How to Install and Use Chocolatey Package Manager on Windows Server 2022
Chocolatey is a command-line package manager for Windows that automates the installation, upgrade, configuration, and removal of software. It wraps native installers (MSI, EXE, ZIP) with a consistent command-line interface, eliminating manual download-and-click workflows. On Windows Server 2022, Chocolatey is particularly useful for provisioning servers consistently, automating software deployments in scripts, and maintaining a reproducible software stack across multiple servers.
Installing Chocolatey on Windows Server 2022
The official Chocolatey installation method uses PowerShell to download and execute the install script from the Chocolatey CDN. The installation requires administrator privileges and an execution policy that permits running scripts.
# Step 1: Temporarily bypass execution policy for the install
# This only affects the current PowerShell session, not the system policy
Set-ExecutionPolicy Bypass -Scope Process -Force
# Step 2: Configure security protocol to TLS 1.2 (required by the CDN)
[System.Net.ServicePointManager]::SecurityProtocol = `
[System.Net.ServicePointManager]::SecurityProtocol -bor 3072
# Step 3: Download and execute the install script
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))Alternatively, if you have curl available (Windows Server 2022 includes curl.exe):
Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = `
[System.Net.ServicePointManager]::SecurityProtocol -bor 3072
& ([scriptblock]::Create((curl.exe -sSL https://community.chocolatey.org/install.ps1)))After installation, Chocolatey is installed to C:ProgramDatachocolatey and the choco command is added to the system PATH. Verify the installation:
choco --version
choco -?Close and reopen PowerShell if choco is not found immediately after installation, as the PATH change requires a new shell session to take effect.
Installing Packages with choco install
The choco install command downloads and installs packages from the Chocolatey community repository by default.
# Install a single package
choco install notepadplusplus
# Install without prompting for confirmation (important for scripting)
choco install notepadplusplus -y
# Install a specific version
choco install git --version=2.44.0 -y
# Install multiple packages in a single command
choco install notepadplusplus googlechrome vlc -y
# Install from a local nupkg file
choco install mypackage -y --source="C:localpackages"The -y flag is essential in scripts and automated provisioning to prevent Chocolatey from pausing and asking for confirmation at each step. Without it, the install hangs waiting for user input.
Install packages that require elevated permissions (most system-level tools do automatically, but you can be explicit):
choco install 7zip -y --params '"/NoContextMenu"'Upgrading Packages
Chocolatey tracks installed packages and can upgrade them to newer versions individually or all at once.
# Upgrade a specific package
choco upgrade git -y
# Upgrade all installed Chocolatey-managed packages
choco upgrade all -y
# Upgrade all except specific packages (pin them first or use --except)
choco upgrade all -y --except="nodejs,python"
# Preview what would be upgraded without doing it
choco upgrade all --noopThe --noop (or --whatif) flag performs a dry run, showing which packages would be upgraded without making any changes. Use this before running upgrades on production servers.
Uninstalling Packages
# Uninstall a package
choco uninstall notepadplusplus -y
# Uninstall and remove all package dependencies
choco uninstall notepadplusplus -y --remove-dependencies
# Uninstall all versions of a package
choco uninstall git -y --allversionsListing and Searching Packages
Chocolatey provides commands to list installed packages and search the repository for available packages.
# List all locally installed Chocolatey packages
choco list
# List with version numbers
choco list --local-only
# Search the community repository
choco search nodejs
# Search and show exact matches only
choco search python --exact
# Get detailed information about a package
choco info git
# Show package dependencies
choco info nodejs --include-programsFinding Outdated Packages
The choco outdated command checks all locally installed packages against the configured sources and lists which ones have newer versions available.
# Check for outdated packages
choco outdated
# Check outdated with specific source
choco outdated --source="https://community.chocolatey.org/api/v2/"
# Output in a machine-readable format (useful in CI/CD pipelines)
choco outdated --limit-outputThe --limit-output flag (or -r) outputs data in a pipe-delimited format: packagename|currentversion|availableversion|pinned. This is easy to parse in PowerShell:
$outdated = choco outdated -r | ForEach-Object {
$parts = $_ -split '|'
[PSCustomObject]@{
Package = $parts[0]
Current = $parts[1]
Latest = $parts[2]
Pinned = $parts[3]
}
}
$outdated | Format-Table -AutoSizeAutomated Updates with choco upgrade all
Schedule automatic daily or weekly upgrades on Windows Server 2022 using Task Scheduler:
# Create a scheduled task to upgrade all Chocolatey packages nightly
$action = New-ScheduledTaskAction `
-Execute "powershell.exe" `
-Argument "-NonInteractive -NoProfile -Command `"choco upgrade all -y | Out-File C:logschoco-upgrade.log -Append`""
$trigger = New-ScheduledTaskTrigger -Daily -At "2:00AM"
$principal = New-ScheduledTaskPrincipal `
-UserId "SYSTEM" `
-LogonType ServiceAccount `
-RunLevel Highest
$settings = New-ScheduledTaskSettingsSet `
-ExecutionTimeLimit (New-TimeSpan -Hours 2) `
-RestartCount 1 `
-RestartInterval (New-TimeSpan -Minutes 30)
Register-ScheduledTask `
-TaskName "Chocolatey Auto-Upgrade" `
-Action $action `
-Trigger $trigger `
-Principal $principal `
-Settings $settings `
-Description "Automatically upgrades all Chocolatey packages"Pinning Package Versions
Pin a package to prevent it from being upgraded during choco upgrade all. This is useful for software that must stay at a specific version for compatibility reasons.
