Installing Chef Client on Windows7: c:\opscode\chef directory created with incorrect permissions

I am trying to install Chef Client MSI package on Windows 7.

The installation script (.bat) integrated with packer.
Basically, packer connects to the VM (after creating it) via SSH and runs the chef.bat script which looks like this:

if not exist "C:\Windows\Temp\chef.msi" (
  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('', 'C:\Windows\Temp\chef.msi')" <NUL
msiexec /qb /i C:\Windows\Temp\chef.msi

While this script works interactively, installing with packer fails.
When I checked the permission after installation, I discovered that c:\opscode\chef is not accessible by the user.

The same SSH username used for 3 cases:

  • while building with packer
  • while connecting via SSH and running the MSI install command
  • While Interactively installing Chef on the VM.

This issue seems to be specific to Windows 7: Windows 8.1 works just fine.

Not sure what it does relate to: Windows, Chef or Packer problem…

Any advise greatly appreciated!

I’m not sure about Windows 7 versus Windows 8.1, but as of Chef 12.7.0 we no longer allow users to write to the installation directory to prevent privilege escalation. A local non-admin user could modify Chef and then later when it runs as an administrator via a service or otherwise their code would get executed.