Using WAPT Self-Service

Presentation

With WAPT your users can have a selfservice for software installation.

It’s different in the Discovery and Enterprise versions.

Functionality

Discovery

Enterprise

Access to self-service

Feature available

Feature available

Deploying self-service packages

Feature available

Feature available

Filtering self-service packages

Feature not available

Feature available

Management tab

Feature not available

Feature available

Working principle

The Users gain in autonomy while deploying software and configurations that are trusted and authorized by the Organization. This is a time saving feature for the Organization’s IT support Helpdesk.

Discovery

Only Local Administrators and members of the waptselfservice group can access self-service on the hosts.

Attention

These users have acces to all packages in your repository.

Enterprise

You can filter the list of self-service packages available for your users.

A self-service package may be deployed on hosts to list the different self-service rules that apply to the host.

The self-service packages are based on user groups.

Your users will be able to install a selection of WAPT packages without having to be a Local Administrator.

Using the self-service feature

Configuration

Discovery

On Discovery create a waptselfservice security group on your Active Directory and add your users.

Note

ALL users in the waptselfservice security group and ALL Local Administrators will have access to ALL WAPT packages in the repository.

It is not possible to filter the WAPT packages made accessible to the users in Discovery mode.

Enterprise

In the WAPT Console go to the WAPT Packages tab and select the Self-service rules menu item.

Menu list for creating WAPT packages

You can now create your self-service rules package.

Create a *self-service* package
  1. Give a name to the self-service package.

  2. Give a Description.

  3. Click on the Add button to add the group (at the bottom left).

  4. Name the self-service group (with F2 or type directly into the cell).

  5. Select Maturity self-service package

  6. Select the target OS for which the self-service package is designed.

  7. Drag and drop the allowed software and configuration packages for this self-service group into the central panel.

  8. Add as many groups as needed to be included to the WAPT self-service package.

  9. Save the WAPT package and deploy on the selected hosts.

Note

  • The name of the self-service package MUST be the same as the name of the Active Directory user security group to which the self-service rules will apply..

  • If a group appears in multiple self-service packages, then the rules are merged.

  • The authentication used is system authentication by default, it is possible to authenticate with Active Directory.

  • Once the self-service package is deployed, only allowed WAPT packages listed in the self-service group(s) of which the User is a member will be shown to the logged in User.

Using WAPT Self-Service

WAPT Self-service is accessible in the Windows start menu under the name Self-Service software WAPT.

Starting the WAPT Self-Service from the Windows Start Menu

It is also available directly in the WAPT directory <base>\waptself.exe.

Note

The login and password to enter when launching the self-service are the User’s credentials (local or Active Directory credentials).

The WAPT Self-service then displays a list of packages available for installation.

Main window of the WAPT Self-service

Main window of the WAPT Self-service

  • The user can have more details on each WAPT package by clicking the + button.

Info panel in the WAPT Self-service window
  • Different filters are available for the user on the left side panel.

Filter panel in the WAPT Self-service window
  • The Update Catalog button is used to force a wapt-get update on the WAPT Agent;

  • The current task list of the WAPT Agent is available by clicking the task bar button;

Dialog box showing the status of WAPT tasks in WAPT Self-service
  • It is possible to change the language of the interface with the button at the bottom left.

Dialog box for selecting the locale in WAPT Self-service

Default package categories available

By default, WAPT manage these categories of packages:

  • Internet;

  • Utilities;

  • Messaging;

  • Security;

  • System and network;

  • Storage;

  • Media;

  • Development;

  • Office;

  • Education.

It is possible to add other categories to the WAPT packages that you design.

WAPT Agent settings for WAPT Self-Service

WAPT Agent can be configured to allow WAPT self-service.

Configuring a different authentication method for the self-service

By default, authentication on WAPT service is configured in system mode.

