Windows inherited permissions are causing all sorts of problems with the installation dir, c:\programdata\puppetlabs
This is due to the inherited permission on c:\programdata which is:
which causes directories under puppetlabs to become readonly / access denied despite you running as administrator.
From the client side this ends up with things like backing up files failing (because clientbucket/1/b/a is readonly or whatever dir) or can't send a report because the last run is now read only.
To work around this I did a:
icacls c:\programdata\puppetlabs /inheritance:d /t
icacls c:\programdata\puppetlabs /remove "NT AUTHORITY\SYSTEM" /t
takeown /r /f c:\programdata\puppetlabs*
now puppet is working fine.
As far as I know these are fresh installs of windows with barely anything on them (but puppet 3.7.5 installed) but I wasn't involved with the installation process; so it's possible something foolish was done on our end to be in this situation; but the behaviour was consistent across 200ish windows nodes.
may be related to the recent activity on
PS: I'm a linux guy not a windows guy so sprinkle some salt all over the place.