Managing Windows with CFEngine and Perl

Initial Setup | Configuration | Running | Installing Software | Modify Local Policy | Utilities

How to manage Windows XP desktop systems under CFEngine. Together with Perl and sufficient application of force, CFEngine can manage user accounts, printer configuration, local group policy edits, and software installation. Additional infrastructure management pieces for the site in question included:

The work documented here was done primarily by Alex Dioso to support Windows XP Professional desktop systems in the department of Genome Sciences.

Also consider WPKG for software management on Windows.

Initial Setup

CFEngine on Windows requires:

Install these via Unattended to automate host setup. Another option: use nLite to create a custom Windows installation CD, or create install images if the supported hardware has been standardized (via Norton Ghost or similar).

Other concerns:


CFEngine configuration tips and example for Windows. These notes rely on CFEngine Classes for class naming conventions and how the configuration files use import.

Configuration Tips

Example Configuration

Configuration example adapted from the main configuration file. cfagent.conf, when read by cfagent, imports the file after parsing other configuration files.


CFEngine should be run by two different methods, to ensure CFEngine will still run should one method fails. Scheduled tasks were found to randomly corrupt themselves.

Use and the statements in the configuration file to run cfexecd as a Windows service.

Installing Software

The script can install software. See the configuration file for examples.

To create *.msi installers, use either Visual Studio (long and difficult) or the freeware software Advanced Installer.

Modify Local Policy

Copying *.reg files based on CFEngine classes, then applying these files may be sufficient. Other tasks may require a script to make the necessary modifications, such as in conjunction with module:policy is another method. The source code for module:policy is available by request.