Prepare to install the module
To help ensure the successful deployment of SCE, complete the preparation steps.
- Review the following table to ensure that SCE
can meet your organization’s requirements.
sce_windows
supports the following operating systems and Center for Internet Security (CIS) Benchmarks:Operating system Framework Profile Windows Server 2022 CIS Benchmarks v2.0.0 Member Server, Level 1 Windows Server 2019 CIS Benchmarks v2.0.0 Member Server, Level 1 Windows Server 2016 CIS Benchmarks v2.0.0 Member Server, Level 1 Windows 10 Enterprise CIS Benchmarks v2.0.0 Corporate Enterprise, Level 1 Restriction: The
domain_controller
profile is not supported for any CIS controls.Tip: SCE uses Desired State Configuration (DSC) modules and the
validation_mode
parameter to ensure that resources do not remain in a "flapping" state. For more information, see securitypolicydsc. - To manage nodes with Puppet Enterprise (PE), purchase PE, Puppet Enterprise suite, or Puppet Enterprise Advanced. You can install any version in the 2021.7 or 2023 release stream. For instructions, see Installing.
- To manage nodes with open source Puppet, install Puppet 7 or 8. For instructions, see Install Puppet.
- Review the dependencies to ensure that your infrastructure will meet the
requirements. Go to Puppet Forge and review the Dependencies tab.
Important: SCE for Windows v2.0.0 supports the latest versions of its Puppet module dependencies. For details, see the Release notes for Windows. To help avoid operational issues, do not use earlier versions of Puppet modules.
- If you installed PE, follow the instructions in Configuring Puppet Enterprise.
- If you installed open source Puppet, follow the instructions in Configure Puppet settings.
- If you are using Puppet 7, verify that the agent and server are at v7.8.0 or later. You can also use any level of Puppet 8.
- If you did not purchase Puppet Enterprise Advanced, obtain SCE as a standalone premium module. Complete the form on the Puppet website to receive a call from a Puppet by Perforce sales representative.
Tip: If you have an active subscription to the Compliance Enforcement Modules (CEM), you are automatically granted access to the sce_linux and sce_windows modules.
- Optionally, to help avoid issues during deployment to a production environment, you can install and evaluate SCE in a test environment. For instructions, see Install and evaluate the module in a test environment.