The Puppet Labs Issue Tracker has Moved:

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using See the following page for information on filing tickets with JIRA:

Feature #8268

Basic Puppet agent support on Windows

Added by Jacob Helwig almost 5 years ago. Updated about 4 years ago.

Status:ClosedStart date:03/18/2011
Priority:HighDue date:
Assignee:Jason McKerr% Done:


Category:windowsEstimated time:400.00 hours
Target version:-
Affected Puppet version: Branch:

We've Moved!

Ticket tracking is now hosted in JIRA:


Target Platforms:

We’re targeting Win2003 R2 and Win2008 R2 Servers.

Core Features:

  • Full agent support talking to a master
  • File resource, owner, group, some form of ACL/mode support
  • Local User management
  • Local Group management
  • Task scheduling via Windows scheduler (new type, not as a provider for the cron type)
  • MSI package provider support without a central repository/WSUS.
  • Service management (no DACLs, just ensure/enable as per other providers)
  • Exec support via WinRM (and/or Powershell, depending upon initial tech evaluation)

Secondary, Optional Features:

  • Registry management (e.g. inserting installer license keys)
  • Package installation via .exe installers

Explicitly out of scope Features:

  • Puppet master support on Windows
  • Group Policy
  • Active Directory Support
  • Network interfaces


Feature #8272: Windows Services ManagementClosedCameron Thomas

Bug #8349: Cannot install puppet on Windows using the default optionsRejected

Bug #8356: Default value of :color should be false on WindowsClosedJosh Cooper

Refactor #8392: Confine master tests to not run on WindowsClosedJacob Helwig

Feature #8408: Local user provider for WindowsClosedNick Lewis

Feature #8409: Local group provider for WindowsClosedNick Lewis

Feature #8410: Exec provider for WindowsClosedJosh Cooper

Feature #8411: File type working on WindowsClosedJosh Cooper

Feature #8412: MSI package provider for WindowsClosedJacob Helwig

Feature #8413: Ability to run Puppet as an agent on WindowsClosedNick Lewis

Feature #8414: Task scheduler type/provider for WindowsClosedJacob Helwig

Bug #8444: Cacher not robust enough on WindowsClosedNick Lewis

Bug #8489: Puppet does not consistently use File::PATH_SEPARATORClosedNick Lewis

Feature #8644: Host provider on WindowsClosedJosh Cooper

Bug #8651: Indirector does not handle windows pathsClosedJacob Helwig

Bug #8658: The file source parameter does not accept Windows pathsClosedJacob Helwig

Bug #8660: Puppet and facter install should have reasonable defaults...ClosedJosh Cooper

Bug #8662: Puppet.features.root? always returns true on WindowsClosedJosh Cooper

Bug #8663: Get spec tests running on WindowsClosedJosh Cooper

Refactor #6776: MS windows should have it's own exec providerDuplicate

Bug #6773: Install Script Fails; needs good default configdir for MS...Duplicate

Refactor #9174: Improve puppet installer error message on WindowsClosedNick Lewis

Bug #9186: Windows file security supportClosedJosh Cooper

Bug #9189: File provider on WindowsDuplicate

Bug #9190: Windows documentationDuplicateNick Fagerlund

Bug #9191: Windows package/zip fileClosedMichael Stahnke

Bug #9326: Password management on windowsClosedCameron Thomas

Bug #9328: Retrieve user and group SIDs on windowsClosedCameron Thomas

Bug #9329: Puppet agent daemonize option doesn't work on WindowsClosedJosh Cooper

Bug #9435: Log destinations are broken on WindowsClosedJosh Cooper

Bug #9458: Puppet fails to run when no subcommand specifiedClosedJosh Cooper

Bug #9459: Puppet fails to create user when groups are specifiedClosedCameron Thomas

Bug #9460: Puppet agent fails if the PuppetLabs/puppet directory doe...RejectedCameron Thomas

Bug #9461: Puppet resource package fails on WindowsClosedJosh Cooper

Bug #9607: MSI provider fails to enumerate instancesClosedJosh Cooper

Bug #9831: Unify windows provider confinesClosedJacob Helwig

Bug #9636: unless and onlyif do not appear to behave as they should ...ClosedJosh Cooper

Bug #9938: Add support for sticky directoriesClosedJosh Cooper

Bug #9983: Files should be opened in binary modeClosedJosh Cooper

Bug #10299: Puppet.features.root? doesn't return true when running un...ClosedJosh Cooper

