.. Reminder for header structure:
  Level 1: ====================
  Level 2: --------------------
  Level 3: ++++++++++++++++++++
  Level 4: """"""""""""""""""""
  Level 5: ^^^^^^^^^^^^^^^^^^^^

.. |enterprise_feature| image:: wapt-resources/wapt_enterprise.png
  :scale: 3%
  :alt: WAPT Enterprise feature only

.. _wapt-self-service:

Using WAPT Self-Service |enterprise_feature|
============================================
  
Presentation
------------
  
With WAPT 1.7 **Enterprise** you can now filter the list
of self-service packages available for your users.
  
Your users will be able to install a selection of WAPT packages
without having to be a :term:`Local Administrator` on their desktop.
  
The :term:`Users` gain in autonomy while deploying software and configurations
that are trusted and authorized by the :term:`Organization`.
This is a time saving feature for the Organization's IT support Helpdesk.
  
How does it work?
-----------------
  
With WAPT 1.7 **Enterprise**, a new type of WAPT package exists beside *base*,
*group*, *host*, *profile* and *unit* packages:
they are **self-service** packages.
  
.. figure:: wapt-resources/wapt_console-self-service.png
  :align: center
  :scale: 50%
  :alt: Create a *self-service* package
  
  Create a *self-service* package
  
A *self-service* package may now be deployed on hosts to list the different
self-service rules that apply to the host.
  
How to use the **self-service** feature?
----------------------------------------
  
.. hint::
  
  The **self-service** feature is only available with WAPT **Enterprise**.

In the **Discovery** version, only Local Administrators and members
of the *waptself-service* group can access self-service on the agent.
  
In the **Discovery** version, it is not possible to filter
the packages made accessible to the user.
  
In the console go to the tab :guilabel:`Self-service` rules.
 
You can now create your first *self-service* rule package.
  
 * give a name to your new *self-service* package;
  
 * click on :guilabel:`Add` to add an Active Directory group (at the bottom left);
  
 * name the *self-service* group (with :kbd:`F2` or type directly into the cell);
  
 * drag the allowed software and configuration packages for this *self-service* group into the central column;
  
 * add as many groups as you want in the package;
  
 * save the package and deploy the package on your selection of hosts;
  
 * once the package is deployed, only allowed packages listed in the *self-service* group(s) of which the :term:`User` is a member will be shown to the logged in :term:`User`;
  
.. note::
  
  * if a group appears in multiple *self-service* packages, then the rules are merged;
  
  * the authentication used is system authentication, local users and groups, but if the machine is in a domain then authentication and groups will also work with users and groups in the domain;
  
How to use the self-service on the user station?
------------------------------------------------
  
The self-service is accessible to users in the start menu under the name :guilabel:`Self-Service software WAPT`.
  
It is also available directly in :file:`<base>\\waptself.exe`.
  
The login and password to enter when launching the self-service are the User's credentials (local or Active Directory credentials).
  
The self-service then displays a list of packages available for installation.
  
.. figure:: wapt-resources/waptself.png
  :align: center
  :scale: 50%
  :alt: Self Service
  
  Self Service
  
* the user can have more details on each package with the :guilabel:`+` icon;
  
* different filters are available for the user on the left side panel;
  
* the :guilabel:`Update Catalog` button is used to force a :command:`wapt-get update` on the WAPT agent;
  
* the list of package categories is displayed to the user.
  To add a category to the list, you must specify the category in the *categories* section of the :file:`control` file of the relevant package;
  
* the current task list of the WAPT agent is available with the :guilabel:`task bar` button;
  
* it is possible to change the language of the interface with the :guilabel:`configuration` button at the bottom left.
  
Customizing the Self Service interface
--------------------------------------
  
Adding the Logo of your Organization
++++++++++++++++++++++++++++++++++++
  
In the **Enterprise version only of WAPT**, it is possible to change the logo that appears in the self-service interface and therefore improve the acceptation of the Self Service feature by your users.
  
To do this, simply place the logo you want in :file:`<wapt>\\templates\\waptself-logo.png`
  
.. note::
  
  It is highly recommended to use a :mimetype:`.png` file with a *200 x 150px* resolution.
  
Managing package categories
+++++++++++++++++++++++++++
  
Default categories are:
  
* Internet;
  
* Utilities;
  
* Messaging;
  
* Security;
  
* System and network;
  
* Storage;
  
* Media;
  
* Development;
  
* Office​​;
  
You can create your own categories easily by filling the :file:`control` file's ``categories`` section of any WAPT package and write a new category of your choice, WAPT will automatically show the package in the new category.
  
