Installing fonts on Windows using Puppet

I was recently tasked to install a group of fonts on windows systems. In order to do it the Internet way, you have to:

  1. Install the font on a system
  2. Export the registry file
  3. Create a GPO
  4. Place the font in an accessible location (domain readable)
  5. Make sure the GPO has the .reg and the font file installing
  6. Reboot the machine 2-3 times

Some have also suggested to install fonts via a packaged .msi – Something I also tried which did not work. Since my machines already have puppet installed, I went that route.

mkdir fonts/files/ #where the FontReg file resides
mkdir fonts/files/fonts #where the fonts reside
mkdir fonts/manifests/ #where the below init.pp file resides

Contents of init.pp are below:

class fonts {

case $operatingsystem {
	windows: {
			exec { 'FontReg':
				command		=> 'C:\Windows\FontReg.exe',
				path		=> $::path,
				refreshonly	=> true,
				require		=> File['C:\Windows\FontReg.exe'],
			exec { 'FixFonts':
				command 	=> 'cmd.exe /c C:\Windows\font_ownership.bat',
				path		=> $::path,
				refreshonly	=> true,
				require		=> File['C:\Windows\font_ownership.bat'],
			file { 'C:\Windows\font_ownership.bat':
				ensure			=> present,
				notify 			=> Exec["FixFonts"],
				source_permissions	=> ignore,
				content			=> "attrib -r -s c:\Windows\Fonts
takeown /f c:\Windows\Fonts /r /d n
cacls c:\Windows\Fonts /e /t /g users:c
cacls c:\Windows\System32\FNTCACHE.DAT /e /t /g users:c",
			file {	'C:\Windows\FontReg.exe':
				source 			=> $architecture ? {
						"x86" 	=> "puppet:///modules/fonts/FontReg32.exe",
						"x64" 	=> "puppet:///modules/fonts/FontReg64.exe",
						default => "unsupported architecture"
				source_permissions	=> ignore,
			$fonts = ["font-name1.otf","fontname2.ttf"];
			$fonts.each |$font| {
				file {"C:\\Windows\\Fonts\${font}":
				source  		=> "puppet:///modules/fonts/fonts/${font}",
				ensure			=> present,
				notify 			=> Exec["FontReg"],
				require			=> [File['C:\Windows\FontReg.exe'],File['C:\Windows\font_ownership.bat'],],
				source_permissions	=> ignore



Required programs:

Known Limitations

  • In order to actually place the files on UAC systems, you have to take ownership of the font folder. This is done in the puppet script.
  • I am using an iterator because there are some fonts that are installed on your system which prevent overwriting (even after you forcibly take ownership of the folder). ADP.ttf … I am looking at you!
%d bloggers like this: