Does anyone have experience with Puppet or cfengine like setups for a Windows server environment? Is there such a thing?
I am looking to track configuration file and file security changes over a period of time. I would also like to store configuration information to rapidly deploy servers and applications in a DR situation.
Tripwire is nice, but only provides a snapshot and doesn't store changes over time, as a source-control system would.
At RSA conference, there were several vendors with solutions to meet this need.
I was reasonably impressed with the Shavlik demo, but there were at least two other vendors there.
I'm not actually sure that cfengine provides "revision control". It's wikipedia entry makes no mention of revision control; for that you'd want something like etc-keeper. Instead cfengine offers a policy based system for configuration. Check out this video author's talk about the new version of cfengine, given at google.
Active directory includes some tools similar to puppet, called "Group Policy Objects". It does require you to like AD and doesn't appear to generalize to handle both Windows and Unix systems.
There are a large number of tools available for configuration management on Windows - we use BladeLogic, which has a sort of default version control built in, and is cross-platform. The state of the art is probably Microsoft's own System Center suite.