Prepare to install the module

To help ensure the successful deployment of SCE, complete the preparation steps.

  1. Review the following table to ensure that SCE can meet your organization’s requirements. sce_windows supports the following operating systems and Center for Internet Security (CIS) Benchmarks:
    Operating systemFrameworkProfile
    Windows Server 2022CIS Benchmarks v2.0.0Member Server, Level 1
    Windows Server 2019CIS Benchmarks v2.0.0Member Server, Level 1
    Windows Server 2016CIS Benchmarks v2.0.0Member Server, Level 1
    Windows 10 EnterpriseCIS Benchmarks v2.0.0Corporate Enterprise, Level 1

    Restriction: The domain_controller profile is not supported for any CIS controls.

    Tip: SCE uses Desired State Configuration (DSC) modules and the validation_mode parameter to ensure that resources do not remain in a "flapping" state. For more information, see securitypolicydsc.

  2. To manage nodes with Puppet Enterprise (PE), purchase PE, Puppet Enterprise suite, or Puppet Enterprise Advanced. You can install any version in the 2021.7 or 2023 release stream. For instructions, see Installing.
  3. To manage nodes with open source Puppet, install Puppet 7 or 8. For instructions, see Install Puppet.
  4. Review the dependencies to ensure that your infrastructure will meet the requirements. Go to Puppet Forge and review the Dependencies tab.

    Important: SCE for Windows v2.0.0 supports the latest versions of its Puppet module dependencies. For details, see the Release notes for Windows. To help avoid operational issues, do not use earlier versions of Puppet modules.

  5. If you installed PE, follow the instructions in Configuring Puppet Enterprise.
  6. If you installed open source Puppet, follow the instructions in Configure Puppet settings.
  7. If you are using Puppet 7, verify that the agent and server are at v7.8.0 or later. You can also use any level of Puppet 8.
  8. If you did not purchase Puppet Enterprise Advanced, obtain SCE as a standalone premium module. Complete the form on the Puppet website to receive a call from a Puppet by Perforce sales representative.

    Tip: If you have an active subscription to the Compliance Enforcement Modules (CEM), you are automatically granted access to the sce_linux and sce_windows modules.

  9. Optionally, to help avoid issues during deployment to a production environment, you can install and evaluate SCE in a test environment. For instructions, see Install and evaluate the module in a test environment.