Winget DSC (Desired State Configuration)
👋 Introduction
Desired State Configuration (DSC) is a feature that automatically keeps IT infrastructure in a defined, consistent desired state It provides drift control by ensuring that systems automatically conform to this defined state, maintaining consistency and correcting any deviations.
DSC can do stuff like keeping your applications up to date, ensuring services are running, applying configuration settings and managing files. These tasks help maintain consistency, security, and functionality across user devices with minimal manual intervention.
There are different versions and different implementations of DSC. Winget uses Powershell DSC 3.0 for the configure and Microsoft DSC 3.0 the new dscv3 command. These two implementations have different capabilities and purposes.
configure - Is build on top of Powershell DSC 3.0 and is used to configure your machine.
dscv3 - Is build on top of Microsoft DSC 3.0 and supports at the moment exporting the configuration of the current device, including Windows Settings, packages from configured WinGet sources and package settings from DSC v3 enabled packages.
TIP
If you want to know more about the differences in the underlying technologies, you can find more information here.
🚀 Start using WinGet & DSC
Winget configure
What can be configured?
- Configuration Settings
- Windows Explorer
- Dark Mode
- Taskbar
- Software Installation
- Winget
- MS Store
- Software Configurations
- Powershell Scripts
- Whatever you can think of
How to create a WinGet DSC configuration file
- Create a text file and save it with a
.dsc.yamlextension. - Open the file in a text editor and add content in the following format:
- Schema: Defines the structure and properties required to configure a resource.
- Properties: Defines the properties of a resource.
- Assertions: Sets the conditions that must be met for a configuration to apply.
- Resources: Defines the resources that are being configured.
- Configuration Version: Sets the version of the configuration.
Example Code:
# yaml-language-server: $schema=https://aka.ms/configuration-dsc-schema/0.2
properties:
assertions:
- resource: Microsoft.Windows.Developer/OsVersion
directives:
description: Verify min OS version requirement Windows 11 Version 23H2
allowPrerelease: true
settings:
MinVersion: '10.0.22631'
resources:
- resource: Microsoft.WindowsSandbox.DSC/WindowsSandbox
directives:
description: Create Windows Sandbox
allowPrerelease: true
settings:
Ensure: Present # Ensure the resource is present
LogonCommand: >
# Define a command to run when the sandbox is started
configurationVersion: 0.2.0
How to apply a configuration file
Open a PowerShell window and use the following code to apply the configuration file:
winget configure [filename].dsc.yamlINFO
Your configuration file does not have to be local, it can be a hosted file. This would allow you to apply a configuration file remotely via intune or other means.
Example of the Microsoft Sandbox WinGet DSC configuration file executing: 
WinGet DSC configuration possibilities example
WARNING
Please be aware that if you need administrator privileges to change the setting manually, the DSC configuration also requires you to run the PowerShell session as an administrator.
# yaml-language-server: $schema=https://aka.ms/configuration-dsc-schema/0.2
properties:
########################################################################
# Windows assertion Section: Defines the conditions that must be met for a configuration to apply
########################################################################
assertions:
- resource: Microsoft.Windows.Developer/OsVersion
directives:
description: Verify min OS version requirement Windows 11 Version 24H2
allowPrerelease: true
settings:
MinVersion: '10.0.26200'
########################################################################
# Windows resources Section: Defines the resources that are being configured
########################################################################
resources:
########################################################################
# Windows Settings: Enable Dark Mode
########################################################################
- resource: Microsoft.Windows.Developer/EnableDarkMode
directives:
description: Enable dark mode
allowPrerelease: true
settings:
Ensure: present # [Present, Absent]
