This section of the documentation covers the daily use of WAPT.
All WAPT functionalities are explained in detail for the Administrators, the Users and the Package Deployers.
Managing the WAPT Agent on Windows¶
Deploying the WAPT Agent on Windows¶
Note
To install WAPT on a Windows client, the minimal requirements are:
512Mo Ram;
1 CPU;
300Mo Drive space (without package cache).
Attention
If you install the WAPT Agent on Windows Server 2012r2, it needs these features need to be activated before installing the WAPT Agent:
Two methods are available to deploy the waptagent.exe.
The first method is manual and the procedure MUST be applied on each host.
The second one is automated and relies on a GPO.
Note
The waptagent.exe installer is available at WAPT serveur web home page. The direct download link is for example: https://srvwapt.mydomain.lan/wapt/waptagent.exe.
Warning
If you do not sign the waptagent.exe installer with a commercial Code Signing certificate or a Code Signing certificate issued by the Certificate Authority of your Organization after having generated it, web browsers will show a warning message when downloading the installer.
To remove the warning message, you MUST sign the .exe with a Code Signing certificate that can be verified by a CA bundle stored in the host’s certificate store.
Manually¶
Attention
Manually installing the WAPT Agent requires Local Administrator rights on the computer.
Manually installing the WAPT Agent using a Domain Admin account WILL NOT WORK.
Hint
When to deploy the WAPT Agent manually?
Manual deployment method is efficient in these cases:
Testing WAPT.
Using WAPT in an organization with a small number of computers.
If you do not have a means of mass deployment.
Download the WAPT Agent from your WAPT Server then launch the installer.
Choose the language for the WAPT installer.
Click on OK to go on to the next step.
Accept the licence terms and click on Next to go to next step.
Choose additional configuration tasks (leave the default if not sure).
Settings |
Description |
Default value |
---|---|---|
Install WAPT service |
Adds the WAPT service on the computer. |
Checked |
Launch notification icon upon session opening |
Launches the WAPT Agent in the System tray on startup. |
Not checked |
Disable hiberboot, and increase shutdown GPO timeout (recommended) |
Disables Windows fast startup for stability, increases the timout for the WAPT Exit utility. |
Checked |
Use a random UUID to identify the computer instead of BIOS |
Solves possible BIOS UUID bugs. |
Not checked |
Choose the WAPT repository and the WAPT Server and click on Next to go to next step.
Install the WAPT Agent by clicking on Install.
Wait for the installation of the WAPT Agent to finish, then click on Finish to exit.
The installation of the WAPT Agent is finished. The registration of the host with the WAPT Server is done automatically.
To manage your Organization’s WAPT clients, visit the documentation on using the WAPT Console.
Automatically¶
Important
Technical pre-requisites
Advanced network and system administration knowledge is required to achieve this procedure. A properly configured network will ensure its success.
Hint
When to deploy the WAPT Agent automatically?
The following method is useful in these cases:
A large organization with many computers.
A Samba Active Directory or Microsoft Active Directory for which you have enough administration privileges.
The security and the traceability of actions are important to you or to your Organization.
With the WAPT Deployment utility¶
waptagent.exe is an InnoSetup installer, it can be executed with these silent argument:
waptagent.exe /VERYSILENT
Additional arguments are available for the WAPT Deployment utility.
Options |
Description |
---|---|
|
Domain in |
|
URL of the WAPT Server in |
|
URL of the WAPT repository in |
|
Group of WAPT packages to install by default. |
:code: |
Value of |
|
Certificate bundle for https connections (to be defined by |
|
Certificate bundle for verifying package signatures. |
Hint
The .iss file for the InnoSetup installer is available in C:\Program Files (x86)\wapt\waptsetup\waptsetup.iss
.
You may choose to adapt it to your specific needs. Once modified, you will just have to recreate a waptagent.
To learn more about the options available with InnoSetup, visit this documentation
The WAPT Deployment utility is a small binary that:
Checks the version of the WAPT Agent.
