April 1, 2021

Top Questions and Answers for Puppet on Windows


Whether you’re a current customer looking to expand across your Windows estate, or thinking of deploying Puppet across your infrastructure for the first time, we hope this blog post — based on real-world customer questions and problems — can help answer some of the questions you may have about Puppet.

Back to top

Why Puppet on Windows?

Cross-functionality is critical, no matter what kind of operating system you are working with. It's important that you understand how deployments will differ and will work with, not against, systems that your organization already uses.  

Back to top

Puppet on Windows FAQ

Chances are, the choice to use Windows as your organization's operating system has already been well-decided. Which is where our first real question comes in to play:

Q1: Does Puppet run on Windows?

A: Absolutely! Over 2.2 million Windows servers across the world are managed with Puppet.

Puppet Enterprise (PE) introduced Windows support in 2011, and we have been developing and expanding our Windows capabilities ever since. For the most part, interacting with Puppet is the same regardless of your operating system, but there are some differences in the way that you interact with Puppet and which products you may integrate with Puppet. We’ll cover some of these differences throughout this post.

Q2: Can Puppet Server be installed on a Windows machine?

A: Puppet Server cannot be installed on a traditional Windows machine. Instead, you install agents on your Windows node (desktop, server, virtual machine etc) and manage it with a Linux machine. You can operate this Linux machine remotely from your Windows machine.

Q3: If I want to manage Windows servers with Puppet, which training should I take?

A: We have a Getting Started with Puppet class, where you choose whether you want to take the class on a Windows or Linux machine. If you opt for Windows, the course provides Visual Studio (VS) Code and Puppet Development Kit (PDK) tooling for you to work with, and we have Windows examples for every exercise. Several members of our Windows development team have taken this course.

Q4: Does Puppet complement or compete with SCCM on Windows? Why would I need Puppet if I already use SCCM?

A: Puppet Enterprise (PE) and Microsoft’s SCCM (System Center Configuration Manager) share similar concepts. In some respects they compete, but on the whole they are complementary tools.

Using the two tools in conjunction creates a complementary toolchain to fully manage the lifecycle of desktops, servers, and virtual machines. PE provides an imperative (work-flow based) and declarative (model-based), infrastructure-as-code approach to managing infrastructure, and enables foundational DevOps practices such as peer review, version control, sharing implementations, and continuous delivery. SCCM complements PE’s continuous infrastructure management by providing initial cloud provisioning of the Windows operating system. In successful deployments, SCCM installs and configures an operating system enough to hand off to Puppet, which then brings the new system into the desired state for its intended role.

👀 Seen Enough?

You can try Puppet Enterprise for free, right now.


A graphic image of the Puppet logo a beaker. Text reads: Puppet Enterprise - Get Puppet Enterprise for free to try out on up to 10 nodes. Download the trial >

Whatever your use case, we like to meet you where you are. The key problems we encounter with SCCM are when it hasn't been maintained, and you end up with generations of SCCM scripts in various implementation languages that become unwieldy and unmaintainable. This can be a massive overhead to manage and a problematic service to integrate with Puppet. Replacing this with Puppet can help bring these under control. Alternatively, a well managed SCCM is a great tool for Puppet to leverage and complement.

Related >> How Puppet can help now that SCCM for Linux and UNIX is EOL

Q5: Why would I need Puppet if I already use PowerShell DSC?

A: Like Microsoft, we also believe that a declarative language is highly advantageous — it is both repeatable and consumable. Puppet shares these same qualities, and we also bake it into a tried-and-true distribution platform. Just like all modules on the Puppet Forge, the DSC modules let you declare DSC Resources in your Puppetfile and then use them in your code base. Puppet then takes care of all the details — deployment, running DSC and reporting on changes.

Puppet provides you with the mechanism to encapsulate DSC in a reusable language, providing automated deployment and application at scale. Even better, it's the only solution on the market that gives you property-by-property change reporting — enhancing what DSC already gives you. Also, when you use these modules with the Puppet VSCode extension, you get a strongly typed parameter autocomplete. More on the VSCode extension in Question 8.

Q6: How can I use Puppet to automate Windows patching?

A: With the release of Puppet Enterprise 2019.8, Puppet provides pre-built automation content for patching systems. You can review available patches across your Windows nodes, apply the patches, and report on the patch success or failure to ensure your systems are back to a healthy state. You’ll also get visibility into all of the patches across your estate, regardless of operating system. This allows you to use one tool to apply your patches.

You can also manage patch baselines directly in WSUS. Our WSUS client module can configure your machines and receive updates, and then you can use our patching workflow to orchestrate the patching execution. To attach Puppet to a Windows box running WSUS, install the Puppet agent using native PowerShell commands from a primary Puppet server as a source repository or as a native package using Chocolatey. To get started with the WSUS module, see the WSUS client module on the Forge.

If you’re looking to improve your Windows patching processes or want some extra guidance, take a look at our new patching service. A Puppet expert will work with your team to implement a standardized workflow.

Q7: How does Puppet compare to other configuration management tools for Windows?

A: At Puppet, the Windows agent, the Windows Remote Management protocol, and core resources are first class citizens in terms of development and support. All our core Puppet features work and we are always looking for opportunities to update, extend and improve. We also integrate with key technologies such as the Windows DSC, and Windows applications and tools such as SQL Server, Chocolatey and Visual Studio Code.

Q8: How do I create Puppet content for Windows?

A: Content is a huge part of the Puppet experience. Puppet provides a Puppet Development Kit (PDK) to set up your own development environment. With this comes integrated testing tools and a command line interface to help you develop, validate, and test high quality modules.

Puppet also works with some of the most popular text editors, such as Visual Studio Code and vim, and even has its own VS Code extension. The extension provides rich support for the Puppet language, complete with intellisense, autocompletion, inline documentation, code navigation, integration with PDK to automate creating content, and much more! To see a full list of features and to get started, see the documentation.

Q9: How can I use Puppet to install and manage applications on Windows?

A: In the same way that you manage any other operating system. Puppet is agnostic to the platform and supports Windows fully with the same code that you use on Linux or any cloud platform. We natively support EXE and MSI-based software packages and also have a package manager for Chocolatey. Package Inspector in Puppet Enterprise also natively works with the software in “Add/Remove Programs.” For more information on the packages that you can manage, see our packages documentation.

Q10: What orchestration capabilities does Puppet have?

A:Bolt, our open source orchestration tool, provides workflow orchestration that can be used stand-alone or in Puppet Enterprise (PE) with the PE orchestrator service, enabling API-driven orchestration. We can orchestrate this automation against anything, including SSH, native cloud APIs, Windows remote management and PE Task Management. To get started, we recommend giving our step-by-step Bolt lab a try.

Q11: Can I get the status of the installation programmatically from Puppet?

A: Yes — use the Puppet API provided by the Puppet Enterprise (PE) console service to query the state of Puppet runs, and then use the package inventory to query the packages on the hosts. All other resources can be executed through Puppet Tasks and Plans to return ad hoc data outside of the Puppet catalog, classified for the nodes in question. PuppetDB provides the completed data.

Back to top

Further Info About Puppet on Windows

We hope this has helped answer some of your questions. If you don’t see yours here, please reach out to your Puppet representative.

Try Puppet Enterprise for Free

Back to top