Created
October 22, 2015 17:17
-
-
Save natemccurdy/1298e0f9f8660c8108b4 to your computer and use it in GitHub Desktop.
Puppet profiles for managing basic Windows settings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This will disable the windows firewall | |
| # | |
| # Requires: puppetlabs/registry | |
| # | |
| class profile::windows::disable_firewall { | |
| registry::value { 'Disable DomainProfile firewall': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile', | |
| value => 'EnableFirewall', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| registry::value { 'Disable PublicProfile firewall': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile', | |
| value => 'EnableFirewall', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| registry::value { 'Disable StandardProfile firewall': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile', | |
| value => 'EnableFirewall', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This will disable Internet Explorer Enhanced Security Configuration | |
| # | |
| # Requires: puppetlabs/registry | |
| # | |
| class profile::windows::disable_ieesc { | |
| registry::value { 'Disable IE ESC for Administrators': | |
| key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}', | |
| value => 'IsInstalled', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| registry::value { 'Disable IE ESC for Users': | |
| key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}', | |
| value => 'IsInstalled', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This will turn off ipv6 for Windows nodes | |
| class profile::windows::disable_ipv6 { | |
| registry::value { 'Disable IPv6': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters', | |
| value => 'DisabledComponents', | |
| data => '255', | |
| type => 'dword', | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This will disable UAC | |
| # | |
| # Requires: puppetlabs/registry | |
| # | |
| class profile::windows::disable_uac { | |
| registry::value { 'Disable UAC': | |
| key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', | |
| value => 'EnableLUA', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| # Refer to the link below to determine what different values do. | |
| # Valid data values are 0 - 5. | |
| # https://msdn.microsoft.com/en-us/library/Cc232761.aspx | |
| registry::value { 'Set UAC Consent Prompt Level': | |
| key => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', | |
| value => 'ConsentPromptBehaviorAdmin', | |
| data => '5', | |
| type => 'dword', | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A profile to manage IIS on Windows | |
| # | |
| # - Sets up the IIS role | |
| # - Manages an IIS Site and App Pool | |
| # | |
| class profile::windows::iis { | |
| # Add the Web Manamanget Tools | |
| windowsfeature { 'Web-Mgmt-Tools': | |
| ensure => present, | |
| installsubfeatures => true, | |
| } | |
| # Add the IIS Role | |
| windowsfeature { 'Web-WebServer': | |
| ensure => present, | |
| installmanagementtools => true, | |
| } | |
| # Remove the default IIS web site | |
| iis::manage_site { 'Default Web Site': | |
| ensure => absent, | |
| site_path => 'any', | |
| app_pool => 'DefaultAppPool', | |
| require => Windowsfeature['Web-WebServer'], | |
| } | |
| service { 'w3svc': | |
| ensure => running, | |
| enable => true, | |
| require => Windowsfeature['Web-WebServer'], | |
| } | |
| # Manage an IIS Site | |
| #iis::manage_site {'internal.company.com': | |
| # site_path => 'C:\inetpub\wwwroot\apple', | |
| # port => '80', | |
| # ip_address => '*', | |
| # host_header => 'internal.company.com', | |
| # app_pool => 'application_pool' | |
| #} | |
| ## Manage an App Pool | |
| #iis::manage_app_pool {'application_pool': | |
| # enable_32_bit => true, | |
| # managed_runtime_version => 'v4.0', | |
| #} | |
| #iis::manage_virtual_application {'application1': | |
| # site_name => 'internal.company.com', | |
| # site_path => 'C:\inetpub\wwwroot\application1', | |
| # app_pool => 'application_pool' | |
| #} | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This profile will enable remote desktop connections | |
| # | |
| class profile::windows::remote_desktop { | |
| registry::value { 'Enable Terminal Services connections': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server', | |
| value => 'fDenyTSConnections', | |
| data => '0', | |
| type => 'dword', | |
| } | |
| registry::value { 'Enable TS Network Level Authentication': | |
| key => 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp', | |
| value => 'SecurityLayer', | |
| data => '1', | |
| type => 'dword', | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment