SlideShare une entreprise Scribd logo
1  sur  14
Télécharger pour lire hors ligne
Transferring System Setting
Management from Group
Policy to Puppet
Shane Smith
Site Reliability Engineer
Athenahealth
Why Did We Move From Group Policy to
Puppet
 Consistently applied inside or outside a domain
 Support Infrastructure As Code
 Improved monitoring and alerting
Group Policy Computer Policy
Components
 GPO: A unique instance of a Group Policy Template
referenced in Active Directory. This is the object
that can be linked using a shortcut pointer to Sites,
Domains or Organizational Units in AD
 GPT: The standard structure for a Group Policy
Object. This is the folder named after the Globally
Unique ID (GUID) value of the Group Policy Object.
So for the purpose of migrating group policy settings
into Puppet:
 GPO links determines what systems get the profile
 GPT defines what settings are in the profile
Group Policy Computer Setting Key Files
 Registry.pol: File stores non-security related registry settings defined in a Group Policy.
The formatting used to store this does not use a standard encoding format. This is based
on legacy Window NT formatting. This file is located under a GPT in <Group Policy
GUID>Machine. Tools exist to convert this into a standard readable format; such as:
https://sdmsoftware.com/389932-gpo-freeware-downloads/registry-pol-viewer-utility/
 GptTmpl.inf: stores Computer policy contains settings that are designated as Security-
specific settings. These can be registry settings, Services, Log configurations, etc. This
file is located under a GPT in <Group Policy GUID>Machinemicrosoftwindows
ntSecEdit. This file is a readable inf file.
 Registry.xml: stores audit settings preferences that should be applied using a group
policy. The file is found in <Group Policy GUID>MachinePreferencesRegistry. This file is
a standard XML file.
 Audit.csv stores audit settings that have been defined to apply using a group policy. The
file is found in <Group Policy GUID>Machinemicrosoftwindows ntAudit. This file is a
readable csv file.
How We Approached the Migration of
Group Policy
 Key goal: Move our National Institute of Standards and Technology (NIST)
settings to Puppet and report any issues applying settings
 We wanted to be able to phase the settings migration to Puppet and revert to
Group Policy quickly if needed
 Reviewed tools/projects that were out there out there and decided that it
would be best to write our own code
WinPuppetTools Module Overview
 Code that we wrote as part of our internal Puppet Module for automating and
simplifying operational tasks
 This code is publicly available on GitHub:
https://github.com/ShaneSmith-code/WinPuppetTools
 WinPuppetToools currently supports migrating computer registry policy and preference
settings, as well as audit settings, into a puppet manifest
 It is a work in-progress and we will add more functionality and will update this code as
time permits
 Built using code from an old version of GPRegistryPolicy PowerShell code for processing
and converting registry.pol data into readable content
WinPuppetTools Requirements
 This module currently has one public function Convert-GpoToPuppetManifest
that converts registry settings and audit settings from a Group Policy to a
Puppet manifest.
 Requires PowerShell 5
 The outputted manifest will require the registry and auditpol module code
implemented in your environment. These can be found on Puppet Forge.
 https://forge.puppet.com/puppetlabs/registry
 https://forge.puppet.com/fervid/auditpol
WinPuppetTools Workflow Overview
 Process admx and adml files to link administrative template settings with the appropriate
description in the language files and add to normalized array of GPAdminTemplateRecord
entries
 Read in policy definition spreadsheet data for settings and descriptions
 Find and read through the .pol and .xml and registry settings in the policy path provided and
add to normalized array of registry settings
 Process the GptTmpl.inf registry settings and add to normalized array of registry settings.
Note: There are many more categories that can be contained here that are not processed by
this code such as service startup, folder permissions, event log configuration, etc.
 Create the manifest and convert the normalized settings into puppet formatted manifest
entries for registry settings
 Process and convert the policy audit settings; if audit parameters are passed
 Complete the writing of the manifest file and exit the code
Convert-GpoToPuppetManifest
Parameters
 GPOFolderPath: Path to the GPO folder to be processed. (Required)
 PolicyDefinitionsRepository: Path to the domains Policy Definitions folder; usually <d
omain DNS name>SYSVOLcontoso.comPoliciesPolicyDefinitions. (Required)
 ProfileName: This is the friendly name of the policy used in creating the output
folder. (Required)
 policyPathDictionary: Path to the copy of the Microsoft Excel spreadsheet PolicySettin
gsDescriptions.csv.(Required)
 IncludeAuditSettings: Switch to indicate that audit settings should be converted along
with the registry settings. (Optional)
 AuditSettingsFilePath: Path to the audit.csv file that contains the settings that should
be converted. (Optional)
Convert-GpoToPuppetManifest Example
Convert-GpoToPuppetManifest
Enumerating Settings and Descriptions
Convert-GpoToPuppetManifest Complete
Convert-GpoToPuppetManifest Manifest
Questions

