I’m in the process of setting up a environment in my homelab and am currently managing a couple of my windows servers via the puppet agent and have begun to work on fact collection scripts.
I have a couple of questions specific to windows.
Is puppet ideal for managing windows hosts?
can you overwrite default puppet generated facter values with ones from am external fact if it has the same name? I’d like to set a more friendly name for Windows 10 client and server to better distinguish the two.
How can remote execution be
achieved for windows hosts? I found a post referencing an ansible WinRM package, would this be the ideal way to go, and if so would it cause any conflict with the puppet agent or require a local install on the target hosts?
does remote execution against windows hosts support native powershell commands, batch or does it need to be wrapped in puppet or ansible code?
You can use remote execution via ssh by enabling ssh on your windows host, you can use winrm via Ansible.
If you use just the free input-remote-execution via SSH it is performed via CMD and from there you could trigger powershell as well or you wrap it in Ansible code.
Regarding puppet vs Ansible: puppet can be used to configure Windows servers as well as Ansible - I think it is more a thing of preference and depends on what you want to configure or manage
Thank you, I’ll take a look into Ansible’s WinRM feature.
I’ve not heard of enabling SSH on Windows servers before, do you happen to have an idea of how common this is in enterprise environments and whether there’s any major caveats or security drawbacks to doing so? I do worry if it’s an uncommon or rare configuration, that it could potentially have vulnerabilities which go unresolved for longer periods of time then more commonly used features. (mind you, port 22 would only be accessible to systems within the same subnet and select systems allowed via network firewall policy)
Since Windows Server 2019 the ssh-feature is already there and can be enabled.
Since Windows Server 2016 (Windows 10-Kernel) you can use ssh.
But I cannot tell you how common this is because I rarely work with windows servers but from a security perspective it should be the same procedure like you use for Linux-servers (firewall-settings, ssh-config, etc.)
