Welcome to WAPT’s official documentation by Tranquil IT, last compiled on 2022-07-20.

Click here for a PDF version of the complete documentation.

WAPT is a software and configuration deployment tool that may be compared to Microsoft SCCM (now called MECM), Ivanti UIM, IBM Bigfix, Tanium, OPSI, PDQDeploy, or Matrix42. WAPT exists in two flavors, WAPT Discovery and WAPT Enterprise.

Main benefits

For System Administrators:

• Install software and configurations silently.

• Maintain up to date an installed base of software and configurations.

• Configure software at the system and user level to reduce the load on support teams.

• Remove unwanted or out of cycle software and configurations silently.

• Reduce your need for support by your IT teams, whose reaction times are often long because of their workloads.

• Reduce as much as possible the consumption of bandwidth on remote sites to preserve it for productive uses.

For IT Security Officers

• Pilot the software installed base to converge to a security standard acceptable to the organization.

• Prepare your enterprise for the coming GDPR and help your DPO keep his register of data processing, because you two will become close colleagues.

• No longer tolerate hosts operating in Administrator mode.

• No longer tolerate users downloading and running software binaries from their home directory.

• Start applying SRPs, also known as Applocker or WDAC to improve application level IT security.

• Reduce the level of exposure to software vulnerabilities and lateral movement attacks.

• Bring up audit indicators for a better knowledge of the state of installed IT devices and their global security level.

• Be prompt to deploy updates to react to cyber attacks like Wannacry or notPetya.

For End-Users

• Have installed software configured to work well in the context of your Organization and trust that they will work correctly.

• Give Users more autonomy to install software safely and reliably.

• Have better working and more predictable professional systems because of standard software configurations.

Presenting WAPT

• Introduction to WAPT
  • For what purpose is WAPT useful?
  • Security Certification from French Cyberdefense Agency ANSSI
  • The genesis of WAPT
• Fundamental principles
  • Repository principle
  • Replicated repository
  • Packages principle
  • Dependency mechanism
  • Private key / Public certificate principle
• WAPT mode of operation
  • Inventory
  • Information feedback
  • WAPT common interactions
  • WAPT Agent behavior
  • Complete diagram of the WAPT operating mechanism
• WAPT Server architecture
  • Repository role
  • Inventory server role
  • Proxy role
• WAPT language and development environment
  • The strength of Python
  • The power of WAPT
• WAPT Editions and versions history
  • Summary of operating principles in WAPT
  • Current feature list as of 2022-07-20
  • Features coming soon
  • Main functional benefits of the Enterprise version of WAPT
  • Targeted use cases of WAPT Enterprise
  • Description of services available with a WAPT Enterprise contract

Installing WAPT Server

• Checking requirements
  • Installation requirements
  • Tips before installing
• Installing WAPT Server on Debian and Ubuntu
  • Setting up the server
  • Installating the WAPT Server packages
  • Post-configuring
• WAPT Server Postconf script
• Installing on Redhat (and derivatives)
  • Setting up the RedHat based WAPT Server
  • Installing the WAPT Server packages
  • Post-configuring
• Installing on Windows

Basic WAPT configuration

• The WAPT management Console
  • Installing the WAPT Agent on the Administrator’s computer
  • Starting the WAPT Console
• Activating a WAPT licence
  • Removing a WAPT licence
  • License location
  • License error
• Generating the Administrator’s certificate for signing WAPT packages
  • Private key wapt-private.pem
  • Public certificate : wapt-private.crt
  • Generating a certificate to use with WAPT
• Building the WAPT Agent installer
  • Choosing the mode to uniquely identify the WAPT Agents
  • Build
• Initial Configuration

Managing the WAPT Agent

• Managing the Agent on Windows
• Managing the Agent on Linux and MacOS
• Removing the Agent

Managing the WAPT Server

• Switching of WAPT Edition (Community, Discovery, Enterprise)
• Upgrading from version 2.2 to latest
• Upgrading from version 2.0 or 2.1 to 2.2
• Upgrading from version 1.8.2 to 2.2
• Backing up the WAPT Server
  • Linux
  • Windows
• Restoring the WAPT Server
  • Linux
  • Windows

How to use WAPT?

• Using the WAPT Console
• Using the WAPT Console advanced features
• Using WAPT Windows Update Agent (WAPTWUA)
• Synchronizing WAPT inventories to GLPI
• Using the reporting functions in WAPT
• Using WAPT Self-Service
• Using the WAPT System Tray utility
• Using the WAPT Exit utility
• Customizing WAPT for better user acceptance
• Using WAPT with the Command Line
• WAPT Server Postconf script

Advanced WAPT configuration

• Configuring the WAPT Agent with advanced options
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT Console
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT Server
  • Section [options] of waptserver.ini
  • Configuring Nginx
  • Configuring WAPT Server for large deployments
• Configuring WAPT repositories
  • Repository location on the WAPT Server
  • Replicating a repository
  • Multiple repositories
• Enhancing the security of your WAPT setup
  • Configuring the firewall on the WAPT Server
  • Configuring kerberos authentication
  • Activating the verification of the SSL / TLS certificate
  • Configuring user authentication against Active Directory
  • Configuring Client-Side Certificate Authentication
  • Generating the Certificate Authority (CA)
  • Deploying certificates of local IT admins on clients
  • Configuring Access Control Lists

WADS OS deployement

• Simplifying the deployment of your workstations
  • Recommendations
• Deploying your workstations via WADS
  • WADS mode of operation
• Installing and configuring TFTP and DHCP for WADS
  • Installing and configuring a TFTP server
  • Installing and configuring a DHCP server
• Deploying a Windows OS via WADS
  • Deployment process
  • Requirements before starting
  • Adding the WinPE files
  • Adding the Operating System ISO
  • Adding the XML configuration answer file
  • Adding drivers
  • Booting the host to re-image with WADS
  • Deploying the Windows image

Creating WAPT packages

• Creating WAPT packages
  • Setting up your WAPT development and test environment
  • Principles of creating package template from the WAPT Console
  • Presentation of PyScripter
  • Packaging .msi packages (example)
  • Packaging .exe packages (example)
  • Packaging empty packages
  • Building the package and sending it to the WAPT Server
  • Simple examples of commonly used setuphelper functions
  • Manipulating registry keys
  • Creating and destroying shortcuts
  • Windows environment/ Software/ Services
  • Using control file fields
  • Managing a WAPT package with another WAPT package
  • Improving my package
  • Using different IDEs for developing WAPT packages
  • Configuring WAPT to use a custom editor
  • Updating WAPT packages from Python 2 to Python 3
• Package structure detailed
  • The control file
  • The setup.py file
  • The wapt.psproj file
  • The icon.png file
  • The manifest.sha256 file
  • The signature file
  • Other files

Frequent problems and questions

• Frequent problems and questions
  • Resetting the WAPT Linux Server password
  • I lost my WAPT private key
  • My private key has been stolen
  • My BIOS UUID bugs
  • The WAPT Deploy utility does not work
  • Windows does not wait for the network to be running on startup
  • The WAPT Exit utility will not launch
  • The WAPT Exit utility halts after 15 minutes and does not finish the installing the WAPT packages
  • Error message when opening the WAPT Console
  • Problems with registering a host with WAPT
  • Problems when enabling enable-check-certificate
  • Problems when creating a WAPT package
  • Frequent problems caused by Anti-Virus software
  • I have an issue with my proxy - THttpClientSocket.SockRecv(1) read = 0
• Common mistakes
  • How to move my repository to another partition
  • Using a network drive to store and deliver WAPT packages
  • Using the register() function in your audit scripts
  • EWaptBadControl: ‘utf8’ codec can not decode byte
  • I have a lot more hosts in the WAPT Console than I have host packages on my Server?
• Installing the WAPT Server with Ansible
  • Requirements
  • Installing the Ansible role
  • Using the Ansible role
  • Deploying the Linux WAPT Agent with Ansible
• Using the WAPT Server APIs
  • API V1
  • API V2
  • API V3

Appendix

• Contacting Tranquil IT
• Glossary
• Presentation of the security principles in WAPT
• (For software editors) Applying best practices to packaging software
• WAPT release Strategy
• Security bulletin
• Changelog
• WAPT End user License Agreement
• External component licenses used in WAPT