The software deployment solution Chocolatey allows you to install the 5,800 packages from the online repository. Yet you can also deploy internalized packages from your own offline repository using your PowerShell console.

While people frequently use Chocolatey for personal devices, it is also an excellent tool to use for managing software for organizations. One of the great components of Chocolatey is the community software repository, which has over 5,800 unique Windows packages at the moment. For personal use, it is not a terrible idea to install packages from here directly. However, an organization needs to use Chocolatey more in an offline fashion, without depending on the internet to manage their software.

Many tasks in the article take information directly from Chocolatey's guide.

We will go through a few main steps:

  • Setting up an internal repository with Chocolatey Server
  • Configuring Chocolatey clients
  • Internalizing community packages

Setting up an internal repository with Chocolatey Server ^

Chocolatey actually maintains a package that installs and configures an IIS web server. This services packages internally named "Chocolatey Server" or "Chocolatey Simple Server." Personally, this is a great option for getting a repository up and running quickly. While you can install Chocolatey Server via Chocolatey itself, I prefer to do so via Puppet or another configuration management solution. In this article I will do this via Chocolatey for the sake of simplicity.

On the server you would like Chocolatey Server to run on, you have to execute this:

Chocolatey will add the IIS feature, create a site, and do some additional configuring to get it ready to be a feed. It won't do all of the tasks you probably need though. So I recommend you do these tasks as well:

  • Change the ApiKey in web.config
  • Set up basic authentication to restrict access to the IIS site
  • Install an SSL certificate

After completing this, you have your own Chocolatey package feed that you can start populating with packages.

Configuring Chocolatey clients ^

To install the Chocolatey client software, we usually point to Chocolatey itself, which downloads the install script. Since we have Chocolatey Server set up (hostname choco-1), we can actually just point our clients there from PowerShell:

Now that we've installed Chocolatey, there is some additional configuring to do for organizational use. I will illustrate a few examples here.

First, let's remove the Chocolatey community feed as a source. Organizations should never have clients install packages from the community repository:

Next, let's add our internal repository as a source:

For a licensed version of Chocolatey, you'll have to install your license. You can follow the guide here. It's mainly a matter of installing the license file and the package:

To reduce the size of Chocolatey packages after installation, we can also configure this:

You probably want to set your Chocolatey clients to use virus scanning at runtime (VirusTotal or whichever antivirus software you use). Here I will configure my clients to use VirusTotal:

If you want to configure the minimum positive results of a VirusTotal scan, you can set it here as well. Here I set my client to halt execution of any packages that return one vendor deeming the package as malware.

Internalizing community packages ^

As I noted above, the Chocolatey community repository has over 5,800 Windows packages available. Organizations will likely want to use these existing packages for their own purposes, and can certainly do so. Licensed versions of Chocolatey offer the ability to internalize community packages automatically for private use. This downloads any installers from their internet distribution points and embeds them into the packages. After this, clients won't be reaching to the internet for any installers or resources.

Here, I internalize Google Chrome from the community repository:

Internalize Google Chrome

Internalize Google Chrome

Notice Chocolatey also attempts to internalize any dependencies of the package as well, in this case the chocolatey-core.extension.

You can also internalize multiple packages at once. For instance, if I want to internalize Chrome, Java, and FileZilla, I can do so with this command:

This will create the Chocolatey packages and allow you to push them to your internal Chocolatey Server with choco push:

Conclusion ^

While there are certainly other tasks organizations may execute for using Chocolatey internally, these show that setting up Chocolatey is not very difficult. Chocolatey is extremely agile with many great features. The open source version of Chocolatey is perfectly suitable for organizational use. However, licensed versions provide additional features that help further automate package management tasks such as creating and internalizing software.

Join the 4sysops PowerShell group!

Your question was not answered? Ask in the forum!

4+

Users who have LIKED this post:

  • avatar
  • avatar
Share
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account