homeuse caseswindows infrastructure automation

Automate and orchestrate Microsoft Windows with Puppet

Without automation, configuring and hardening Windows infrastructure can mean tons of manual work for your IT Ops and InfoSec teams. Ensure compliance and harden the security of your Windows infrastructure with the latest DevOps best practices.
puppet docs enterprise

Modernize Windows infrastructure with Puppet

Manage mission critical workloads today, and easily scale with the technology of tomorrow using a DevOps centric approach. As an end-to-end solution for managing infrastructure-as-code, Puppet eliminates the manual workflows and silos between teams by automating the infrastructure your business depends on (aka the mission critical stuff) securely, and at scale.

puppet docs enterprise
Puppet Forge marquee of an employee observing a laptop
Puppet Forge marquee of an employee observing a laptop

Standardize your environment

With Puppet, you get the added benefit of using the same tools across your organization no matter the operating system and regardless of whether it’s on-prem or in the cloud. Use Puppet to automate and ensure the desired state of your infrastructure, stay compliant and harden baseline configurations.

  • Go beyond golden images and embrace infrastructure-as-code for server configurations, reduced provisioning times, and empower operators to self-serve.
  • Accelerate with shared content from the Puppet Forge to easily configure and manage on prem and/or cloud resources.
  • Leverage your existing automation investment and orchestrate scripts in any language or use pre-existing Puppet code to accelerate your digital transformation.

View the full query on Puppet Forge

Hello world example using Relay

Easier Migration to Microsoft Azure

Simplify the automation of new machines in Azure with Terraform and Puppet. Puppet provides visibility across on-prem and cloud resources offering greater insight into your infrastructure under management.

  • Move to Azure by simply redeploying your on-prem workloads using the same Puppet configurations on Azure
  • Automate the entire lifecycle of your Azure infrastructure, by integrating Puppet with tools like ServiceNow and Terraform
  • Streamline management of compute, storage and network (see Relay by Puppet) resources and efficiently scale workflows across heterogeneous environments.
Hello world example using Relay
M marquee windows
M marquee windows

Simplified Patch Management

Keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching workflow. Review available patches across your infrastructure with immediate reporting on patch success or failure.

  • Harden baseline Windows configurations and automate how servers remain patched, updated, and compliant with regulatory standards while eliminating drift
  • Ensure consistency with Windows Server Update Service (WSUS). Configure client nodes to control update policies and schedule updates.
  • Integrate with Chocolatey to deploy, manage and update application updates and versions.
usecase windows secure

Ensure security and compliance

Automate how your servers remain patched, updated and compliant with regulatory standards like PCI, SOX, CIS, STIG. Easily audit your infrastructure with insights into reporting specifics such as: number of systems, configuration details and specific security requirements, and do it all from one tool.

  • Define, build and deploy policies for Windows systems that can be applied on prem on in your Azure
  • Enforce ideal-state configuration and stay compliant while monitoring and remediating drift with ease
  • Prove compliance and easily audit your infrastructure, with specifics like reporting on the number of systems, how they’re configured and which configurations fulfill security requirements
usecase windows secure

Supercharge your toolchain

With an infrastructure-as-code approach, get more extensibility and insight into your infrastructure under management. Together with native tools like GPO, PowerShell, SCCM and VS Code you gain a modernized way to manage infrastructure without needing to change your current work style.


Use Puppet to describe infrastructure-as-code at scale and make it easier to port workloads between Azure and your on-prem environment.


Use Puppet to reuse code at scale and control change collaboratively with centralized tasks. The new DSC PowerShell Builder gives Puppet users access to all the automation DSC provides without leaving the Puppet ecosystem. Learn more.


Use Puppet for Day 2 and ongoing management, enforce the desired state and eliminate drift.


Use Puppet to extend visibility of configuration and security policy across teams with version controlled changes, impact analysis and role based access controls to review and deploy changes across your environments.

Puppet Extension for VS Code

Full support for Puppet’s DSL, IntelliSense (which helps guide the user to ensure the commands are correct), linting, and error checking all in a familiar UI.
Learn more.

Empowering our customers to succeed

Transurban achieves DevOps self-service with multiple tools and OSs

Transurban is living and breathing self-service DevOps — they’ve adopted Puppet Enterprise, VMware vRealize, and ServiceNow along with other tools to enable self-service infrastructure provisioning and administration.

Walmart integrates Windows servers into their infrastructure

DevOps engineers at Walmart integrate Windows servers into their mix and maintain configurations and compliance at scale with Puppet Enterprise.

Start automating your Windows infrastructure with Puppet

Many of your Windows scripts can be automated with Bolt, Puppet’s open-source task orchestrator. For specific use cases, you won’t have to start from scratch — learn from other Windows DevOps experts who contribute modules to the Puppet Forge.

Move workloads to Azure

Use Puppet and Terraform to enable Puppet Enterprise agents to be deployed on newly provisioned virtual machines in only a few lines of code. This capability helps simplify the cloud migration process and allows you to begin deploying fully configured workloads to Azure much faster.

Automate packaging and distribution powered by Puppet & Chocolatey

Use Chocolatey to manage packages and software while standardizing on Puppet to guarantee the desired state across your machines while automatically handling configuration drift.

Orchestrate and scale PowerShell scripts with Bolt

Get started with infrastructure configuration and delivery automation by converting existing scripts with Bolt.

Orchestrate custom, complex workflows

Take Tasks further by orchestrating custom workflows (called Plans) to better configure a compliant, secure Windows infrastructure.

Accelerate additional use cases via Puppet Forge

Use proven Puppet Forge modules to deploy and configure your Windows servers (IIS, DSC, Chocolatey, SQL, and WSUS).

Automate with ideal-state and ad-hoc tasks in mind

Leverage Puppet and SCCM to accelerate workflows. Use SCCM to deploy and Puppet to enforce ideal-state configuration.

Integrate continuous delivery to infrastructure

Orchestrate continuous delivery pipelines and workflows, test changes to Windows servers, and see changes before you deploy with Puppet Enterprise.

Windows Services

windows logo lg
    • Group Policy Migration Service – Track Windows configurations in a centralized location while making changes to their Windows infrastructure more efficiently.


    • Chocolatey Setup & Deployment Service – Efficiently deploy and make changes to Windows software at scale, accelerate the speed of your Windows deployments and support the expansion of automation across your organization.


  • Patch Management – Create a standardized, automated and scalable patching workflow.
windows logo lg

Keep your Windows infrastructure compliant and secure

Ensure your Windows and Azure configuration compliance meet internal security standards with a combination of Puppet Enterprise, Bolt, and our library of Forge modules. Empower your DevOps teams with the best of both continuous configuration drift remediation and ad-hoc task orchestration.