Creating installation scripts with Chocolatey on Windows: a complete guide

If you come from Linux or macOS will sound familiar to you the idea of ​​installing software from the terminalBut Windows There are still people who look at writing strangely. commands. The reality is that when you seek to automate, standardize, and accelerate deployments, Chocolatey becomes your best ally to create installation scripts without “Next, Next, Finish” clicks.

In this practical guide you will learn how to create installation scripts with Chocolatey: what it is, how to install it safely, key commands, how to structure your PowerShell scripts, how to use packages.config, security guidelines, how to schedule automatic updates, and some Tricks productivity so that each new team is ready in minutes.

What is Chocolatey and why it makes your scripting life easier

Chocolatey is a package manager for Windows inspired by apt, dnf or pacman, with a large community-maintained repository and official tools. Its approach: to install, update, and uninstall software from the command line in a consistent, repeatable manner, without the additional crapware that often sneaks into graphical installers.

Chocolatey's public catalog far exceeds several thousand unique packages, moderated and verified by the community. Many packages don't contain the final binary, but rather scripts that download from the vendor's official website and run silent installations with appropriate parameters to avoid adware or unwanted components.

The great advantage to automate is that you can chain installations with a simple script (PowerShell or cmd), define global confirmation options, capture logs and reproduce the same environment on new computers or Virtual machines in a matter of minutes.

In addition to installation, Chocolatey allows you to update all your software. with a single command and schedule that update in Task Scheduler to forget about annoying “a new version is available” notifications.

Safe Installation of Chocolatey: Commands and Important Nuances

Chocolatey installation is very fast if you run PowerShell as Administrator. (Find it in the Start menu, right-click, and select “Run as administrator.”) It’s a good idea to adjust the execution policy only for the process session, not at the system level.

Recommended command in PowerShell (elevated session) To configure modern TLS protocols and run the installer in a way that is limited to the current process:

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

There is also a variant from traditional cmd which you'll see in many tutorials; if you use it, make sure you open cmd with administrator privileges to avoid permission issues and ensure your PATH variable is updated correctly:

@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Details to be considered: If you don't run as administrator, the scope will be user-wide and you may encounter errors on installations that require elevation. Chocolatey logs everything in C:\ProgramData\chocolatey\logs\chocolatey.log, so you have complete traceability of what happens.

About Set-ExecutionPolicy: It is preferable to use Bypass with Scope Process (as above) to avoid touching the global directive. Some older tutorials ask for Unrestricted o AllSigned; if you use AllSigned, you will need to sign your own scripts or confirm valid signatures on each run.

Security: Packet moderation, [Approved] and script verification

Chocolatey applies manual and automated package moderation. from the community repository. Many entries appear with the tag [Approved], which indicates that they have passed quality and security controls; some packages may also be digitally signed.

Still, basic good practices: Inspect the contents before installing if you are concerned about security (e.g. with choco install -dv for details), review the package page, and if you manage critical environments, consider internal repositories or enterprise licenses.

Why does the installer use chocolateyinstall.ps1? The script install.ps1 that downloads from the official website it is a “bootstrapper” that Download the Chocolatey nupkg package and run its chocolateyinstall.ps1It's normal for them to be mismatched: one is the launcher and the other is the package installation script. This difference isn't a problem; it's the NuGet/Chocolatey architecture at work.

Real security advantages: Avoiding crapware, centralizing downloads to verifiable sources, automating without deceptive clicks, and maintaining up-to-date versions reduces the attack surface and risks from outdated software.

Essential commands for your scripts: install, search, list, update, and uninstall

Install a package it is as simple as:

choco install nombre_paquete -y

The -y modifier forces confirmation so your scripts don't wait for interaction. If you prefer, you can enable it globally:

choco feature enable -n allowGlobalConfirmation

Typical examples that you will see in guides: install Skype with choco install skype, CMDER with choco install cmder -y or VLC with choco install vlc -yYou can search for packages with:

choco search <termino>

When you search you will see packages with variants: For example, 7zip.install install the application with classic interface, while 7zip It can simply be the “headless” command line version. Choose the variant .install whenever you want the GUI.

