environments are generated as specified
#20948 2Q19 Update Adobe Reader to 19.012.20034
#20950 2Q19 Update Java\jre-8u212-windows-x64.exe
#21395 OcspResponder partial is skipped on RVP due to missing property
#21383 RPSOSCore.ps1 network profile configuration can only set one interface to Private, otherwise there are resource conflicts
#21006 2Q19 Certificate generation creates malformed SANs during import
#20928 2Q19 Utilities and Certificates not present in localContent Store Path

Issues Addressed in RPS release 2.4.4

19832 Copy-ContentStore does not log an alert when a file copy fails
19666 ResourceGroups.psd1 for the DSC missing items
20757 Adobe Acrobat version needs updated in partial
20559 Firewall Rules only allow traffic for specific applications
20603 GPO SIDs are not being translated into domain accounts when imported
20607 TrustElementRepository Reader/Writer sites have incorrect bindings
20690 Failing resource on RVP - [xPackage]McAfee Agent
19528 Test-DscMof does not detect resource conflicts between PowerStigConfiguration and other partials
20605 TrustElementRootPath gets set to wrong path
20611 Failing resource on RVP - [AdcsOnlineResponder]OnlineResponder
20776 RVP data has assigned partials that should not be assigned
19832 Copy-ContentStore does not log an alert when a file copy fails
19661 Set contentfreshness for sysvol replication on all domain controllers to 365 days maxtimeofflineindays setting
20604 Conflicting ComputerManagementDsc module versions
20821 SMA Runbook account needs to have LogonAsAService permissions
20607 TrustElementRepository Reader/Writer sites have incorrect bindings
19528 Test-DscMof does not detect resource conflicts between PowerStigConfiguration and other partials
20605 TrustElementRootPath gets set to wrong path
Update to PowerSTIG 3.2.0
STIG Rule Updates: 41023, 41024, 4102, 41026, 41407, 41021, 41022, 41027 41028, 41029, 41030, 41031, 41032, 41033, 41035, 41042 41305, 41306, 41307, 41037, V-41251, V-40950, V-69169 V-40952, V-40953, V-41016, V-41017

Issues Addressed in RPS release 2.4.3

Released on May 15, 2019

Removed dependency on xCAPIstore resources
Removed unneeded service restart in domain controller resource
Updated Install-MNRps so execution can occur without $VhdFolderPath and $VMTemplateFileName
Separated reader and writer SSL settings for the Trusted Element Reader website
Fixed duplicate resources being created between PowerStig and RPS partials
The $allComputers variable in Rps-Installer module was not properly populated and resulted in unexpected deployment
Fixed issues where DNS Zones were not loaded; the same fix addresses 'Domain Controller promotion fails due to unknown root cause; possible SMB contention issue' and 'replica DC promo fails multiple connection issue'
Added an array for value data on IPv6 disable resource
Fixed Master-Controller failing to resume after service or machine restart
Addressed xWebAdministration version references mismatch
Added a reboot for ssl binding registry update to address Registry resource failing to add registry keys for TER
Fixed inbound Reader and Writer traffic being blocked to the RVP
Fixed the issue where PFX files were attempting to get uploaded to the TER site
Removal of ResourceControllerDSC module version 1.3.1 and added ResourceControllerDSC module version 2.0.0.
Updated version for import-module calls for ResourceControllerDSC
Added use of ResourceController for Allow Log on Locally, and Log on as a Service URAs within RpsSync partial.
Within the RpsSecIIS partial, added three resources that leverage ResourceControllerDSC to remove .NET v.4.5, and .NET v.4.5 Classic accounts from Log on as a service, Generate security audits, and replace a process level token before they become rogue/dead sids.
COTS Update - McAfee
- Agent 5.5.1.462
- ACCM 3.2.5
- RSD 5.0.6.125
- SIEM Collector new
COTS Update - ActivClient 7.1
COTS Update - Adobe Reader 19.10.20091.53467

Issues Addressed in Core release 2.4.2

Released on April 17, 2019

Added and updated tombstone parameter
Added forest name to domain object for laptop build
User and Group property updates
Add MC check to ensure only one MC is running
Add max reserved memory for SQL
Added RSAT for DNS
Add tombstone configuration

Issues Addressed in DSC_Images tagged 2.4.2

Changes made to partial to reflect the most current VMWare tools software
Integrate PowerStig 3.1
Bug fix to allow for duplicate name
Add a forest name property to the ADDomain object
Add valid task map action
Updating the NT Auth store can fail - this breaks CAC login
Updated NPS partial to use NPS group configuration from CMDB
Update tombstone value on domain controller
Added property for max memory

Issues Addressed in 2.4.1

Released on April 2, 2019

partial update for the gpomanagementdsc module update in DSC_Images
adding UPN Suffix to adobjects
Update RpsDomainController.ps1
disable ipv6
Using Registry instead of xRegistry

What's New in 2.4

Released on January 29, 2019

PowerShell

This release contains the following PowerShell enhancements:

The RPS Installer was updated to support complex task map execution in order to provide the ability to create ESXi, VMware, or Hyper-V based hosts and virtual machines.
Added support for ESXi Host and virtual machine configurations.
Improved Installer's ability to generate representative XML for RPS Import by reducing the number of switches required during the installation/configuration.

Reorganized RPS PowerShell Modules into:

Module	Description
Rps-Api	Core API functions
Rps-Credential	Create and access credentials in RPS CMDB
Rps-Dsc	Utility to help publish, manage and test RPS DSC Partials
Rps-Encryption	Manage certificates and encryption
Rps-Installer	RPS Configuration, Data Import and Installation helpers
Rps-IpSheet	Import networking information from an IPSheet Excel document
Rps-Network	Network Utilities
Rps-Snmp	Communicate with network switches
Rps-Types	Create and manage RPS Type Definitions
Rps-Utilities	Additional Utilities
Rps-Virtualization	Management of Virtualization

Refactored New-HypervVirtualMachine to support additional configuration options. The new runbook is now called Set-HyperVVirtualMachine. Enhancements include support for the following:

Generation 1 virtual machines
Vhd disks
All virtual switch types (Internal, External, Private)
N number of disk/dvd drives and nics (Up to Hyper-V limitations)
Processor configuration
Static/Dynamic memory configuration
Image from .iso, differencing disk, existing disk

Virtual network adapter IP address configuration, including VLAN tagging

In order to take advantage of all these configurable options, the data must be representative of the configuration that is desired. Below is a representation of the relationship within the Rps type definitions:

Object	Rps Entity Type	Rps Type	Rps SubType	Parent Object	Assignment
Host	Resource/Target	Host	HyperV	N/A	VirtualMachine
Virtual Machine	Target	VirtualMachine	N/A	N/A	Host
Virtual NIC	Target	NIC	VirtualMachine	N/A	VirtualSwitch
VHD(X)	Target	Drive	Disk	VirtualMachine	N/A
Dvd	Target	Drive	DVD	VirtualMachine	N/A
Processor	Target	Processor	N/A	VirtualMachine	N/A
Virtual Switch	Resource	VirtualSwitch	HyperV	N/A	NIC

To see the configurable properties on each of these objects, please reference the Rps type definitions located at "ContentStore\Setup\Configuration\Import-RpsTypes.ps1".

Sample configurations are located at "ContentStore\Demos\Set-HyperVVirtualMachine".

DSC

This release contains the following DSC enhancements:

Added support for multi-step software installs to the Software Distribution Partial.
Updated Runbook Guidance based on lessons learned from ESXi and SNE MVP.
Added support for additional DHCP configuration options in the RpsDhcp partial such as:
- Scope option definitions
- Scope definitions
- Exclusion ranges
- Server bindings
Updated Dsc Modules to the following versions:

Module Core Version

ComputerManagementDsc 6.0.0.0

ResourceControllerDSC 1.3.1.0

SqlServerDsc 12.1.0.0

xActiveDirectory 2.22.0.0

xHyper-V 3.13.0.0

xWebAdministration 2.3.0.0
Added support for PKI functionlity to support DCA image with new DSC resource MN_ActiveDirectoryCSDsc (Forked from ActiveDirectoryCSDsc 3.1.0.0). New resource include:
- AdcsAiaExtension
- AdcsCdpExtension
- AdcsCertificateTemplate
- AdcsImportCrl
- AdcsInstallCertificate
- AdcsOcspExtension
- AdcsPublishCert
- AdcsPublishCrl
Added support for GPO Management functionlity to support NDM image with DSC resource MN_GpoManagementDsc. New resource include:
- GpSecurityFilter

Module	Core Version
ComputerManagementDsc	6.0.0.0
ResourceControllerDSC	1.3.1.0
SqlServerDsc	12.1.0.0
xActiveDirectory	2.22.0.0
xHyper-V	3.13.0.0
xWebAdministration	2.3.0.0

RPS API

This release contains the following API enhancements:

Added support for structured logging during unattended RPS Installer executions.
Updated the RPS API to optimize Target loading with several Task Map Assignments.

