PowerShell · Gijsreyn · May 7, 2026 · May 7, 2026 · May 7, 2026 · May 7, 2026
diff --git a/...s/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md b/...s/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
@@ -0,0 +1,108 @@
+---
+description: >
+  Example showing how to use Microsoft.OpenSSH.SSHD/Windows to configure the default shell for SSH sessions.
+ms.date: 07/15/2025
+ms.topic: reference
+title: Configure default shell for SSH
+---
+
+# Configure default shell for SSH
+
+This example demonstrates how to use the `Microsoft.OpenSSH.SSHD/Windows` resource to
+set the default shell for SSH connections. The examples below configure PowerShell
+as the default shell for all SSH sessions.
+
+> [!NOTE]
+> You should run this example in an elevated context (as Administrator) to
+> ensure the SSH server configuration can be updated successfully.
+
+## Test the current default shell
+
+The following snippet shows how you can use the resource with the [dsc resource test][00] command to check whether PowerShell is set as the default shell.
+
+```powershell
+$instance = @{
+  shell = 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
+} | ConvertTo-Json
+
+dsc resource test --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+When PowerShell is not set as the default shell, DSC returns the following result:
+
+```yaml
+desiredState:       
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+actualState: {}
+inDesiredState: false
+differingProperties:
+- shell
+```
+
+## Set PowerShell as the default shell
+
+To set PowerShell as the default shell for SSH, use the [dsc resource set][01] command.
+
+```powershell
+dsc resource set --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+When the resource updates the default shell, DSC returns the following result:
+
+```yaml
+beforeState: {}
+afterState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+changedProperties:
+- shell
+```
+
+You can test the instance again to confirm that PowerShell is now the default shell:
+
+```powershell
+dsc resource test --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+```yaml
+desiredState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+actualState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+inDesiredState: true
+differingProperties: []
+```
+
+## Cleanup
+
+To restore your system to its original state, set `shell` to an empty string. The resource
+removes the `DefaultShell` registry value when the property is set to `""`:
+
+```powershell
+$cleanup = @{ shell = '' } | ConvertTo-Json
+dsc resource set --resource Microsoft.OpenSSH.SSHD/Windows --input $cleanup
+```
+
+Alternatively, you can remove the registry value directly:
+
+```powershell
+$params = @{
+    Path        = 'HKLM:\SOFTWARE\OpenSSH'
+    Name        = 'DefaultShell'
+    ErrorAction = 'SilentlyContinue'
+}
+Remove-ItemProperty @params
+```
+
+To verify the configuration is removed, use the `dsc resource get` command:
+
+```powershell
+dsc resource get --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+```yaml
+actualState: {}
+```
+
+<!-- Link reference definitions -->
+[00]: ../../../../../cli/resource/test.md
+[01]: ../../../../../cli/resource/set.md
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -0,0 +1,199 @@
+---
+description: Microsoft.OpenSSH.SSHD/Windows resource reference documentation
+ms.date:     07/02/2025
+ms.topic:    reference
+title:       Microsoft.OpenSSH.SSHD/Windows
+---
+
+# Microsoft.OpenSSH.SSHD/Windows
+
+## Synopsis
+
+Manage SSH server global configuration settings on Windows.
+
+## Metadata
+
+```yaml
+Version    : 0.1.0
+Kind       : resource
+Tags       : [OpenSSH, Windows]
+Author     : Microsoft
+```
+
+## Instance definition syntax
+
+```yaml
+resources:
+  - name: <instance name>
+    type: Microsoft.OpenSSH.SSHD/Windows
+    properties:
+      # Instance properties
+      shell:
+      cmdOption:
+      escapeArguments:
+```
+
+## Condition
+
+The resource only applies on systems where the `sshd` executable is available in PATH. DSC
+evaluates this with the expression `[not(equals(tryWhich('sshd'), null()))]` and skips the
+resource if `sshd` is not found.
+
+## Description
+
+The `Microsoft.OpenSSH.SSHD/Windows` resource enables you to idempotently manage the Windows
+OpenSSH server global settings. These settings are stored in the Windows registry under
+`HKLM\SOFTWARE\OpenSSH` and control the default shell behavior for SSH sessions:
+
+- Set the default shell executable for SSH connections.
+- Specify command-line options to pass to the default shell.
+- Control whether shell arguments are escaped.
+
+> [!NOTE]
+> This resource is installed with DSC itself on systems.
+>
+> You can update this resource by updating DSC. When you update DSC, the updated version of this
+> resource is automatically available.
+
+## Requirements
+
+- The resource requires OpenSSH server and client to be installed on the Windows system.
+- The resource must run in a process context that has permissions to manage the SSH server
+  configuration settings.
+- The resource must run at least under a Windows Server 2019 or Windows 10 (build 1809)
+  operating system or later.
+
+## Capabilities
+
+The resource has the following capabilities:
+
+- `get` - You can use the resource to retrieve the actual state of an instance.
+- `set` - You can use the resource to enforce the desired state for an instance.
+
+This resource uses the synthetic test functionality of DSC to determine whether an instance is in
+the desired state. For more information about resource capabilities, see
+[DSC resource capabilities][00].
+
+## Examples
+
+1. [Configure default shell PowerShell][01] - Shows how to set the default shell to PowerShell.exe
+
+## Properties
+
+The following list describes the properties for the resource.
