Vous trouverez dans cette section de la documentation quelques méthodes inspirantes qui vous feront gagner du temps en vous permettant de tirer le meilleur de votre installation WAPT.
Simplifier le clônage de vos postes de travail¶
On constate que de nombreuses entreprises et administrations intègrent des logiciels et des configurations dans les images Windows qu’elles déploient sur leur parc de machines.
Si vous utilisez WAPT, perdez cette habitude maintenant et pour toujours ! Pourquoi ?
Chaque fois que vous créez une nouvelle image, vous perdez beaucoup de temps à installer un logiciel et à le configurer. Vous êtes très limité dans les paramètres que vous pourrez inclure dans votre image.
Each time you make a new image, if you are serious about it, you will have to keep track of the changes in a text document, a spreadsheet, or a change management tool. It’s a very heavy and thankless burden. And you know as well as I do, what’s ungrateful is usually badly done!
Finally, if you introduce in your image security configurations, network configurations, or configurations to limit the intrusion of Windows telemetry, these configurations can disrupt the normal functioning of WAPT, it will complicate future diagnostics, and it will discourage you from using an efficacious tool very capable of freeing up your time.
Que proposez-vous de faire alors ?¶
Tranquil IT recommande :
To make only one raw image per OS type with MDT or Fog (win10, win2016, etc) without any configuration or software. Put only the system drivers you need for your image deployment in the MDT or Fog directories provided for this purpose;
To configure your WAPT server to register hosts with a random UUID to avoid UUID Bios or FQDN conflicts;
To create as many Organizational Units as you have machine types in the CN=Computers OU (ex: standard_laptop, hardened_laptop, workstations, servers, etc) in your Active Directory;
To configure your Active Directory to distribute the WAPT Agent by GPO to the different Host Organizational Units; This way, you can opt for fine grained configurations of your
waptagent.inifor the hosts attached to each OU.
Note
Vous pouvez également inclure un agent WAPT générique dans votre image de système d’exploitation.
To properly configure your DHCP to redirect the PXE to the correct system images;
To properly configure your MDT or Fog to register the machine in the correct Organizational Unit of your Active Directory;
To create as many WAPT security configuration packages as you have Organizational Units created above. Thus, you will be able to apply different security profiles depending on the type of machine. These packages will include the desired security configurations (telemetry suppression, firewall configuration, etc);
Indication
To save you time, you can base your security configuration strategy on security WAPT packages already available in the WAPT Store, you will only need to complete them according to your Organization’s specific security requirements.
To create in the CN=Computers OU as many Organizational Units as there are types of computer usage in your organization (accounting, point_of_sale, engineering, sedentary_sales, etc).
To create generic WAPT packages of your software applications with their associated configurations.
Note
Pour vous faire gagner du temps et des efforts, vous pouvez importer de nombreux paquets WAPT éprouvés des magasins publics de Tranquil IT ou vous abonner aux magasins privés de Tranquil IT.
You can save even more time and effort if you make a judicious use of OU to model your fleet of computers according on their purpose.
Comment le scénario fonctionne-t-il ?¶
You receive or the IT manager at the remote site receives a new machine in its box.
Indication
Vous pouvez également choisir ou le responsable informatique du site distant choisit de faire passer une machine existante de win7 à win10. Vous aurez, ou il aura préalablement sauvegardé le(s) répertoire(s) de l’utilisateur sur un lecteur réseau ou un autre support de stockage pratique.
For this purpose, you may build a WAPT package that, upon execution, will zip
the C:Users on the win7 computer, name it with the computer’s FQDN,
password protect the compressed file using
this procedure
and upload it to a web server or a network share. That same WAPT package
can do the reverse process and reinstall the user files
after the host has been re-imaged.
You configure MDT or Fog with the machine’s MAC address so that it gets the right system image through DHCP and is positioned in the right Organizational Unit at the end of the cloning process.
The expected system image is downloaded on the machine in masked time, the machine is placed in the right Organizational Unit.
The WAPT agent registers the machine with the WAPT server, it appears in the WAPT console.
Indication
If your machines are from a win7 to win10 update, then you will remove the old win7 machines from the WAPT inventory as they will be duplicated due to your choice of random UUID configuration; these machines will be easy to find in the WAPT console because they will be marked as win7 with the same MAC address or the same FQDN as your new machine in win10; after removing the win7, your inventory will be clean and up to date in your WAPT console.
The WAPT agent detects that it is in an Organizational Unit that requires a particular software set and a particular security configuration.
The WAPT Agent downloads and executes software packages and security configuration packages in hidden time; the WAPT Agent automatically removes delegated rights that are rendered useless after joining the domain to prevent them from being subsequently exploited in an unauthorized manner.
Either by group of machines or machine by machine, you finalize the configuration of the machines by assigning specific WAPT packets to them.
Indication
Si vous le souhaitez, vous pouvez même laisser l’étape finale de configuration à vos utilisateurs en configurant le libre-service WAPT pour eux (configuration des imprimantes, besoins logiciels spéciaux, etc).
Conclusion¶
Avec peu d’efforts, vous avez maintenant le contrôle total d’une flotte de plusieurs centaines, voire milliers de machines dispersées géographiquement. Toutes vos installations sont documentées, vos utilisateurs travaillent avec des droits adéquats et vous bénéficiez d’une visibilité claire sur les outils et les usages de vos utilisateurs. Ainsi, le passé n’est plus un fardeau impondérable pour vous et un obstacle à vos projets futurs.