21

Does windows have an equivalent to puppet/chef for configuration management?

Blankman
  • 2,841
  • 10
  • 38
  • 65

6 Answers6

14

I wouldn't call it equivalent, Microsoft's SCCM (Systems Center Configuration Manager) is aimed at the same goal - managing configuration of multiple systems. This is the tool that most Windows sites use. (http://www.microsoft.com/systemcenter/en/us/configuration-manager/cm-overview.aspx)

Matthew
  • 156
  • 3
9

A declarative configuration management tool written in Ruby? Well, not really, but sort of:

  • 2
    +1; do not forget cfengine. Now it supports windows natively, but the windows port is not free (people using windows are already used to paying for software anyway). – natxo asenjo Apr 08 '11 at 11:40
  • The windows support is only usable to write something into templates and to ship files into the file system via the puppet means - it's not useable for anything else because there is a fundamental mismatch between what puppet is supposed to do and what the windows platform offers. – pfo Apr 12 '11 at 20:10
7

Group Policy. (No, I'm not trolling...)

The exact purpose of Group policy is to define forest/domain (organizational) policies for computers' settings. It's built-in, well-supported, and definitive. If the user doesn't have admin access to their local machine, they won't be able to change the setting. If they are, their changes will revert to policy the next time that the machine checks into the DC (every [90 minutes + 0-30 minutes] by default)

If versioning / diff-ing of your policies is important to you, see my comment below for how to get that data, and then check in your changes via source control. It may even be worthwhile to set up a scheduled task to periodically do this automatically (in case somebody forgets.)

gWaldo
  • 11,887
  • 8
  • 41
  • 68
  • 4
    But there's no version control in Group Policy. You can't do svn log or svn diff to keep up with changes happening to your infrastructure. You can't revert, branch or merge. Everything I do lives in source control, except for the Windows infrastructure. I'm seriously contemplating writing (version controlled) PowerShell code and config files that manage Group Policy. – Alex Holst Apr 12 '11 at 21:11
  • That had never been identified as a need, but your point that there is a call for versioning is valid. No, there is no built-in versioning, but it is trivial to export (http://serverfault.com/questions/45211/how-can-i-export-all-group-policies-to-a-easily-parseable-format/45223#45223) or report (http://serverfault.com/questions/45211/how-can-i-export-all-group-policies-to-a-easily-parseable-format/45499#45499) on all policies. – gWaldo Apr 13 '11 at 15:21
  • 2
    @Alex Group Policy does support version control with the Microsoft add-on [MDOP:AGPM](http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/mdop/agpm.aspx). Unfortunately it's only available to Software Assurance Licensees currently. – Chris S Feb 04 '13 at 15:23
  • Despite providing this answer, I strongly prefer Chef over Group Policy. If I really wanted to be twisted, I'd use GP to install Chef and nothing more. – gWaldo Nov 01 '14 at 22:54
1

Chef supports Windows (for quite some time.)

gWaldo
  • 11,887
  • 8
  • 41
  • 68
  • Indeed it does... Chef and Microsoft have been collaborating for quite a while and there is good support for Microsoft features in Chef... there is even integration between Chef and DSC. Full disclosure, I recently became a Chef employee but I've used the Windows functionality in a previous job. – Tricky May 25 '16 at 14:45
  • Chef Server doesn't support windows though. – Ricardo Rodrigues Jun 17 '16 at 10:30
  • Chef supports windows, full stop. You must run the Chef Server on a Linux server. But that doesn't seem relevant to the original question. – gWaldo Jun 19 '16 at 21:27
0

Puppet certainly supports Windows and quite well. Where it has shortfalls, PowerShell does the work, and you fire it with Puppet and store all the infrastructure code in Git/SVN/etc. I'm onsite at a customer automating the Windows environment with Puppet now. Search for "windows" at forge.puppetlabs.com

Jerald
  • 1
0

Most are ignoring a lot of Microsoft Technologies used for "Infrastructure as Code" PowerShell, Desired State Configuration, CIM, WMI, Group Policy, SMA, Orchestrator, OneGet, etc.

Puppet and Chef are absolutely not ready to replace SCCM in Microsoft Enterprises, I will rather use PowerShell and Group Policy instead of SCCM then use Puppet instead of SCCM.

Microsoft is fighting it's way back into the DevOps and Continuous Delivery world, And it's doing that with great success, Have a look at DSC, it`s just fantastic! and not only for MS products, Because MS uses CIM, WS-MAN and MOF standardization, this will make Microsoft a big competitor again.

Sven
  • 97,248
  • 13
  • 177
  • 225
user273015
  • 11
  • 1
    This sounds like fanboy rambling, not a valid answer based on facts and experience. – Sven Feb 24 '15 at 13:29
  • I Had a session with a PUPPET consultant, he confirmed that they are not ready to implement Puppet for a MS stack the way SCCM is used now in our company (our company uses Puppet for the Linux stack). Check the Puppet Website, it will show you that the way Puppet is suited for Windows is by using it in combination with DSC, it sounds more like you have something against MS. – user273015 Feb 24 '15 at 14:10
  • Also, Puppet is limited to the configuration layer only and does not descend as low as provisioning. – user273015 Feb 24 '15 at 14:43
  • Read the (now closed) question: It is "what is an alternative to Puppet on Windows", not "Can Chef do Windows?". Stating that products X, Y and Z fit that bill would answer the question, but the whole blabber about how MS is ignored and the tools are great and will make MS strong again, that's the fanboy rambling I talk about. It's just useless noise. – Sven Feb 24 '15 at 14:56