Contenu connexe

Tendances

Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionXebiaLabs
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionXebiaLabs
 
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPIN
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPINBACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPIN
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPINMicro Focus
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeploySerena Software
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and AlertingKhairul Zebua
 
Executing Deployment & Release Strategies
Executing Deployment & Release StrategiesExecuting Deployment & Release Strategies
Executing Deployment & Release StrategiesOpenSense Labs
 
Scaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityScaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityXebiaLabs
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
The Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesThe Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesDBmaestro - Database DevOps
 
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseOn the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseXebiaLabs
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)Serena Software
 
SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)Hussain Mansoor
 
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB
 
Introduction to Puppet Enterprise 03-31-2016
Introduction to Puppet Enterprise 03-31-2016Introduction to Puppet Enterprise 03-31-2016
Introduction to Puppet Enterprise 03-31-2016Puppet
 
Continuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierContinuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierXebiaLabs
 
Continuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierContinuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierDBmaestro - Database DevOps
 
Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1Puppet
 
Predictability at Scale
Predictability at ScalePredictability at Scale
Predictability at ScalePerforce
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryDBmaestro - Database DevOps
 

Tendances (20)

Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
 
Measuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in ActionMeasuring Performance: See the Science of DevOps Measurement in Action
Measuring Performance: See the Science of DevOps Measurement in Action
 
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPIN
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPINBACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPIN
BACK FROM THE EDGE: INFRASTRUCTURE PROTECTION THROUGH PLATESPIN
 
Leveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and DeployLeveraging DevOps Principles for Release and Deploy
Leveraging DevOps Principles for Release and Deploy
 
DevOps Monitoring and Alerting
DevOps Monitoring and AlertingDevOps Monitoring and Alerting
DevOps Monitoring and Alerting
 
Executing Deployment & Release Strategies
Executing Deployment & Release StrategiesExecuting Deployment & Release Strategies
Executing Deployment & Release Strategies
 
Scaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and qualityScaling DevOps - delivering on the promise of business velocity and quality
Scaling DevOps - delivering on the promise of business velocity and quality
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
The Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for DummiesThe Future of Change Management and DevOps for Dummies
The Future of Change Management and DevOps for Dummies
 
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the EnterpriseOn the Road to Shangri-La: Scaling CD from Teams to the Enterprise
On the Road to Shangri-La: Scaling CD from Teams to the Enterprise
 
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
DevOps CD and Multispeed IT in regulated industries (FUG Presentation)
 
SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)SRE 101 (Site Reliability Engineering)
SRE 101 (Site Reliability Engineering)
 
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentationNRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
NRB - LUXEMBOURG MAINFRAME DAY 2017 - Compuware DevOps presentation
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
 
Introduction to Puppet Enterprise 03-31-2016
Introduction to Puppet Enterprise 03-31-2016Introduction to Puppet Enterprise 03-31-2016
Introduction to Puppet Enterprise 03-31-2016
 
Continuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final FrontierContinuous Delivery & the Database - the Final Frontier
Continuous Delivery & the Database - the Final Frontier
 
Continuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final FrontierContinuous Delivery & the Database- The Final Frontier
Continuous Delivery & the Database- The Final Frontier
 
Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1Introduction to Puppet Enterprise 2016.1
Introduction to Puppet Enterprise 2016.1
 
Predictability at Scale
Predictability at ScalePredictability at Scale
Predictability at Scale
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
 

Similaire à Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane Smith, athenahealth

Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy ADsentmery5
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferencesRob Dunn
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOsHameda Hurmat
 