This behavior is defined with the value of service_auth_type in wapt-get.ini:

Value

Description

system Default value

WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system.

waptserver-ldap

This mode allows authentication to the WAPT Server. The WAPT Server will make a LDAP request to verify authentication and groups. For this to work, you MUST have configured LDAP authentication on the WAPT Server.

waptagent-ldap

This mode allows authentication with an LDAP server identified in wapt-get.ini. The WAPT Agent will make a LDAP request to verify authentication and groups. For this to work, you MUST have configured LDAP authentication on the WAPT Server.

You may be interested in looking up this article describing the settings for WAPT Self-Service and the WAPT service Authentification for more options.

Note

For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your nsswitch.conf. The id username command MUST return the list of the groups the user is member of.

Warning

In system mode we assume that Local Administrators can see all the WAPT packages. To change this behavior see the next point.

Configuring the authentification for Administrator

By default WAPT Self-Service uses the system authentification.

In this mode, the Local Administrators can see all the packages of WAPT Server repository.

If you do not want this behavior there are 2 possibilities:

  • Block the view of all packages for Local Administrators.

  • All packages are only visible for a specific user group.

Block Local Administrator on self-service

To block all packages from being displayed to Local Administrators you have to add the parameter waptservice_admin_filter in wapt-get.ini.

Value

True

False

waptservice_admin_filter

Enable selfservice package view filtering for Local Administrators.

Disable selfservice package view filtering for Local Administrators.

User group self-service Administrator

It is possible to use a special user group to define a list of administrators in the Self-Service.

Create a user security group named waptselfservice and add members.

All members of this group can view all packages on the WAPT Self-Service.

With waptservice_admin_filter parameter, you have secured the administrator acces of WAPT Self-Service.

Video demonstration

Using the WAPT System Tray utility

The WAPT System Tray utility is a systray program working in user context.

The WAPT System Tray utility launches at logon if the option has been ticked during WAPT Agent installation. The icon will show up in the Windows tray toolbar.

One can also launch the WAPT System Tray utility manually on C:\Program Files (x86)\wapt\wapttray.exe.

Functionalities of the WAPT System Tray utility

The WAPT System Tray utility in Windows notification tray
List of functionalities of the WAPT System Tray utility

Action

Description

View software status

Launches the local web interface in a web browser.

Update software inventory

Refreshes the list of available WAPT packages. Double-clicking on the tray icon brings about the same effect.

Install updates

Launches the installation of pending upgrades.

Run WAPT Self-service

Launches the WAPT Self-Service.

Run WAPT Console

Launches the WAPT Console.

Configuration

See following table for detailed list of options.

Configuring all installed packages for your own session

Launches a session-setup to configure user environment for all packages installed on the host.

View tasks

Display the task list on the local web interface in the web browser.

Cancel current task

Cancel a running task on WAPT Agent.

Cancel all current tasks

Cancel all running tasks on WAPT Agent.

WAPT service running

Stops and reloads the WAPT service.

Quit

Closes the tray icon without stopping the local WAPT service.

Video demonstration

Using the WAPT Exit utility

The WAPT Exit utility allows to upgrade and install WAPT packages when a host is shutting down, at the user’s request, or at a scheduled time.

The mechanism is simple. If WAPT packages are waiting to be upgraded, they will be installed.

Hint

The WAPT Exit method is very effective in most situation because it does not require the intervention of the User or the Administrator.

Main window of the WAPT Exit utility

The WAPT Exit utility executes by default on shutdown, it is installed with the WAPT Agent.

The behavior of the WAPT Exit utility is customizable in wapt-get.ini of the WAPT Agent.

Warning

If a WAPT task is running, the shutdown of the host is suspended until the task has completed or timed-out.

Manually triggering the execution of the WAPT Exit utility

The WAPT Exit utility can be manually executed by running C:\Program Files (x86)\wapt\waptexit.exe.

Triggering the WAPT Exit utility with a scheduled task WAPT Enterprise feature only

One can deploy a GPO or a WAPT package that will trigger the WAPT Exit utility at a pre-scheduled time.

Hint

Triggering the WAPT Exit utility with a scheduled task is best suited for servers that are not shutdown frequently.

You may adapt the procedure describing how to deploy the WAPT Agent to trigger the WAPT Exit utility script at the most appropriate time.

Hint

You can use the following script for your scheduled task, adapted to your need:

waptpython -c "from waptservice.enterprise import start_waptexit start_waptexit('',{'only_priorities':False,'only_if_not_process_running':True, 'install_wua_updates':False,'countdown':300},'schtask')"

Warning

  • All running software that are upgraded may be killed with possible loss of data.

  • The WAPT Exit utility may fail to upgrade a software program if a software that you are upgrading is in the impacted_process list of the control file. See below for more information.

  • The method of triggering the WAPT Exit utility at a scheduled time is the least recommended method for desktops. It is better to let the WAPT Exit utility execute at shutdown or on user request.

The WAPT Exit utility settings in wapt-get.ini

It is possible to modify the behavior of the WAPT Exit utility in the wapt-get.ini.

It is also possible to modify the behavior of the WAPT Exit utility directly from the command line, see the next points.

The WAPT Exit utility options with the command line

Avoiding the cancellation of upgrades

To disable the interruption of the installation of updates you can run the WAPT Exit utility with the argument:

waptexit.exe -allow_cancel_upgrade = True

Increasing the trigger time in the WAPT Exit utility

To specify the wait time before the automatic start of the installations you can start the WAPT Exit utility with the argument:

waptexit.exe -waptexit_countdown = 10000

Avoiding to interrupt user activity

To tell WAPT not to run an upgrade of software titles currently running on the host (impacted_process attribute of the WAPT package), the WAPT Exit utility may be run with the argument -only_if_not_process_running.

waptexit.exe -only_if_not_process_running = True

If not specified, the WAPT Exit utility will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini.

Launching the installation of WAPT packages with a special level of priority

To tell WAPT to only upgrade WAPT packages with a specific priority, you can run the WAPT Exit utility with the argument -priorities.

waptexit.exe -priorities = high

Registering/ unregistering the WAPT Exit utility

To register or unregister the WAPT Exit utility in local shutdown group strategy scripts, use:

  • to enable the WAPT Exit utility at host shutdown:

wapt-get add-upgrade-shutdown
  • to disable the WAPT Exit utility at host shutdown:

wapt-get remove-upgrade-shutdown

Video demonstration

Customizing WAPT for better user acceptance WAPT Enterprise feature only

It is possible to customize WAPT with your company colors to improve user acceptance.

3 components of WAPT are customizable:

  • the WAPT Exit utility;

  • the WAPT Self-Service;

  • the WAPT Message utility.

It’s possible to use the same logo for all programs.

Place the image in <wapt_folder>\templates.

The logo MUST be named wapt-logo.png

The recommended size of the logo is 200X55 and the format .png

For a different logo per program, see next points.

The WAPT Exit utility

It is possible to customize the WAPT Exit utility by placing the image you want in <wapt_folder>\templates

The logo MUST be named waptexit-logo.png

The recommended size of the logo is 200X55 px and the format .png

If it is not defined, WAPT uses wapt-logo.png. If it does not exist, use a default WAPT logo.

WAPT Self-Service

It is possible to customize the WAPT Exit utility by placing the image you want in <wapt_folder>\templates

The logo MUST be named waptself-logo.png

The recommended size of the logo is 200X55 px and the format .png

If it is not defined, WAPT uses in order waptexit-logo.png, waptself-logo.png and finally the default WAPT logo.

WAPT Message

It is possible to customize the WAPT Exit utility by placing the image you want in <wapt_folder>\templates

The logo MUST be named waptmessage-logo.png

The recommended size of the logo is 200X55 px and the format .png

If it is not defined, WAPT uses in order waptexit-logo.png, waptself-logo.png and finally the default WAPT logo.