How to Set Up Windows Server 2019 with Chef

Chef is an open-source configuration management platform that automates the provisioning, configuration, and management of infrastructure. Chef uses Ruby-based DSL “recipes” and “cookbooks” to describe how servers should be configured. For Windows Server 2019, Chef provides full support through the Chef Infra Client agent, enabling the same configuration management approach used for Linux servers to be applied consistently across mixed Windows/Linux environments.

Chef Architecture for Windows Server 2019

A Chef deployment consists of three main components. The Chef Infra Server (or Chef Automate) is the central repository that stores cookbooks, policies, node data, and run history. The Chef Workstation is where developers and administrators write and test cookbooks. The Chef Infra Client runs on each managed node (including Windows Server 2019 servers) and periodically contacts the Chef Server to retrieve and apply the latest configuration. The client runs as a Windows service and checks in every 30 minutes by default.

Installing Chef Workstation

Install the Chef Workstation on a developer or admin machine. Chef Workstation includes all tools needed to write, test, and deploy cookbooks: knife (CLI tool for interacting with Chef Server), chef-client (for local testing), InSpec (compliance testing), Test Kitchen (integration testing), and ChefSpec (unit testing).

# Download Chef Workstation from https://www.chef.io/downloads/tools/workstation
# Install on Windows (run as administrator)
# Or download and install via PowerShell

# Verify installation
chef --version
knife --version

# Set up a new Chef repository structure
chef generate repo my-chef-repo
cd my-chef-repo

# Directory structure created:
# my-chef-repo/
#   cookbooks/      -- your cookbooks
#   environments/   -- environment-specific config
#   roles/          -- server role definitions
#   data_bags/      -- encrypted and unencrypted data
#   policies/       -- Policyfile-based configurations

Creating a Cookbook for Windows Server 2019

A cookbook is a collection of recipes, attributes, templates, files, and metadata that define a configuration. Generate a new cookbook for configuring a Windows web server.

# Generate a new cookbook
chef generate cookbook cookbooks/windows_web_server

# Cookbook structure created:
# cookbooks/windows_web_server/
#   recipes/default.rb       -- default recipe
#   attributes/default.rb    -- default attribute values
#   templates/               -- ERB template files
#   files/                   -- static files
#   metadata.rb              -- cookbook metadata
#   Berksfile                -- cookbook dependency management

# Edit the default recipe
# cookbooks/windows_web_server/recipes/default.rb

Writing a Windows Server 2019 Recipe

Write a recipe that installs IIS, configures the web server, and deploys a web application on Windows Server 2019. Chef uses Windows-specific resources from the windows and iis cookbooks.

# cookbooks/windows_web_server/recipes/default.rb

# Ensure IIS Windows feature is installed
windows_feature_powershell 'Web-Server' do
  action :install
end

windows_feature_powershell 'Web-Asp-Net45' do
  action :install
end

windows_feature_powershell 'Web-Mgmt-Console' do
  action :install
end

# Create the web application directory
directory 'C:\inetpub\myapp' do
  action :create
  recursive true
end

# Copy configuration file from cookbook files directory
cookbook_file 'C:\inetpub\myapp\web.config' do
  source 'web.config'
  action :create_if_missing
end

# Ensure the W3SVC service is running
service 'W3SVC' do
  action [:enable, :start]
end

# Write a log message
log 'IIS configured successfully' do
  level :info
end

Using the Windows Cookbook for Advanced Configuration

The community windows cookbook provides additional resources for Windows-specific tasks like installing MSI packages, configuring the registry, and managing Windows services.

# In metadata.rb, declare the dependency
# depends 'windows', '~> 6.0'
# depends 'windows_firewall'

# Install a package from a URL
windows_package 'Microsoft Visual C++ Redistributable 2019' do
  source 'https://internalrepo.corp.local/files/vc_redist.x64.exe'
  installer_type :custom
  options '/install /quiet /norestart'
  action :install
end

# Configure a registry key
registry_key 'HKEY_LOCAL_MACHINESOFTWAREMyApp' do
  values [
    { name: 'InstallPath', type: :string, data: 'C:MyApp' },
    { name: 'LogLevel', type: :dword, data: 2 },
    { name: 'Enabled', type: :dword, data: 1 }
  ]
  action :create
end

# Create a Windows Firewall rule
powershell_script 'allow_app_port' do
  code "New-NetFirewallRule -DisplayName 'MyApp Port 8080' -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow"
  not_if { system('netsh advfirewall firewall show rule name="MyApp Port 8080" > nul 2>&1') }
end

Testing a Cookbook with Chef InSpec

Before deploying to production, test your cookbook. InSpec provides compliance testing that verifies the resulting server state matches your expectations.

# Create an InSpec test in the cookbook's test directory
# test/integration/default/default_test.rb

describe windows_feature('Web-Server') do
  it { should be_installed }
end

describe service('W3SVC') do
  it { should be_installed }
  it { should be_running }
end

describe file('C:inetpubmyapp') do
  it { should be_directory }
end

describe port(80) do
  it { should be_listening }
end
# Run InSpec tests against the local machine
inspec exec test/integration/default/default_test.rb

# Run tests against a remote Windows machine
inspec exec test/integration/default/ -t winrm://[email protected] --password 'AdminPass123'

Bootstrapping a Windows Server 2019 Node

Bootstrapping registers a new Windows Server 2019 machine with the Chef Server and installs the Chef Infra Client. Use the knife bootstrap command from the Chef Workstation.

# Bootstrap a Windows Server 2019 node
knife bootstrap winrm "192.168.1.55" `
    --winrm-user Administrator `
    --winrm-password 'AdminPassword123' `
    --node-name "websvr01.corp.local" `
    --run-list "recipe[windows_web_server::default]" `
    --channel stable `
    --yes

# Verify the node was registered
knife node list
knife node show websvr01.corp.local

Uploading and Running Cookbooks

# Upload the cookbook to the Chef Server
knife cookbook upload windows_web_server

# Trigger a chef-client run on a remote node
knife winrm "websvr01.corp.local" chef-client --winrm-user Administrator --winrm-password 'AdminPass'

# View the node's run history
knife runs list websvr01.corp.local

# Update a node's run list
knife node run_list set websvr01.corp.local "recipe[windows_web_server],recipe[windows_security]"

Configuring Chef Client as a Windows Service

Install the Chef Infra Client as a scheduled task or Windows service for automatic periodic convergence runs on managed nodes.

# On the Windows Server 2019 node - install chef-client as a scheduled task
chef-client --interval 1800 --splay 300 --daemonize

# Or install as a Windows service using chef-service-manager
chef-service-manager -a install
chef-service-manager -a start

# Check service status
Get-Service chef-client | Select-Object Status, StartType

# View chef-client log
Get-Content "C:cheflogclient.log" -Tail 50

Conclusion

Chef provides a mature, Ruby-based infrastructure automation platform that works excellently with Windows Server 2019. Writing cookbooks with Windows-specific resources, testing with InSpec compliance checks, bootstrapping nodes through knife, and operating the Chef Infra Client as a Windows service delivers continuous automated configuration management. Chef’s ability to manage heterogeneous environments — Windows and Linux simultaneously — makes it a strong choice for organisations running mixed-OS infrastructure who want consistent configuration management across all platforms.