Deploy Application Files with Git
Deploy Application Files with GitDeploy Application Files with Git
Deploy Application Files with GitAlec Clews
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy ConceptsRob Dunn
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008Unitek Eduation
 
Policy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp SentinelPolicy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp SentinelMitchell Pronschinske
 
Using GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune DesktopsUsing GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune DesktopsUnidesk Corporation
 
SessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsSessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsHellen Gakuruh
 
Presentation Moss 2007 Usman
Presentation Moss 2007 UsmanPresentation Moss 2007 Usman
Presentation Moss 2007 UsmanUsman Zafar Malik
 
Introduction to Git for Force.com Developers
Introduction to Git for Force.com DevelopersIntroduction to Git for Force.com Developers
Introduction to Git for Force.com DevelopersSalesforce Developers
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1denogx
 
Dreamforce 13 developer session: Git for Force.com developers
Dreamforce 13 developer session: Git for Force.com developersDreamforce 13 developer session: Git for Force.com developers
Dreamforce 13 developer session: Git for Force.com developersJohn Stevenson
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyMichael Gough
 
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...Jitendra Bafna
 
GitPro Whitepaper
GitPro WhitepaperGitPro Whitepaper
GitPro WhitepaperERP Buddies
 

Similaire à Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane Smith, athenahealth (20)

Window 2003 server group policy AD
Window 2003 server group policy ADWindow 2003 server group policy AD
Window 2003 server group policy AD
 
Group policy preferences
Group policy preferencesGroup policy preferences
Group policy preferences
 
10 implementing GPOs
10 implementing GPOs10 implementing GPOs
10 implementing GPOs
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
 
Deploy Application Files with Git
Deploy Application Files with GitDeploy Application Files with Git
Deploy Application Files with Git
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
 
70 640 Lesson08 Ppt 041009
70 640 Lesson08 Ppt 04100970 640 Lesson08 Ppt 041009
70 640 Lesson08 Ppt 041009
 
Group Policy Windows Server 2008
Group Policy Windows Server 2008Group Policy Windows Server 2008
Group Policy Windows Server 2008
 
Ab initio training Ab-initio Architecture
Ab initio training Ab-initio ArchitectureAb initio training Ab-initio Architecture
Ab initio training Ab-initio Architecture
 
Policy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp SentinelPolicy as Code: IT Governance With HashiCorp Sentinel
Policy as Code: IT Governance With HashiCorp Sentinel
 
Using GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune DesktopsUsing GPOs to Configure and Tune Desktops
Using GPOs to Configure and Tune Desktops
 
SessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystemsSessionThree_IntroductionToVersionControlSystems
SessionThree_IntroductionToVersionControlSystems
 
Presentation Moss 2007 Usman
Presentation Moss 2007 UsmanPresentation Moss 2007 Usman
Presentation Moss 2007 Usman
 
Introduction to Git for Force.com Developers
Introduction to Git for Force.com DevelopersIntroduction to Git for Force.com Developers
Introduction to Git for Force.com Developers
 
Ad group policy1
Ad group policy1Ad group policy1
Ad group policy1
 
Dost.jar and fo.jar
Dost.jar and fo.jarDost.jar and fo.jar
Dost.jar and fo.jar
 
Dreamforce 13 developer session: Git for Force.com developers
Dreamforce 13 developer session: Git for Force.com developersDreamforce 13 developer session: Git for Force.com developers
Dreamforce 13 developer session: Git for Force.com developers
 
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeologyWindows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
Windows Logging Cheat Sheet ver Jan 2016 - MalwareArchaeology
 
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
MuleSoft Surat Virtual Meetup#3 - Anypoint Custom Policies, API Manager (Prox...
 
GitPro Whitepaper
GitPro WhitepaperGitPro Whitepaper
GitPro Whitepaper
 

Plus de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 

Plus de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your  dev ops dumping groundTake control of your  dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 

Dernier

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 

Dernier (20)

Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 

Puppet Camp East, Converting Group Policy settings to Puppet manifests, Shane Smith, athenahealth

  • 1. Transferring System Setting Management from Group Policy to Puppet Shane Smith Site Reliability Engineer Athenahealth
  • 2. Why Did We Move From Group Policy to Puppet  Consistently applied inside or outside a domain  Support Infrastructure As Code  Improved monitoring and alerting
  • 3. Group Policy Computer Policy Components  GPO: A unique instance of a Group Policy Template referenced in Active Directory. This is the object that can be linked using a shortcut pointer to Sites, Domains or Organizational Units in AD  GPT: The standard structure for a Group Policy Object. This is the folder named after the Globally Unique ID (GUID) value of the Group Policy Object. So for the purpose of migrating group policy settings into Puppet:  GPO links determines what systems get the profile  GPT defines what settings are in the profile
  • 4. Group Policy Computer Setting Key Files  Registry.pol: File stores non-security related registry settings defined in a Group Policy. The formatting used to store this does not use a standard encoding format. This is based on legacy Window NT formatting. This file is located under a GPT in <Group Policy GUID>Machine. Tools exist to convert this into a standard readable format; such as: https://sdmsoftware.com/389932-gpo-freeware-downloads/registry-pol-viewer-utility/  GptTmpl.inf: stores Computer policy contains settings that are designated as Security- specific settings. These can be registry settings, Services, Log configurations, etc. This file is located under a GPT in <Group Policy GUID>Machinemicrosoftwindows ntSecEdit. This file is a readable inf file.  Registry.xml: stores audit settings preferences that should be applied using a group policy. The file is found in <Group Policy GUID>MachinePreferencesRegistry. This file is a standard XML file.  Audit.csv stores audit settings that have been defined to apply using a group policy. The file is found in <Group Policy GUID>Machinemicrosoftwindows ntAudit. This file is a readable csv file.
  • 5. How We Approached the Migration of Group Policy  Key goal: Move our National Institute of Standards and Technology (NIST) settings to Puppet and report any issues applying settings  We wanted to be able to phase the settings migration to Puppet and revert to Group Policy quickly if needed  Reviewed tools/projects that were out there out there and decided that it would be best to write our own code
  • 6. WinPuppetTools Module Overview  Code that we wrote as part of our internal Puppet Module for automating and simplifying operational tasks  This code is publicly available on GitHub: https://github.com/ShaneSmith-code/WinPuppetTools  WinPuppetToools currently supports migrating computer registry policy and preference settings, as well as audit settings, into a puppet manifest  It is a work in-progress and we will add more functionality and will update this code as time permits  Built using code from an old version of GPRegistryPolicy PowerShell code for processing and converting registry.pol data into readable content
  • 7. WinPuppetTools Requirements  This module currently has one public function Convert-GpoToPuppetManifest that converts registry settings and audit settings from a Group Policy to a Puppet manifest.  Requires PowerShell 5  The outputted manifest will require the registry and auditpol module code implemented in your environment. These can be found on Puppet Forge.  https://forge.puppet.com/puppetlabs/registry  https://forge.puppet.com/fervid/auditpol
  • 8. WinPuppetTools Workflow Overview  Process admx and adml files to link administrative template settings with the appropriate description in the language files and add to normalized array of GPAdminTemplateRecord entries  Read in policy definition spreadsheet data for settings and descriptions  Find and read through the .pol and .xml and registry settings in the policy path provided and add to normalized array of registry settings  Process the GptTmpl.inf registry settings and add to normalized array of registry settings. Note: There are many more categories that can be contained here that are not processed by this code such as service startup, folder permissions, event log configuration, etc.  Create the manifest and convert the normalized settings into puppet formatted manifest entries for registry settings  Process and convert the policy audit settings; if audit parameters are passed  Complete the writing of the manifest file and exit the code
  • 9. Convert-GpoToPuppetManifest Parameters  GPOFolderPath: Path to the GPO folder to be processed. (Required)  PolicyDefinitionsRepository: Path to the domains Policy Definitions folder; usually <d omain DNS name>SYSVOLcontoso.comPoliciesPolicyDefinitions. (Required)  ProfileName: This is the friendly name of the policy used in creating the output folder. (Required)  policyPathDictionary: Path to the copy of the Microsoft Excel spreadsheet PolicySettin gsDescriptions.csv.(Required)  IncludeAuditSettings: Switch to indicate that audit settings should be converted along with the registry settings. (Optional)  AuditSettingsFilePath: Path to the audit.csv file that contains the settings that should be converted. (Optional)