Puppet agent's run environment

Puppet agent runs as a specific user, by default LocalSystem, and initiates outbound connections on port 8140.

On this page:

Ports

By default, Puppet’s HTTPS traffic uses port 8140. Your operating system and firewall must allow Puppet agent to initiate outbound connections on this port.

If you want to use a non-default port, change the serverport setting on all agent nodes, and ensure that you change your Puppet primary server’s port as well.

User

Puppet agent runs as the LocalSystem user, which lets it manage the configuration of the entire system, but prevents it from accessing files on UNC shares.

Puppet agent can also run as a different user. You can change the user in the Service Control Manager (SCM). To start the SCM, click Start -> Run… and then enter Services.msc.

You can also specify a different user when installing Puppet. To do this, install using the CLI and specify the required MSI properties: PUPPET_AGENT_ACCOUNT_USER,PUPPET_AGENT_ACCOUNT_PASSWORD, and PUPPET_AGENT_ACCOUNT_DOMAIN.

Puppet agent’s user can be a local or domain user. If this user isn’t already a local administrator, the Puppet installer adds it to the Administrators group. The installer also grants Logon as Service to the user.