# Use caution when setting `RestartExplorer: true` as this will force explorer to close.
RestartExplorer: true # Required to apply changes
########################################################################
# Windows Feature: Hyper-V (Code is correct, but there is a bug with the DSC resource which produces the error "Class not registered")
# https://github.com/microsoft/winget-cli/issues/4264
########################################################################
- resource: PSDscResources/WindowsOptionalFeature
directives:
description: Enable Hyper-V
settings:
Ensure: present # [Present, Absent]
Name: Microsoft-Hyper-V-All
########################################################################
# Winget: Install VS-Code & YAML extension
########################################################################
- resource: Microsoft.WinGet.DSC/WinGetPackage
id: install-vs-code
directives:
description: Install Microsoft Visual Studio Code
allowPrerelease: true
settings:
id: Microsoft.VisualStudioCode
source: winget
Ensure: Present
- resource: Microsoft.VSCode.Dsc/VSCodeExtension
id: install_vscode-yaml
dependsOn:
- install-vs-code
directives:
description: Install YAML extension for VSCode
allowPrerelease: true
settings:
Name: redhat.vscode-yaml
Exist: true
########################################################################
# Powershell: Install PowerShell Modules
########################################################################
- resource: PowerShellModule/PSModuleResource
id: install-microsoft.graph
directives:
description: Install MS Graph module
allowPrerelease: true
settings:
Module_Name: microsoft.graph
Ensure: Present
########################################################################
# MSStore: Install Microsoft Company Portal with Winget
########################################################################
- resource: Microsoft.WinGet.DSC/WinGetPackage
directives:
description: Installing Microsoft Company Portal
allowPrerelease: true
securityContext: current
settings:
id: "9WZDNCRFJ3PZ"
source: msstore
id: 9WZDNCRFJ3PZ
########################################################################
# Powershell Script: Check Autostart for OneDrive
########################################################################
- resource: PSDscResources/Script
id: OneDrive-Autostart
directives:
description: Autostart OneDrive
allowPrerelease: true
settings:
GetScript: |
# Your custom PowerShell code to check app configuration
TestScript: |
If( (Get-Item HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).property -contains "OneDrive" ){ return $TRUE } else{ return $FALSE }
SetScript: |
# PowerShell script commands to install VSCode extensions
New-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" -Name "OneDrive" -Value "C:\Program Files\Microsoft OneDrive\OneDrive.exe -background"
########################################################################
# Configuration Version: Defines the version of the configuration
########################################################################
configurationVersion: 0.2.0Next to outright starting the configuration, you can also show, list, test, validate and export configurations.
winget configure show [filename].dsc.yaml
Winget dscv3
What can be exported?
package: The Packages of the local devicesource: The Sources of the local deviceuser-settings-file: The User Settings File of the local deviceadmin-settings: The Admin Settings of the local device
How to export stuff?
Open a PowerShell window and with following code you can export the packages, sources, user-settings-file and admin-settings of the current device and there manifests and schemas.
winget dscv3 package --export
winget dscv3 package --schema
winget dscv3 package --manifestwinget dscv3 source --export
winget dscv3 source --schema
winget dscv3 source --manifestwinget dscv3 user-settings-file --export
winget dscv3 user-settings-file --schema
winget dscv3 user-settings-file --manifestwinget dscv3 admin-settings --export
winget dscv3 admin-settings --schema
winget dscv3 admin-settings --manifest
INFO
Be aware that the --output parameter currently does not work with the dscv3 command. So you need to copy the output from the console and save it manually.
💡 Conclusion
Desired State Configuration (DSC) provides a powerful, declarative foundation for defining and maintaining system state, ensuring environments remain consistent, auditable and free from configuration drift. By automating setup and enforcement, DSC reduces manual overhead and makes configuration management both scalable and reliable.
Winget DSC builds on this foundation by unifying package management and configuration into a single, scriptable workflow. With commands like configure for applying and enforcing settings and dscv3 for exporting current states, it enables reproducible, version-controlled setups that simplify provisioning and auditing across devices. When integrated with tools such as Intune or CI/CD pipelines, Winget DSC helps teams deliver consistent, ready-to-use systems faster and with greater confidence.
Resources