List what you have installed helps you quickly audit your equipment:

choco list --local-only

Check for outdated versions it is as simple as:

choco outdated

Update specific or all packages in batch is very convenient for scheduled scripts:

choco upgrade <paquete> -y
choco upgrade all -y

Uninstalling is also straightforward, and you can include dependencies if applicable:

choco uninstall <paquete> -y --remove-dependencies

Create your first PowerShell installation script (reusable template)

The most practical way to automate is to create a script in PowerShell that validates permissions, configures the execution policy for the session, installs Chocolatey if it's missing, and then deploys your favorite apps in a chain.

Sample template that you can adapt to your software list and internal policies:

# Comprobar privilegios de administrador
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { Write-Host 'Este script requiere privilegios de Administrador. Vuelve a ejecutarlo elevado.'; exit 1 }

# Política de ejecución solo para este proceso y TLS 1.2
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072

# Instalar Chocolatey si no existe
if (-not (Get-Command choco -ErrorAction SilentlyContinue)) { iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) }

# Confirmación global para evitar prompts
choco feature enable -n allowGlobalConfirmation

# Instalar aplicaciones (modifica a tu gusto)
choco install google-chrome-x64 -y; choco install visualstudiocode -y; choco install vscode-powershell -y; choco install docker-desktop -y; choco install 7zip.install -y; choco install vlc -y; choco install git -y

# Limpiezas opcionales (ejemplo: accesos directos del Escritorio)
# Get-ChildItem -Path "$env:Public\Desktop\*.lnk" -ErrorAction SilentlyContinue | Remove-Item -Force

# Mostrar resumen local
choco list --local-only

Council: Separate “must-have” packages from “optional” ones into two distinct blocks or scripts, so you can have a minimal base and an additional layer for specific profiles (development, design, video editing, etc.).

If you already had versions installed manually, uninstall them before running your script to avoid conflicts, especially on older Windows installations; clean installs of Windows 10/11 often offer a smoother experience.

Automate with packages.config: Batch install without touching the script

In addition to PowerShell, Chocolatey allows you to define a packages.config (NuGet-style) with the packages you want and their versions. This is useful for shared team lists or Git-controlled repos.

Minimal packages.config example (save it in the same folder from which you will run choco):

<?xml version='1.0'?>
<packages>
  <package id='google-chrome-x64' />
  <package id='visualstudiocode' />
  <package id='7zip.install' />
  <package id='vlc' />
  <package id='git' />
</packages>

To install everything defined In that file, run:

choco install packages.config -y

Advantages: Declarative maintenance of the software list, file version control, and ease of reviewing changes on audited equipment.

Schedule automatic updates with Task Scheduler

Keeping your software up to date without intrusive notifications is as simple as programming. an action that executes choco upgrade all -y when you log in or at a specific time.

Step by step summary: Open “Task Scheduler”, create a task, check “Run with highest privileges”, choose the trigger (for example, At logon) and in Actions put “Program or script” as choco and in “Add arguments” write upgrade all -y.

If you prefer it managed by script, you can create the task from PowerShell with Register-ScheduledTask, useful when preparing corporate images or large-scale deployments.

Remember that Chocolatey's log This will help you confirm that the updates have gone well: C:\ProgramData\chocolatey\logs\chocolatey.log.

Practical examples of use: from zero to ready environment

Base installation for office automation and multimedia: browser, compressor, video player and PDF in a few seconds with a single compound command.

choco install google-chrome-x64 7zip.install vlc sumatrapdf.install -y

Lightweight development environment: VS Code, Git, and PowerShell tools, with aliases and extensions ready after the first Boot.

choco install visualstudiocode vscode-powershell git -y

Search and fine selection: If you are unsure of the exact name, try choco search cmder o choco search adobe to see variants and which ones are [Approved].

choco search mpv
choco install mpv.install -y

Updates and maintenance: Check at a glance if anything is out of date and jump right in to update everything with a single command in your nightly scripts.

choco outdated
choco upgrade all -y

With a solid foundation of commands, good security practices, and one or two well-designed scriptsWith this, you'll be able to deploy devices in minutes, keep them up-to-date, avoid crapware, and have complete traceability of what's installed and updated, all with a cleaner flow than traditional installers and without relying on manual clicks.