Resource Items and Resource Assignments can now be retrieved by Role, which is a special property designated for tracking the purpose of a resource item or its relationship to a target item. The Role property can be placed on a Resource Item or the Resource Assignment and can hold multiple values separated by the | symbol. To get resource items that have a specific role or have an assignment with a specific role, use the -MatchAssignmentRole parameter.

Sample:

    $clientAuthCerts = Get-RpsResourceItem -Type Certificate -Role "ClientAuth"
    $localAdmins = Get-RpsResourceItem -TargetItem $computer -Type Credential -Role "LocalAdministrator" -MatchAssignmentRole

Sample:

In this example, a Credential (Resource) is assigned to a Computer (Target). The assignment is given a Role of "LocalAdministrator". We can retrieve the designated Local Administrator credential for the computer by using the -Role parameter.

    # assign credential and set roles
    $computer = Get-RpsTargetItem -Type "Computer" -Name "Win137"
    $credential = Get-RpsResourceItem -Type "Credential" -Name "RpsAdministrator"
    $assignedCredential = New-RpsResourceAssignment -TargetItem $computer -ResourceItem $credential
    $assignedCredential.Role = "LocalAdministrator|RpsUser"
    $assignedCredential.Update()

    # retrieve the LocalAdmin credential for the computer
    $localAdminAssignment = Get-RpsResourceAssignment -TargetItem $computer -Role "LocalAdministrator"

Added the -Scope parameter on the New-RpsTaskStep cmdlet.

Sample:

    New-RpsTaskItem -WorkflowName "Resolve-TargetMacAddress"
    New-RpsTaskItem -WorkflowName "Wait-TargetReady"
    New-RpsTaskItem -WorkflowName "Wait-TargetReady"
    New-RpsTaskItem -WorkflowName "Copy-BaseImages"
    New-RpsTaskItem -WorkflowName "New-VMWareVirtualMachine"
    New-RpsTaskItem -WorkflowName "Resolve-TargetDhcpIPAddress"

    # parameter setup
    $baremetalConfig = @{ TargetItemType = "Computer"; Filters = @{ IsHypervisor = "False" } }
    $esxConfig = @{ TargetItemType = "Computer"; Filters = @{ IsHypervisor = "True" } }
    $vmConfig = @{ TargetItemType = "VirtualMachine"; Filters = @{ "IsAppliance" = "False" } }
    $vmApplianceConfig = @{ TargetItemType = "VirtualMachine"; Filters = @{ "IsAppliance" = "True" } }
    $rvpConfig = @{
        TargetItemType = "VirtualMachine";
        Filters = @{ "IsAppliance" = "False"; "Designation" = "RVP" }
    }

    # Task Map creation
    $map = New-RpsTaskMap -Type "ProvisionSystemDemo" -Name "ProvisionSystemDemo"
    $mapConfig = @{ TaskMap = $map; AllowMultipleTargets = $true; IsTargetRequired = $true }

    # Adding steps to task map
    $resolveMac = New-RpsTaskMapStep @mapConfig -RunbookName "Resolve-TargetMacAddress" -TargetItemType "Switch"
    $waitBaremetal = New-RpsTaskMapStep @mapConfig -RunbookName "Wait-TargetReady" -TargetItemType "Computer"

    $baremetalHV1 = New-RpsTaskMapStep -TaskMap $map -RunbookName "Copy-BaseImages" -Dependencies $waitBaremetal @esxConfig
    $baremetalVM1 = New-RpsTaskMapStep @mapConfig -RunbookName "New-VMWareVirtualMachine" -Dependencies $baremetalHV1 @vmConfig

    #Adding step with dependecy
    $baremetalVM2 = New-RpsTaskMapStep @mapConfig -RunbookName "Resolve-TargetDhcpIPAddress" @vmConfig -Dependencies $baremetalVM1 -Scope Self

Admin UI

This release contains the following Admin UI enhancements:

Added LocalNode UI option on execution of Task Map Assignment.
Defaulted Resource Assignment state to Ready where no approval action needs to take place.
Calculated the file hash of an imported file on Import.
Corrected Pending Task Individual Count.
Removed the Pending Actions on targeting list views.
Made the Active and Global flags display consistently throughout the UI.
Replaced the Edit and Remove hyperlinks with command buttons on the TaskMap derail views.
Updated the UI to optimize loading a Target Item's details when several Task Map Assignments exist.
Combined Pending Tasks and Task Information sections into one Job section on the Target Details view.

Resolved Issues

Top issues addressed in 2.4:

Resource Groups fails to import when group references already exist.
Provisioning Service returns a 500 error if a duplicate object is found.
Calling Set-RpsResourceItem and/or Set-RpsTargetItem with null properties causes a null-reference exception.
Set-RpsResourceItem does not update parent's state when adding children.
Import TaskMap with non-default dependency when scope is ignored.
IpSheet import fails due to missing Access Database Engine pre-requisite.
Task Assignment History not saved while in Session.
RPS Session failing to refresh deleted Task Assignments from Target Item.
Pending Task Individual Count is incorrect in the Target Item Detail view.
Modified the Wait-TargetReady runbook to support both PhysicalMachine and Computer Types.
The Installer's -GenerateXmlOnly switch fails to generate usable file when -ConfigFilename specified.
Added the ability for more than one process to access isolated storage at the same time.
Exported data doesn't include the Task Map Assignment if assigned to Child Item.
Task Map Step Dependency scope is not imported.
Added a fix for Installer when Script fails to fully execute when not running elevated.
Inception deployment fails with an HttpSetServiceConfiguration error.
Import-RpsIpsheet on TestIpSheet takes too long.
Encrypted Dsc partials fail to decrypt when a partial without a credential is applied first.

Known Issues

RPS Install isn't exporting Host Node info, causing DSC to fail on Node Registration and import.
UserRightsAssignment Dsc resource can sometimes fail due to failure to translate SIDs. See here for more information on the details. You can see this error exposed in Dsc:

alt text

A workaround for this is to open Secpol.msc and remove any untranslated SID's for the targeted user right:

alt text

What's New in 2.3

Released on October 30, 2018

PowerShell

This release contains the following PowerShell enhancements:

Master-Controller now has the ability to run recurring tasks and scheduled tasks.
The Get-DscStatus runbook will now by default run every two hours.
Virtual disk file locations will use the Hyper-V default filepath when creating a virtual machine. You can also optionally specify an alternate location to store the vhdx.
ServerAdmin role created for all administrative functions required by Rps. It previously required the DomainAdmin role.
Installer can dynamically generate self-signed certificates per deployment. It will use the configuration data supplied to populate their properties. Can also supply your own certificates. See the Certificate Usage document for details.
Added the capability to suppress reboots for individual software installs.

Reorganized RPS PowerShell Modules into:

Module	Description
Rps-Api	Core API functions
Rps-Credential	Create and access credentials in RPS CMDB
Rps-Dsc	Utility to help publish, manage and test RPS DSC Partials
Rps-Encryption	Manage certificates and encryption
Rps-Installer	RPS Configuration, Data Import and Installation helpers
Rps-IpSheet	Import networking information from an IPSheet Excel document
Rps-Snmp	Communicate with network switches
Rps-Types	Create and manage RPS Type Definitions
Rps-Utilities	Additional Utilities

DSC

This release contains the following DSC enhancements:

Created/Updated DSC Partial Configurations to support cross-forest configurations, Provisioning Service, CDN Service

Updated Dsc Modules to the following versions:

Module	Core Version
AccessControlDsc	1.1.0.0
CertificateDsc	4.4.0.0
ComputerManagementDsc	5.2.0.0
NetworkingDsc	6.1.0.0
SecurityPolicyDsc	2.4.0.0
SqlServerDsc	11.4.0.0
xActiveDirectory	2.21.0.0
xDatabase	1.9.0.0
xDhcpServer	2.0.0.0
xDnsServer	1.11.0.0
xPSDesiredStateConfiguration	8.3.0.0
xSmbShare	2.1.0.0
xWebAdministration	2.2.0.0
xWindowsUpdate	2.7.0.0

RPS API

This release contains the following API enhancements:

The Task assignment restrictions were relaxed so that a Task Map can be assigned to non-root Target items. The New-RpsTaskAssignment Cmdlet previously restricted an assignment to only root-level target items. However, the restriction is no longer applicable within vehicle provisioning scenarios, where the vehicle is the root, DCEs are child items and virtual machines are grandchildren targets.
Updated the Task Map Dependency scope to allow defining dependencies scoped to "all" (target), "self", and "parent". This provides the capability to have DCE1 tasks run parallel to DCE2 tasks, given that the DCEs are both children of a SNE parent.
Simplified Task Map creation by creating the New-RpsTaskMapStep Cmdlet. The Cmdlet may accept a runbook name parameter instead of "TaskItem", essentially eliminating the need for using the existing Task Map structure. In addition, the New-RpsTaskMapStep Cmdlet will accept filters and dependencies inline.

The New-TaskMapDefinition, New-TaskMapDefFilter, and New-TaskMapDefDependency Cmdlets are marked as obsolete and have been replaced by the New-RpsTaskMapStep, New-RpsTaskMapStepFilter, and New-RpsTaskMapStepDependency Cmdlets respectively.

Sample:

 # Create target items
 $sne1 = New-RpsTargetItem -Type Vehicle -Name SNE1
 $switch1 = New-RpsTargetItem -Type Switch -Name "Cisco Switch" -ParentItem $sne1
 $dce1 = New-RpsTargetItem -Type DCE -Name "DCE 1" -ParentItem $sne1
 $dce2 = New-RpsTargetItem -Type DCE -Name "DCE 2" -ParentItem $sne1
 $dce3 = New-RpsTargetItem -Type DCE -Name "DCE 3" -ParentItem $sne1
 $rvpVM = New-RpsTargetItem -Type VM -Name "RVP" -ParentItem $dce2

 # Create tasks
 $task1 = New-RpsTaskItem -WorkflowName "Wait-Switch"
 $task2 = New-RpsTaskItem -WorkflowName "Wait-DCE"
 $task3 = New-RpsTaskItem -WorkflowName "Set-DCEConfig"
 $task4 = New-RpsTaskItem -WorkflowName "New-ESXIVM"
 $task5 = New-RpsTaskItem -WorkflowName "Publish-Dsc"

 # Create task map
 $map = New-RpsTaskMap -Type "Provision-Vehicle" -Name "Provision-SNE"
 $step1 = New-RpsTaskMapStep -TaskMap $map -TaskItem $task1 -TargetItemType Switch
 $step2 = New-RpsTaskMapStep -TaskMap $map -TaskItem $task2 -TargetItemType DCE -Dependencies $step1
 $step3 = New-RpsTaskMapStep -TaskMap $map -TaskItem $task3 -TargetItemType DCE
 New-RpsTaskMapStepDependency -PreviousStep $step2 -Step $step3 -Scope Self
 $step4 = New-RpsTaskMapStep -TaskMap $map -TaskItem $task4 -TargetItemType VM
 New-RpsTaskMapStepDependency -PreviousStep $step3 -Step $step4 -Scope Parent
 $step5 = New-RpsTaskMapStep -TaskMap $map -TaskItem $task5 -TargetItemType VM
 New-RpsTaskMapStepDependency -PreviousStep $step4 -Step $step5 -Scope Self

 # Assign map
 New-RpsTaskAssignment -TaskMap $map -TargetItem $sne1

Sample: Inline filters and dependencies

 $byFilter = New-RpsTaskMapStep -TaskMap $map -Filters @{ Type = "VirtualMachine"; IsDsc = $true }
 $withDependencies = New-RpsTaskMapStep -TaskMap $map -Dependencies @( $step1, $step2 )
 $byRunbookName = New-RpsTaskMapStep -TaskMap $map -RunbookName "Publish-Dsc"

Added the ability to nest Resource Groups in order to enable RPS to model many complex scenarios such as AD Security groups.

