Puppet as a GPO replacement
When you have a mixed client workstation environment (Windows, Linux, Mac) using GPOs only covers a portion of the environment. Sure, there are some AD plugins for Mac and Linux to let them read and apply those settings, however, those tools cost an exuberant amount of money compared to the open source version Puppet.
I haven’t scratched the surface of totally replacing GPO. I still have to push out the puppet client using GPO, but my goal is to be solely dependent upon puppet.
In the upcoming weeks, I am going to post a few articles regarding the idiosyncrasies of the different OSes. For now, here are a few generic tips:
1. Use Roles and Profiles
2. Set the default node to have roles:: workstation
3. Use kernel case statements in roles:: workstation, profiles::base, and modules only.
4. Write Puppet modules with all workstations in mind.