Downloads via https the waptagent.exe installer.
Launches the silent installer with arguments (checked options defined during the compilation of the WAPT Agent).
/VERYSILENT /MERGETASKS= ""useWaptServer""
Updates the WAPT Server with the WAPT Agent status (WAPT version, package status).
Warning
The WAPT Deployment utility MUST be started as Local Administrator, that is why a GPO is a good method to deploy the WAPT Agent.
Download waptdeploy.exe
from your WAPT Server homepage.
With a GPO¶
Create a new group strategy on the Active Directory server (Microsoft Active Directory or Samba-AD).
Add a new strategy with
.
Click on Browse to select the
waptdeploy.exe
.
Copy
waptdeploy.exe
in the destination folder.
Click on Open to import the
waptdeploy.exe
.
Click on Open to confirm the importation of the the WAPT Deployment utility binary.
Hint
It is necessary to provide the checksum of the waptagent.exe
as an argument to the the WAPT Deployment utility GPO.
This will prevent the remote host from executing an erroneous / corrupted waptagent binary.
--hash=checksum WaptAgent --minversion=1.2.3 --wait=15 --waptsetupurl=http://srvwapt.mydomain.lan/wapt/waptagent.exe
Parameters and waptagent.exe checksum to use for the the WAPT Deployment utility GPO are available on the WAPT Server by visiting https://srvwapt.mydomain.lan.
Copy the required parameters into the GPO.
Click on OK to go on to the next step.
Click on OK to go on to the next step.
Apply resulting GPO strategy to the Organization’s Computers OU.
Note
We recommend adding waptdeploy.exe
to the startup and shutdown scripts on the GPO.
Hint
More arguments are available for the WAPT Deployment utility
Options |
Description |
---|---|
|
Forces the installation of waptagent.exe even if alread installed. |
|
Check that the downloaded waptagent.exe setup sha256 hash matches the hash. |
|
Displays the options |
|
Install waptagent.exe if installed version is less than minversion. |
|
If given, it passes the arguments to the /TASKS options of the waptagent installer (default |
|
Location of the repository to get waptagent.exe (default <repo_url>/wapt) |
|
Adds arguments to the command line of waptagent.exe. |
|
Defines the delay for running and pending tasks to complete if waptservice is running before installing. |
|
Explicit location to download setup executable.
It can be a local path (default |
With a scheduled task¶
You may also choose to launch the WAPT Deployment utility using a scheduled task that has been set by GPO.
Hint
This method is particularly effective for deploying WAPT on workstations when the network is neither available on starting up or shutting down.
The method consists of using a GPO to copy locally waptdeploy.exe
and waptagent.exe
and create a scheduled task for installing.
Copy
waptdeploy.exe
andwaptagent.exe
in the netlogon share of your Active Directory Server (\mydomain.lan\netlogon\waptagent.exe
).Create a new group strategy on the Active Directory server (Microsoft Active Directory or Samba-AD).
Add a new strategy with
.Create a new file and copy the WAPT Deployment utility.
Set parameters.
Options |
Value |
---|---|
Action dropdown menu list |
Replace |
Source file(s) field |
|
Destination File field |
|
Suppress errors on individual file actions checkbox |
not checked |
Read-only checkbox |
not checked |
Hidden checkbox |
not checked |
Archive checkbox |
checked |
Create a new GPO and copy the waptagent.exe file.
Set parameters.
Options |
Value |
---|---|
Action dropdown menu list |
Replace |
Source file(s) field |
|
Destination File field |
|
Suppress errors on individual file actions checkbox |
not checked |
Read-only checkbox |
not checked |
Hidden checkbox |
not checked |
Archive checkbox |
checked |
Then go to the Scheduled Task menu with
.Create a new Scheduled Task with
.
Set Action to
Replace
.For When running the task, use the following user account paste S-1-5-18 (system account). You can visit for more information.
Check Run whether user is logged on or not.
