To make a long story short, I would like to have something like Ansible, Chef or Puppet, being able to maintain Windows clients. But all of these tools have some downsides I would like to avoid, because my use-case is somewhat special:
It’s not about maintaining hundreds of clients in a company network, but only about very few private client laptops of my family. Those aren’t online always, we live in different parts of the city, so don’t share the same private network. In the past, when something needed to be done, I just called them, they started TeamViewer or now MS Remote Help and I did things.
But some things could be done automatically, like putting into some queue the command to download some new script or trigger some backup or reconfigure OpenVPN or something like that. Whenever the laptop is online, that queue of commands is simply processed and I can somewhat rely on the result. Some of these things aren’t even that easy manually, because MS Remote Help requires someone to input the admin password locally and stuff. Which might be different if some sort of agent would run with system privileges already.
So, while Ansible, Chef and Puppet address these kinds of things in general, they all have shortcomings:
- Ansible requires WinRM to be enabled and I would like to avoid exposing services.
- Chef requires WinRM as well and in 2024(!) documents problems with long paths and paths containing spaces, which doesn’t make me trust the quality of that software at all.
- Puppet has a Windows agent polling some server, but forces me to use CAs, do DNS configs for names etc. I don’t need certificates, I trust the hosts, it’s my network. And I can’t change DNS too much, because the laptops need to work without OpenVPN as usual.
Isn’t there anything more lightweight out there? Thanks!