Sample:

 # Define a new Type Definition with the IsGroupReference flag
 Set-RpsResourceType -Name "ADGroup" -IsRoot -IsGroupReference

 # Create AD Groups
 $ADDomainUsersGroup = New-RpsResourceGroup -Type "ADGroup" -Name "All Domain Users"
 $ADAdminGroup = New-RpsResourceGroup -Type "ADGroup" -Name "Domain Admins"
 $ADDNSAdminGroup = New-RpsResourceGroup -Type "ADGroup" -Name "DNS Admins"
 $ADDirectorsGroup = New-RpsResourceGroup -Type "ADGroup" -Name "Directors"

 # Create AD Users and asign them to groups
 $AdUser1 = New-RpsResourceItem -Type "AdUser" -Name "AdUser1" -ResourceGroup $ADDomainUsersGroup -IsGlobal $true
 $AdUser2 = New-RpsResourceItem -Type "AdUser" -Name "AdUser2" -ResourceGroup $ADAdminGroup -IsGlobal $true
 $AdUser3 = New-RpsResourceItem -Type "AdUser" -Name "AdUser3" -ResourceGroup $ADAdminGroup -IsGlobal $true
 $AdUser4 = New-RpsResourceItem -Type "AdUser" -Name "AdUser4" -ResourceGroup $ADDNSAdminGroup -IsGlobal $true
 $AdUser5 = New-RpsResourceItem -Type "AdUser" -Name "AdUser5" -ResourceGroup $ADDirectorsGroup -IsGlobal $true
 $AdUser6 = New-RpsResourceItem -Type "AdUser" -Name "AdUser6" -ResourceGroup $ADDirectorsGroup -IsGlobal $true

 # Add AdUser3 to the AD Directors Group as well
 $ADDirectorsGroup.AddChildItem($AdUser3)
 $ADDirectorsGroup.Update()

 # Get Group references
 $ADAdminGroupRef = Get-RpsResourceItem -Id $ADAdminGroup.Id
 $ADDNSAdminGroupRef = Get-RpsResourceItem -Id $ADDNSAdminGroup.Id
 $ADDirectorsGroupRef = Get-RpsResourceItem -Id $ADDirectorsGroup.Id

 # Assign Group references to All Domain Users Group
 $ADDomainUsersGroup.AddChildItem($ADAdminGroupRef)
 $ADDomainUsersGroup.AddChildItem($ADDNSAdminGroupRef)
 $ADDomainUsersGroup.AddChildItem($ADDirectorsGroupRef)
 $ADDomainUsersGroup.Update()

Find-Rps* Cmdlets have been deprecated and renamed to Get-Rps* with the same functionality. The original Find cmdlets have been retained and marked obsolete. However, they will be removed in a future release.
Added new Set-RpsTargetItem and Set-RpsResourceItem Cmdlets. Both Target and Resource Items can be created and edited via their respective Set-RpsTargetItem and Set-RpsResourceItem Cmdlets.

Sample: Create a new target item via Set-RpsTargetItem
```
 $computer = Set-RpsTargetItem -Type "Computer" -Name "Win137" -ParentItem $serverRack
```
Sample: Update an existing target item via Set-RpsTargetItem
```
 $computer = Set-RpsTargetItem -Type "Computer" -Name "Win137" -IsActive $false
```
Sample: Create a new resource item via Set-RpsResourceItem
```
 $resourceItem = Set-RpsResourceItem -Type "type" -Name "name"
```
Sample: Update an existing resource item via Set-RpsResourceItem
```
 $resourceItem = Set-RpsResourceItem -Type "type" -Name "name" -IsActive $false
```
Updated the Target Type Definitions to include a child type for Actions. Actions link a Target of a certain type to a TaskMap. This allows a user to easily determine the status of an Action via the Admin UI.
Added support for the retrieval of Target items, Target groups, Resource items, and Resource groups via wildcard property filters. The Get-RpsTargetItem, Get-RpsTargetGroup, Get-RpsResourceItem, and Get-RpsResourceGroup Cmdlets will return target\resource items and target\resource groups respectively using the properties supplied. If no properties are supplied, all items\groups will be returned. When using the -Filter Parameter, a $null value may be passed as a wildcard.

Sample: Get target items by properties
```
 $foundItem = Get-RpsTargetItem -Filter @{"MAC" = "00:11:22:33:44:55"}
 $foundAllItemsWithMACProperty = Get-RpsTargetItem -Filter @{"MAC" = $null}
```
Modified the API to allow for duplicate Task Map assignments to be created. RPS prevented assigning a Task Map to the same Target item more than once. This restriction was a legacy component in order to prevent Task Maps from changing after they were assigned. However, many scenarios such as the patching and provisioning processes are required to be run multiple times. Allowing Task Maps to be run multiple times enables RPS to have a cleaner user interface, cleaner logic, and overall better response times.
Added a new Get-RpsConstants Cmdlet that will return all the defined RPS constants.

Sample:
```
 $rps = Get-RpsConstants
```

Added Get-RpsInstanceDefinitionItem Cmdlet. Sample:

    Get-RpsInstanceDefinitionItem -Id "8825A09C-CCE3-4BB0-BCE1-03B4729AC423"
    Get-RpsInstanceDefinitionItem -Name MyInstanceDefItem
    Get-RpsInstanceDefinitionItem -ResourceItem $resourceItem -Filter $filterHashtable

Admin UI

This release contains the following Admin UI enhancements:

Added the TaskMap dependency scope to the TaskMap detail page.
Added the ability to navigate between nested Resource Groups within the user interface.
Changed the user interface's default landing page to the local Node's detail page.
Added a section to the Node's detail page to display the status of its child Target items.
Added the display of associated Actions to the Target Item detail page. This allows a user to easily determine the status of an assigned TaskMap, such as "SNE Provisioning", and start the TaskMap if necessary via the Admin UI.
The Folder detail page was modified to list the files contained within the CDN folder.
Added bread crumbs to the user interface to simplify site navigation.
Simplified the Target details page by modifying the view to present just the high-level processes that are running and to use drill-downs view to access the more detailed information.
Added a new detail page for Task Map Assignment.
Added a new detail page for Resource Assignment.
Modified the Target Group page to allow for adding and removing Target items to and from a group.
Added the ability to select from any Task Map or Task item when assigning a new task to a Target item.

RPS Sync Service

This release contains the following Sync Service enhancements:

Separated process of requesting changes and sending changes, so a child node will not block operations on a parent node.
Queue received changes on all nodes, so changes won't be re-transferred on merge errors.
Added Snapshot Isolation to transactions to avoid inconsistent data when gathering changes.
Audit fields have been added to CMDB objects for use by Sync processes. These will be used by API in 2.4.

RPS CDN

This release contains the following RPS Content Delivery Network (CDN) enhancements:

CDN now uses Background Intelligent Transfer Service (BITS) to transfer files from Parent to Child CDN.
CDN uses hierarchical topology, where child requests files from parent, instead of full mesh used by DFS-R.
CDN includes a new Indexer Service which stores File and Folder information in the CMDB to reduce duplicate transfers.

Baremetal Provisioning Service

The RPS Provisioning Service is an HTTP-based Web API hosted in IIS for use in brokering information from the RPS CMDB to a pre-execution environment such as iPXE for installation of a defined image and configuration. For instance, iPXE can be configured to "point to" the Provisioning Service which will return a boot script file for the MAC address requested.

This release contains the new Baremetal Provisioning Service with the following features:

Return iPxe boot scripts from an http/https service based on matching devices in the CMDB.
Host full images (such as .iso, .wim) in the service for download from iPxe.
Host ESXi Kickstart scripts for ESXi configuration support.
Support approval of base image through Resource Assignments in CMDB.
Avoid boot looping through a configurable iPxe expiration period.

Resolved Issues

Top issues addressed in 2.3:

RPS objects were not consistently setting dates\times to UTC dates\times.
The DependsOn attribute was not handling all options.
In RpsSession, the TaskAssignment Cmdlets attempted to transact with the Database.
Internet Explorer failed to display glyph icons when using custom Cache-Control.
The RpsGui Partial throws an error when applying SSL Certificate.
In Server 2012, the New-HyperVVirtualMachine Runbook fails to add NICs to new VirtualMachines.
Remove-ItemProperty fails in RpsSession.
Test-DSCConfiguration returns false on CMDB deployment even after dacpac is deployed.
Property Bag missing support for deleting a property.
Target Item to GetResourceGroups and Resource to GetTargetGroups returns duplicate groups if group contains multiple members.
Duplicate node error upon entering previously saved RpsSession.
Calling Install-Rps for a specific node fails to create a parent node.
Sync property replication failure.
Sql Encryption fails to apply correctly.

Known Issues

UserRightsAssignment Dsc resource can sometimes fail due to failure to translate SIDs. See here for more information on the details. You can see this error exposed in Dsc:

alt text

A workaround for this is to open Secpol.msc and remove any untranslated SID's for the targeted user right:

alt text