Chapter 6. Using Puppet for Windows Security
Let's do a quick recap of what we have learned until now. We learned how to write modules, facts, templates, and functions. We learned how to deal with files and the firewall, execute commands, and many such details. Now, we will bring them all together and use them for the following security practices:
- Locking the
Startupfolder for each user - Locking the
hostsfile - Stopping unnecessary services
- Making sure that the necessary services are running
- Denying incoming traffic and allowing only the necessary ports
- Making the local administrator password unique
For each topic, we will also address why we need these settings. The best thing with Puppet is that when you make a security setting, it cannot be undone. If somebody changes the settings, Puppet will correct it in the next run (the default interval is 30 minutes).
