Cooking on Windows with Chef

Chef has had a long history of support for Microsoft Windows as a platform, dating back to 2011 when Opscode first released the knife-windows plugin to bootstrap and manage Windows servers. You can use both built-in Chef resources and a plethora of community cookbooks to manage Internet Information Services (IIS), SQL Servers and their databases, registry keys, installing Windows features and roles, and more. You can also use the knife-azure plugin to interact with the Microsoft Azure platform to seamlessly provision Azure servers and register them with Chef. (We expect to release an updated version of the Azure plugin this week that will make it far easier to get started with Azure.)

In this blog post, we’ll give you a quick tour of the resources available in Chef for managing Microsoft Windows servers and show a demo of provisioning a .NET 4.0 application on Azure with one click. If you’re not already familiar with how Chef works, we encourage you to visit to get started with Chef. Come back later in the week when we’ll post a recording of today’s webinar where we walked through this information in-depth and showed the code behind it.

Chef Resources Available on Windows

One of the benefits of the Chef DSL (domain specific language) is that we can have different implementation logic for the same resource declaration across a variety of platforms. Not only does this apply to many variants of UNIX/Linux, but it also applies to Windows. So, for example, a resource declaration like this on a UNIX platform:

cookbook_file '/tmp/helloworld.txt' do
  action :create

would look almost the same on Windows, though you might write the path differently:

cookbook_file 'C:\Windows\Temp\helloworld.txt' do
  action :create

All the implementation logic is hidden from you, hence the notion that Chef is a declarative configuration language: say what, not how.

Resources that will work transparently on Windows include file, remote_file, cookbook_file, template, directory, remote_directory, user, group, mount, service, and many others. Naturally, the parameters you pass to these resources will vary on a Windows platform. For instance, Windows file permissions use a rights-based system in combination with octal modes, so there is an additional “rights” attribute. An example of making sure your IIS root is world-readable but only writable by software developers might look like this:

directory 'C:\inetpub\wwwroot' do
  rights :read, ‘Everyone’
  rights :full_control, 'OPSCODE\Web Developers’

For more information about file permissions & rights on Windows, consult the Windows File Security documentation.

Windows-Specific Chef Resources

Naturally, there are resources, like registry keys, that only make sense on Windows. Some of these resources (registry_key, powershell_script, batch) are built into Chef, while others exist as custom, or lightweight resources & providers (LWRPs) in the Windows cookbook. Over time, we will be migrating more resources out of the Windows cookbook and into core Chef, with automatic filesystem redirector handling and architecture-specific support. Today, for example, you can write to both the 32 and 64-bit registries using the registry_key resource and the architecture parameter. Some of the resources in the Windows cookbook include windows_feature (for installing Windows Features/Roles), windows_package (for installing software from MSI or other installers such as InstallShield), windows_printer (for setting up printers), and windows_task (for managing Scheduled Tasks). There are many more listed in the documentation. Other cookbooks contain Windows-specific resources implemented as LWRPs. For instance, the IIS cookbook contains resources for managing IIS app pools, sites, applications, and configuration parameters.

Putting It All Together

Earlier, we mentioned that Opscode maintains an Azure plugin for Knife to allow you to provision virtual machines in Windows Azure. Like all of Opscode’s other cloud plugins (knife-ec2, knife-openstack, etc.), this plugin takes care of requesting virtual machine resources from a cloud provider and then passing those resources to a bootstrap routine – the same one that you might run using the knife bootstrap command. Combining these two procedures allows you to instantly provision and configure infrastructure at the same time.

We’ve recorded a short video that illustrates this procedure, allowing us to automate the creation of a .NET 4.0 application stack for nopCommerce, a popular shopping cart web application, with one command.


Chef makes it easy to start automating many aspects of your Windows infrastructure. Many of our customers, like Nordstrom, and Cheezburger, are already automating large parts of their Windows environments. To get started today, sign up for a free trial of Hosted Enterprise Chef at where you can register up to five nodes for free with our software-as-a-service Chef server solution. Happy automating!

Further Reading and Watching

Julian Dunn

Julian is a former Chef employee