WAPT Agent Settings for WAPT Self-Service
-----------------------------------------
  
WAPT Agent can be configured to force WAPT self-service packages filtering to Local Administrators :ref:`waptself_ini_file_options`.
  
Configuring a different authentication method for the self-service
------------------------------------------------------------------
  
As mentioned above, authentication on WAPT service is configured by default in system mode.
  
This means that the WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system.
  
This behavior is defined with the value of ``service_auth_type`` in :file:`wapt-get.ini`. The default value is *system*.
  
In this mode we assume that Local Administrators can see all the packages.
To change this behavior, modify the value of ``waptservice_admin_filter`` in :file:`wapt-get.ini`.
  
You may be interested in looking up this article describing the :ref:`settings for WAPT Self-Service and Waptservice Authentification <waptself_ini_file_options>` for more options.
  
Two additional modes are available :
  
* ``waptserver-ldap``: this mode allows authentication to the WAPT server.
  The WAPT server will make a LDAP request to verify authentication and groups.
  **Warning** ! For this to work, you must have configured LDAP authentication on the WAPT server, (the configuration of the admin group will be ignored)
  See :ref:`this article on configuring authentication against Active Directory <configure_ad_auth>` for more information.
  
* ``waptagent-ldap``, This mode allows authentication with an LDAP server
  identified in :file:`wapt-get.ini`. The WAPT agent will make a LDAP request to verify authentication and groups.
  
  You may be interested in looking up this article describing the :ref:`settings for WAPT Self-Service and Waptservice Authentification <waptself_ini_file_options>` for more options.
  
  .. note::
  
    For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your :file:`nsswitch.conf`. The :command:`id username` command must return the list of the groups the user is member of.
  
Video demonstration
-------------------
  
.. raw:: html
  
  <iframe width="560" height="315" src="https://www.youtube.com/embed/-_sm8KBwDOw" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

.. _wapt_usage_advanced:

Using WAPTtray
==============

:program:`wapttray` is a utility working in user context, it is located
in the WAPT folder :file:`C:\\Program Files (x86)\\wapt`.

:program:`wapttray` launches at logon if the option has been ticked
during installation. The icon will show up in the Windows tray toolbar.

We can also launch :program:`wapttray` manually with a startup GPO pointing
on :file:`C:\\Program Files (x86)\\wapt\\wapttray.exe`.

The tray icon is handy for autonomous users that want to choose the right moment
to upgrade their packages.

.. figure:: wapt-resources/wapttray.png
  :align: center
  :alt: WAPTtray in Windows notification tray

  WAPTtray in Windows notification tray

.. raw:: html

  <center><iframe width="560" height="315" src="https://www.youtube.com/embed/9iG36IeHuVc?rel=0&ampshowinfo=0" frameborder="0" allowfullscreen></iframe></center>

Functionalities of the WAPTtray
-------------------------------

.. list-table:: List of functionalities of the WAPTtray
  :header-rows: 1
  :align: center

  * - Action
    - Description
  * - Showing the status of packages
    - launches the local web interface in a browser
  * - Launching the installation of a update
    - launches the installation of pending upgrades
  * - Refreshing the list of available
    - refreshes the list of available packages. Double-clicking on the tray
      icon brings about the same effect.
  * - Launching the WAPT console
    - launches the WAPT console
  * - Viewing the configuration file
    - opens the :file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini` file
      with :term:`Local Administrator` privileges (credentials may be asked)
  * - Reloading network related service configuration
    - reloads the connection to the WAPT Server in the event
      of a network reconfiguration
  * - Uploading the host's inventory to the WAPT Server
    - updates the host's inventory with the WAPT Server
  * - Configuring all installed packages for the User
    - launches a :command:`session-setup` to configure user environment
      for all packages installed on the host
  * - Canceling WAPT tasks running on the host
    - shows running tasks, allows to cancel a running task, allows to cancel
      all running tasks
  * - Stopping and starting the WAPT service
    - stops and reloads the *WAPTservice*
  * - Exiting the WAPTtray
    - closes the tray :guilabel:`icon` without stopping the local *WAPTservice*

.. _waptexit:

Using WAPTExit
==============

:program:`waptexit` allows to upgrade and install WAPT packages
when a host is shutting down, at the user's request, or at a scheduled time.

The mechanism is simple. If packages are waiting to be upgraded,
they'll be installed.

.. hint::

  When to use WAPTexit?

  The WAPTexit method is very effective in most situation because it does
  not require the intervention of the :term:`User` or the :term:`Administrator`.