+
+- **Instance properties:** <a id="instance-properties"></a> The following properties are optional.
+  They define the desired state for an instance of the resource.
+
+  - [shell](#shell) - The path to the default shell for SSH.
+  - [cmdOption](#cmdOption) - Specifies command-line options for the shell.
+  - [escapeArguments](#escapeArguments) - Specifies whether shell arguments should be escaped.
+
+### shell
+
+<details><summary>Expand for <code>shell</code> property metadata</summary>
+
+```yaml
+Type             : string, null
+IsRequired       : false
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Defines the path to the default shell executable to use for SSH sessions.
+When specified, the value must be a valid path to an executable on the system.
+
+### cmdOption
+
+<details><summary>Expand for <code>cmdOption</code> property metadata</summary>
+
+```yaml
+Type             : string, null
+IsRequired       : false
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Specifies optional command-line options to pass to the shell when it's launched.
+
+### escapeArguments
+
+<details><summary>Expand for <code>escapeArguments</code> property metadata</summary>
+
+```yaml
+Type             : boolean, null
+IsRequired       : false
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Determines whether shell arguments should be escaped. When set to `true`, the arguments will be
+properly escaped before being passed to the shell.
+
+## Instance validating schema
+
+The resource generates its schema dynamically at runtime by running
+`sshdconfig schema -s windows-global`. The following snippet shows the effective schema that
+validates an instance of the resource.
+
+```json
+{
+  "type": "object",
+  "properties": {
+    "shell": {
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "cmdOption": {
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "escapeArguments": {
+      "type": [
+        "boolean",
+        "null"
+      ]
+    }
+  }
+}
+```
+
+## Exit codes
+
+The resource returns the following exit codes from operations:
+
+- [0](#exit-code-0) - Success
+- [1](#exit-code-1) - Invalid parameter
+
+### Exit code 0
+
+Indicates the resource operation completed without errors.
+
+### Exit code 1
+
+Indicates the resource operation failed due to an invalid parameter. When the resource returns this
+exit code, it also emits an error message with details about the invalid parameter.
+
+## See also
+
+- [Microsoft.DSC/PowerShell resource][02]
+- For more information about OpenSSH, see [OpenSSH Documentation][03]
+
+<!-- Link definitions -->
+[00]: ../../../../../concepts/resources/capabilities.md
+[01]: ./examples/configure-default-shell-powershell.md
+[02]: ../../../DSC/PowerShell/index.md
+[03]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview
diff --git a/...ces/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md b/...ces/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
@@ -0,0 +1,81 @@
+---
+description: >
+  Example showing how to use Microsoft.OpenSSH.SSHD/sshd_config to export current SSH server
+  configuration settings.
+ms.date: 05/07/2026
+ms.topic: reference
+title: Export OpenSSH SSH server configuration
+---
+
+# Export OpenSSH SSH server configuration
+
+This example demonstrates how to use the `Microsoft.OpenSSH.SSHD/sshd_config` resource with the
+[dsc resource export][00] command to retrieve all current SSH server configuration settings as a
+DSC configuration document that you can save and re-apply later.
+
+> [!NOTE]
+> You should run this example in an elevated context (as Administrator on Windows, or with `sudo`
+> on Linux) to ensure the SSH server configuration can be read successfully.
+
+## Export the current SSH server configuration
+
+Run the following command to export the current `sshd_config` settings:
+
+```powershell
+dsc resource export --resource Microsoft.OpenSSH.SSHD/sshd_config
+```
+
+DSC returns a configuration document with one resource instance per exported setting. The output
+looks similar to the following, where the exact properties and values reflect what is currently
+configured on the system:
+
+```yaml
+$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+resources:
+- name: Microsoft.OpenSSH.SSHD/sshd_config[0]
+  type: Microsoft.OpenSSH.SSHD/sshd_config
+  properties:
+    port: '22'
+    addressfamily: any
+    listenaddress: '0.0.0.0'
+    syslogfacility: AUTH
+    loglevel: INFO
+    logingracetime: 120
+    strictmodes: 'yes'
+    maxauthtries: 6
+    pubkeyauthentication: 'yes'
+    authorizedkeysfile: .ssh/authorized_keys
+    passwordauthentication: 'no'
+    permitemptypasswords: 'no'
+    challengeresponseauthentication: 'no'
+    kerberosauthentication: 'no'
+    gssapiauthentication: 'no'
+    usepam: 'yes'
+    x11forwarding: 'no'
+    printmotd: 'no'
+    acceptenv: LANG LC_*
+    subsystem: sftp /usr/lib/openssh/sftp-server
+```
+
+> [!NOTE]
+> The output is truncated in this example. The actual output includes all effective
+> `sshd_config` directives for your system, including defaults inherited from OpenSSH.
+
+## Save the export to a configuration file
+
+You can pipe the export output to a file to create a backup of your current SSH server
+configuration:
+
+```powershell
+dsc resource export --resource Microsoft.OpenSSH.SSHD/sshd_config > sshd_backup.dsc.config.yaml
+```
+
+To re-apply the saved configuration to a system, use the [dsc config set][01] command:
+
+```powershell
+dsc config set --document sshd_backup.dsc.config.yaml
+```
+
+<!-- Link reference definitions -->
+[00]: ../../../../../../cli/resource/export.md
+[01]: ../../../../../../cli/config/set.md