BreadcrumbHomeResourcesBlog Windows Configuration Management: Tools, Options + How To Do Configuration Management On Windows June 27, 2021 Windows Configuration Management: Tools, Options + How to Do Configuration Management on WindowsConfiguration ManagementWindowsInstalling software and managing services across multiple Windows machines can be a nightmare — if done manually. Thankfully, Puppet can automatically install and update Windows software and ensure services are configured correctly across multiple machines in your infrastructure.Table of Contents:Windows Configuration Management ToolsExamples of Windows Configuration ManagementHow to Do Windows Configuration Management in PuppetWindows Configuration Management ToolsThere are multiple ways to do configuration management on Windows, including Microsoft System Center Configuration Manager (SCCM), which is a proprietary Windows product, and other IT automation and configuration management solutions like Puppet.Examples of Windows configuration management tools include:Microsoft SCCM: SCCM is a Windows product that allows IT to deploy, update, manage, and configure systems on Windows.PowerShell Desired State Configuration (DSC): This feature in PowerShell enables automation of Windows and Linux OS configurations.Puppet: Puppet automation for Windows powers Windows configuration management with infrastructure as code.Chef: Chef can automate system configurations on Windows servers.Ansible: Ansible's WinRM protocol allows IT to automate tasks that can help them manage Windows systems.Configuration management is a pretty important part of managing infrastructure. A configuration management tool monitors for changes to your systems and hardware, detects deviations from your desired state, and corrects them. Some configuration management tools can even correct deviations automatically. That's especially helpful for systems running on Windows.On Windows, configuration management can be a bit of a bear. Tools like SCCM exist in the proprietary space, but other solutions for Windows configuration management have popped up. Chocolatey is one of the most popular package management tools for Windows (Puppet also integrates smoothly with Chocolatey).The point is that sysadmins and other IT professionals have several options for doing configuration management on Windows. Picking the right one for your organization's IT will depend on the scale, complexity, and needs of your infrastructure.Related ▶️: How Puppet Supports DevOps Workflows in the Windows EcosystemRelated 📄: Puppet on WindowsExamples of Windows Configuration ManagementOn Windows, configuration management tools can be used to deploy software, apply patches, manage users, backup data, standardize configurations, and more.As mentioned, configuration management can be difficult on Windows compared to *nix environments. But it's still possible, and configuration management can help you control and maintain your Windows environment and meet your internal requirements.Here are some examples what you can do with Windows configuration management:Deploy softwareApply and manage patchesStandardize configurationsEnforce configurations in compliance with industry regulationsManage users, groups, and permissionsMonitor and report on performanceHarden system securityProvision new servers and workstationsBackup and restore data and configurationsHow to Do Windows Configuration Management in PuppetThere are two ways to automatically install Windows applications using Puppet:Run a simple software install through PuppetHave Puppet use Chocolatey to install softwareIn this example, we’ll have Puppet install some software using Chocolatey.The process is simple and can be done through the Puppet dashboard, an easy-to-learn GUI. In this example, we’ve already set up a group of Windows servers with Puppet agents installed, and we've installed and configured Chocolatey.Installing Software on Windows with Puppet and ChocolateyFirst, launch Puppet and create a group for your Windows servers. Groups define the requirements for server membership, and in this instance, we’ll choose Windows machines. Next, we'll use some Puppet facts for Windows to filter out the machines we don't need. I'll use osfamily = windows in order to make sure all of my Windows nodes receive the classification that I'm going to apply.Once we’ve selected the type of machines we’ll be addressing, we can apply a class to them that will tell Puppet to run the software installation. We’re using the Chocolatey class, which defines our software installation. Once we apply that class to the machines in our group, we can trigger a Puppet run and our software will be installed silently in the background.With Windows you usually run a simple command from PowerShell or the command line when you're trying to apply these package changes. Puppet, however, lets you specify and bundle all the packages that you would like to see in your Windows system. In this case we're actually going to be managing Notepad++, Firefox, Google Chrome and a plugin.Let’s look at the Puppet code behind the Chocolatey class to see how it works:class tse_windows::choco { package { ‘notepadplusplus’: ensure => latest, provider => ‘chocolatey’, } package { ‘firefox’: ensure => latest, provider => ‘chocolatey’, } package { ‘flashplayerplugin’: ensure => latest, provider => ‘chocolatey’, } package { ‘googlechrome’: ensure => latest, provider => ‘chocolatey’, } }The Puppet code specifies the Chocolatey package. If you need to change any of it, you only do it once in Puppet and the changes will be applied across your entire infrastructure when Puppet runs.Managing Windows Services in PuppetMonitoring and managing services can be tedious in a large Windows environment. With Puppet, you can interrogate systems to see how resources are being used and managed. In this example we’ll examine the automatic update service, called wuauserv in Puppet.Currently the service is stopped, but that can easily be changed in the Puppet code. It’s just a simple matter of changing the enabled parameter to true.service { ‘wuauserv’: ensure => ‘running’, enable => ‘false’, } service { ‘wuauserv’: ensure => ‘running’, enable => ‘true’, }When we run Puppet, the change will be made on one machine in our group, however the number of machines doesn’t matter — the same code can be used to update 1,000 machines or more.WSUS and PuppetPuppet can easily manage Windows patching and hot fixes in a Windows environment. This diagram shows how you can use Puppet to move a patch from development to testing to production.And this is the sample code:class { “wsus_client’: server_url => “http://myserver:8530’, auto_update_option => “Scheduled”, scheduled_install_day => “Tuesday”, scheduled_install_hour => 2, }With Puppet you can schedule the install date and the time to avoid interruptions or disruptions to the flow of your business.START MY TRIALLearn MoreHow to use Puppet for Oracle configuration managementRead about the challenges of container configurationHow to install Hyper-V on WindowsHow Red Hat Satellite + Puppet can coexist in support of configuration management This blog was originally published on September 27, 2016 and has since been updated for accuracy and relevance.