# Pin a package at its current version
choco pin add --name=nodejs
# Pin a package at a specific version
choco pin add --name=python --version=3.11.9
# List all pinned packages
choco pin list
# Remove a pin (allow upgrades again)
choco pin remove --name=nodejsChocolatey Source Management
By default, Chocolatey uses the community repository at https://community.chocolatey.org/api/v2/. In enterprise environments, you typically configure additional or replacement sources pointing to internal repositories.
# List configured sources
choco source list
# Add an internal source
choco source add --name="internal" --source="https://nexus.corp.local/repository/choco-proxy/"
# Add a source with authentication
choco source add `
--name="internal" `
--source="https://nexus.corp.local/repository/choco-proxy/" `
--user="chocouser" `
--password="SecurePassword123!"
# Remove the community source (air-gapped environments)
choco source remove --name="chocolatey"
# Disable a source without removing it
choco source disable --name="chocolatey"
# Re-enable
choco source enable --name="chocolatey"
# Set source priority (lower number = higher priority)
choco source add --name="internal" --source="..." --priority=1Corporate Proxy Configuration
In environments where outbound HTTPS traffic routes through a corporate proxy, Chocolatey must be configured to use it.
# Set proxy for Chocolatey
choco config set proxy http://proxy.corp.local:8080
# Proxy with authentication
choco config set proxy http://proxy.corp.local:8080
choco config set proxyUser "CORPproxyuser"
choco config set proxyPassword "ProxyPassword123!"
# Bypass proxy for specific hosts (comma-separated)
choco config set proxyBypassList "nexus.corp.local,internal.corp.local"
# Bypass proxy for local addresses
choco config set proxyBypassOnLocal true
# View all Chocolatey config values
choco config listCreating Custom Chocolatey Packages
Custom packages allow you to distribute your own software or third-party software not in the community feed through your internal Chocolatey source. A Chocolatey package is a NuGet package (.nupkg) containing a nuspec file and optional PowerShell install/uninstall scripts.
Create a package skeleton:
choco new MyInternalApp
cd MyInternalAppThis creates the directory structure:
MyInternalApp/
├── MyInternalApp.nuspec
└── tools/
├── chocolateyInstall.ps1
├── chocolateyUninstall.ps1
└── LICENSE.txtEdit MyInternalApp.nuspec:
MyInternalApp
2.1.0
My Internal Application
Corp IT
Internal application deployed via Chocolatey.
internal corp
false
Edit toolschocolateyInstall.ps1:
$ErrorActionPreference = 'Stop'
$packageArgs = @{
packageName = 'MyInternalApp'
fileType = 'MSI'
url64bit = 'https://nexus.corp.local/files/MyInternalApp-2.1.0-x64.msi'
checksum64 = 'A1B2C3D4E5F6...' # SHA256 hash of the MSI
checksumType64 = 'sha256'
silentArgs = '/quiet /norestart INSTALLDIR="C:AppsMyInternalApp"'
validExitCodes = @(0, 3010)
}
Install-ChocolateyPackage @packageArgsBuild the package:
choco pack MyInternalApp.nuspecPush the resulting .nupkg to your Nexus or Artifactory Chocolatey repository:
choco push MyInternalApp.2.1.0.nupkg `
--source="https://nexus.corp.local/repository/choco-hosted/" `
--api-key="your-nexus-api-key"Using Nexus or Artifactory as a Chocolatey Server
Running your own NuGet/Chocolatey repository gives you full control over which packages are available, enables air-gapped deployments, and prevents dependency on the public community feed. Both Sonatype Nexus Repository and JFrog Artifactory support hosting NuGet feeds that Chocolatey consumes natively.
In Nexus Repository Manager, create a nuget (hosted) repository named choco-hosted and optionally a nuget (proxy) repository named choco-proxy pointing to https://community.chocolatey.org/api/v2/. Create a nuget (group) repository named choco-group aggregating both, giving you internal packages and proxied community packages from a single URL.
# Add your Nexus group as the primary Chocolatey source
choco source add `
--name="nexus" `
--source="https://nexus.corp.local/repository/choco-group/index.json" `
--priority=1
choco source disable --name="chocolatey"
# Test by searching for a package
choco search git --source="nexus"Chocolatey for Teams (Licensed Edition)
Chocolatey for Business (C4B) and Chocolatey for Teams add capabilities beyond the free community edition: package internalizer (repackage community packages to embed binaries for air-gapped use), Chocolatey Central Management (web dashboard for reporting and deployments), package throttling, self-service installation for non-admin users via the Chocolatey GUI, and enhanced security features.
Install the licensed extension after obtaining a license:
# Install the licensed extension
choco install chocolatey.extension -y --source="https://licensedpackages.chocolatey.org/api/v2/"
# Set the license file
Copy-Item "C:pathtochocolatey.license.xml" `
"C:ProgramDatachocolateylicensechocolatey.license.xml"
# Verify license
choco --version # Should show "Licensed" in the outputSummary
Chocolatey transforms Windows Server 2022 software management from a manual, error-prone process into a scriptable, repeatable workflow. Install it once via the PowerShell bootstrap command, use choco install and choco upgrade all -y for software lifecycle management, configure internal Nexus or Artifactory repositories for corporate environments where direct internet access is restricted, and build custom packages for in-house software. Scheduled upgrades with Task Scheduler keep servers patched, while choco outdated gives visibility into pending updates without committing to them immediately.