.. figure:: wapt-resources/waptexit.png
  :align: center
  :alt: WAPTexit window

  WAPTexit window

  WAPTexit

.. raw:: html

  <iframe width="560" height="315" src="https://www.youtube.com/embed/vjFgpxrWESk?rel=0&ampshowinfo=0" frameborder="0" allowfullscreen></iframe>

:program:`waptexit` executes by default on shutdown;
it is installed by default with the WAPT agent.

The behavior of :program:`waptexit` is customizable in
:file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`.

Manually triggering the execution of WAPTexit
---------------------------------------------

By creating a desktop shortcut, one can allow users to launch upgrades
by themselves at a time that is convenient to them simply by clicking
the :guilabel:`WAPTexit` icon.

The behavior of :program:`waptexit` is customizable in
:file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`.

Triggering WAPTexit with a scheduled task
-----------------------------------------

One can deploy a GPO or a WAPT package that will trigger WAPTexit
at a pre-scheduled time.

**Triggering WAPTexit with a scheduled task is best suited for servers
that are not shutdown frequently.**

You may adapt the procedure describing how to deploy the WAPT agent
to :ref:`trigger the WAPTexit.exe script at the time
of your choosing <deploy_waptagent_with_GPO>`.

.. hint::

  You can use the following script for your scheduled task, adapted to your need
  (**Enterprise only**):

  .. code-block:: python

    waptpython -c "from waptenterprise.waptservice.enterprise import start_waptexit
    start_waptexit('',{'only_priorities':False,'only_if_not_process_running':True,
    'install_wua_updates':False,'countdown':300},'schtask')"

.. warning::

  All running software that are upgraded may be killed with possible loss of data.
  WAPTexit may fail to upgrade a software program if a software
  that you are upgrading is in the ``impacted_process`` list
  of the :file:`control` file of one of the software you are trying to upgrade.
  See :ref:`below <impacted_process>` for more information.

  The method of triggering WAPTexit at a scheduled time
  is the least recommended method for desktops. It is better
  to let WAPTexit execute at shutdown or on user request.

Avoiding the cancellation of upgrades
-------------------------------------

To disable the interruption of the installation of updates you can
run :program:`waptexit` with the argument:

.. code-block:: bash

  waptexit.exe -allow_cancel_upgrade = True

Otherwise :program:`waptexit` will take the value indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`:

.. code-block:: ini

   [global]
   allow_cancel_upgrade = False

If this value is not indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt\\wapt-get.ini`,
then the default value will be **10**.

Increase the trigger time in waptexit
-------------------------------------

To specify the wait time before the automatic start of the installations
you can start :program:`waptexit` with the argument:

.. code-block:: bash

  waptexit.exe -waptexit_countdown = 10000

Otherwise :program:`waptexit` will take the value indicated
in the configuration :file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`:

.. code-block:: ini

   [global]
   waptexit_countdown = 25

If this value is not indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt\\wapt-get.ini`,
then the default value will be **1**.

.. _impacted_process:

Do not interrupt user activity
------------------------------

To tell WAPT not to run an :command:`upgrade` of running software
on the machine (*impacted_process* attribute of the package), you can run
:program:`waptexit` with the argument:

.. code-block:: batch

  waptexit.exe -only_if_not_process_running=True

Otherwise :program:`waptexit` will take the value indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`:

.. code-block:: ini

   [global]
   upgrade_only_if_not_process_running = True

If this value is not indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt\\wapt-get.ini`,
then the default value will be **False**.

Launching the installation of packages with a special level of priority
-----------------------------------------------------------------------

To tell WAPT to only upgrade high priority packages,
you can run :program:`waptexit` with the argument:

.. code-block:: batch

  waptexit.exe -priorities = high

Otherwise :program:`waptexit` will take the value indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt-get.ini`:

.. code-block:: ini

   [global]
   upgrade_priorities = high

If this value is not indicated in
:file:`C:\\Program Files (x86)\\wapt\\wapt\\wapt-get.ini`, then the default value
will be **Empty** (no filter on priority).

Customizing WAPTexit
--------------------

|enterprise_feature|

It is possible to customize waptexit by placing the image you want
in :file:`C:\\Program Files (x86)\\wapt\\templates\\waptexit-logo.png`.

Registering/ unregistering WAPTexit
-----------------------------------

To register or unregister :program:`waptexit` in local shutdown group strategy
scripts, use:

* to enable :program:`waptexit` at host shutdown:

.. code-block:: bash

   wapt-get add-upgrade-shutdown

* to disable :program:`waptexit` at host shutdown:

.. code-block:: bash

  wapt-get remove-upgrade-shutdown