Bug #10417: No diff command on WindowsClosed

Bug #10586: Windows puppet cannot source files remotely if owner and ...ClosedJosh Cooper

Bug #10614: Should not manage or source metadata from files on non-NT...ClosedJosh Cooper

Bug #11408: Windows fact and pluginsync are brokenClosedJosh Cooper

Bug #11469: Puppet Windows UAC issuesClosed

Bug #11452: Windows: Can't find msiexec.exe even though it's thereClosedMark Plaksin

Bug #11740: Puppet sometimes reports 'The handle is invalid'ClosedJosh Cooper

Bug #11929: Cannot serve local binary files on WindowsClosedJosh Cooper

Bug #11930: Must use forward slashes when specifying a local modulepa...ClosedJosh Cooper

Refactor #11955: Refactor uses of Puppet::Util.binreadClosedJosh Cooper

Related issues

Related to Puppet - Bug #7581: Misleading error message when required gems for Windows n... Closed 05/18/2011
Related to Facter - Feature #8322: Facter should return as much info as Windows SystemInfo Accepted 07/08/2011
Related to Puppet - Bug #8650: Refactor path validation Duplicate 07/27/2011
Related to Puppet - Bug #8654: Path-like parameters should extend Parameter::Path Accepted 07/27/2011
Related to Puppet - Feature #8657: Support Windows UNC paths Closed 07/27/2011
Related to Puppet - Bug #9833: Improve password validation on Windows Accepted 09/30/2011
Related to Puppet - Bug #12403: Windows agents should log to a file by default Closed 02/02/2012
Duplicated by Puppet - Bug #6693: Windows Error message: Could not create resources for man... Duplicate 03/13/2011


#1 Updated by Josh Cooper almost 5 years ago

From meeting July 8th

Action Items:

  • Team to provide Jason with machine specifications for running Windows Server 2008 R2
  • Nigel to verify that 2003 support is out of scope


  • Customers will be required to install ruby 1.8.7 and necessary gems prior to installing puppet.
  • We will try to avoid dependencies on native code, but if we end up using a gem that contains native code, customers will be required to install the RubyInstaller development kit to compile the native code.
  • Puppet installation can consist of ruby/batch scripts, delivered in a zip file.
  • ACL support will be limited to simple use cases, e.g. make this directory, all subdirectories and file, look like “this”. We will not support adding or removing specific types of access control entries from the list.
  • We expect puppet will need to install MSI packages from a network share, e.g. UNC paths or mapped drives.
  • We expect puppet will be deployed in a Windows workgroup environment.

Out of scope:

  • Running puppet agent as a windows service
  • Delivering executable puppet installer (MSI, Wise, etc) nor as a gem
  • Windows event log destination
  • Support for 2003
  • Support for domain-joined servers

#2 Updated by Josh Cooper almost 5 years ago

Per email thread from July 12th, Windows Server 2003 R2 is in scope.

#3 Updated by Josh Cooper almost 5 years ago

Change R3 to R2

#4 Updated by Josh Cooper almost 5 years ago

  • Description updated (diff)

Changed 2003 to 2003R2 to match “public” ticket and previous discussions

#5 Updated by Josh Cooper over 4 years ago

From meeting 9/1:

Action Items:

  • UNC support. Jacob will see if the msi package provider can install from UNC, Nick will check if path validation handles UNC
  • User type/provider needs to support windows passwords (see below)


  • Need to support managing passwords. For now this means cleartext passwords, though the team will investigate other options
  • No SMB mount provider
  • No MSI installer for puppet agent itself
  • No native support for running puppet agent as a service (daemonized), though we will ensure the agent can run as an agent, and will provide instructions on how users can install and configure using third party service wrapper programs, nssm
  • Not all DACL combinations will be supported, e.g. deny access control entries

#6 Updated by Josh Cooper over 4 years ago

  • Category set to windows

Whenever we next make a public announcement about our Windows support no longer being “preliminary”, we should update this accordingly

#7 Updated by James Turnbull over 4 years ago

Updates to Wikipedia done.

#8 Updated by Jacob Helwig over 4 years ago

  • Assignee changed from Jacob Helwig to Jason McKerr

#9 Updated by Josh Cooper about 4 years ago

  • Status changed from Accepted to Closed

All of the core features for FOSS Puppet have been implemented in the 2.7.x branch. Closing this high-level ticket.

Also available in: Atom PDF