Check Run with highest privileges, then go on to the Triggers tab.
Create a new trigger.
Check Daily, select today’s date.
Check Repeat Task every and select 1 hour and for a duration of select 1 day.
Check Stop task if it runs longer than and select 2 hours.
Check that Enabled is checked, and then go to the Actions tab.
Create a new action Start a program for
waptdeploy.exe
.
Options |
Value |
---|---|
Action |
Start a program |
Program / script |
C:\Temp\waptagent.exe |
Add arguments (optional) |
See the next point |
Start in (optional) |
empty |
Hint
It is necessary to provide the checksum of the waptagent.exe
as argument to the WAPT Deployment utility.
This will prevent the remote host from executing an erroneous / corrupted waptagent binary.
--hash=checksum WaptAgent --minversion=1.2.3 --wait=15 --waptsetupurl=http://srvwapt.mydomain.lan/wapt/waptagent.exe
Parameters and the waptagent.exe checksum to use for the the WAPT Deployment utility GPO are available on the WAPT Server by visiting https://srvwapt.mydomain.lan.
Copy the required parameters and change
waptsetupurl
toC:\Temp\waptagent.exe
.--hash=checksum WaptAgent --minversion=1.2.3 --wait=15 --waptsetupurl=C:\Temp\waptagent.exe
Options |
Description |
---|---|
|
Installs waptagent.exe even if not needed |
|
Checks that the downloaded waptagent.exe setup sha256 hash matches the hash. |
|
Displays the options. |
|
Installs waptagent.exe if installed version is less than minversion. |
|
If given, passes this arguments to the /TASKS options of the waptagent installer. Default = installService, installredist2008, autoUpgradePolicy |
|
Defines the location of the repository to get the |
|
Adds arguments to the command line of waptagent.exe. |
|
Defines the maximum allowed time for running and pending tasks to complete if the WAPT service is running before installing. |
|
Defines an explicit location to download setup executable. This can be a local path (default=:file:<repo_url>/waptagent.exe). |
Go on to the Settings tab.
In the Settings tab, only check Run task as soon as possible after a scheduled start is missed.
Hint
To verify that the GPO is working, you can run the gpupdate /force command and verify that the scheduled task is present on the computer by launching Task Scheduler as a Local Administrator.
Updating the WAPT Agent on Windows¶
For each WAPT Server’s upgrade, you will have to upgrade the WAPT Agents.
To do so, you have to generate the WAPT Agent and deploy it.
Manually¶
You can do that manually by following this documentation on installing the WAPT Agent.
Hint
It is the only upgrade solution available for now for macOS and Linux.
Via waptupgrade¶
While you generate the WAPT Agent, package named waptupgrade
is created.
This package is a standard WAPT package designed to upgrade the WAPT Agents on remote hosts.
Hint
For now, waptupgrade
only works for Windows.
Waptupgrade does not upgrade the WAPT Agent if the WAPT Server version and the WAPT Agent version are the same.
Upgrading the WAPT Agents using the waptupgrade
package is a two step process:
First the package copies the
waptsetup.exe
file on the client computer and creates a scheduled task that will run waptsetup.exe with predefined installation flags two minutes after the creation of the scheduled task. At that point the package itself is installed and the inventory on the WAPT Server shows the package installation as OK, with the correct version installed, but the inventory will still show the old version as the WAPT Agent is not yet updated.After two minutes, the scheduled task starts and runs waptsetup.exe with a predefined configuration created in the WAPT Console. This new method keeps the waptsetup.exe signed by Tranquil IT, but the WAPT Agent configuration will come from the WAPT Server. waptsetup.exe shutdowns the local WAPT service, upgrades WAPT locally, and then restarts the WAPT service. The scheduled task is then automatically removed and the WAPT Agent starts sending back its inventory to the WAPT Server. From then on, the inventory on the WAPT Server will show the new version of the WAPT Agent.
It is recommanded to install waptupgrade
on all hosts for the WAPT Agents to update automatically.