Welcome to WAPT’s official documentation by Tranquil IT, last compiled on 2021-11-30.

Click here for a PDF version of the complete documentation.

WAPT is a software and configuration deployment tool that may be compared to Microsoft SCCM (now called MECM), Ivanti UIM, IBM Bigfix, Tanium, OPSI, PDQDeploy, or Matrix42.

WAPT exists in two flavors, WAPT Discovery and WAPT Enterprise.

Main benefits

For System Administrators:

• Install software and configurations silently.

• Maintain up to date an installed base of software and configurations.

• Configure software at the system and user level to reduce the load on support teams.

• Remove unwanted or out of cycle software and configurations silently.

• Reduce your need for support by your IT teams, whose reaction times are often long because of their workloads.

• Reduce as much as possible the consumption of bandwidth on remote sites to preserve it for productive uses.

For IT Security Officers

• Pilot the software installed base to converge to a security standard acceptable to the organization.

• Prepare your enterprise for the coming GDPR and help your DPO keep his register of data processing, because you two will become close colleagues.

• No longer tolerate machines operating in Administrator mode.

• No longer tolerate users downloading and running software binaries from their home directory.

• Start applying SRPs, also known as Applocker or WDAC to improve application level IT security.

• Reduce the level of exposure to software vulnerabilities and lateral movement attacks.

• Bring up audit indicators for a better knowledge of the state of installed IT devices and their global security level.

• Be prompt to deploy updates to react to cyber attacks like Wannacry or notPetya.

For End-Users

• Have installed software configured to work well in the context of your Organization and trust that they will work correctly.

• Give Users more autonomy to install software safely and reliably.

• Have better working and more predictable professional systems because of standard software configurations.

Presenting WAPT

• Introduction to WAPT
  • For what purpose is WAPT useful?
  • Security Certification from French Cyberdefense Agency ANSSI
  • The genesis of WAPT
• Fundamental principles
  • Repository principle
  • Replicated repository
  • Packages principle
  • Dependency mechanism
  • Private key / Public certificate principle
• WAPT mode of operation
  • Inventory
  • Information feedback
  • WAPT common interactions
  • WAPT agent behavior
  • Complete diagram of the WAPT operating mechanism
• WAPT Server architecture
  • Repository role
  • Inventory server role
  • Proxy role
• WAPT language and development environment
  • The strength of Python
  • The power of WAPT
• Comparing features between the WAPT versions
  • Summary of operating principles in WAPT
  • Current feature list as of 2021-11-30
  • Features coming soon
  • Main functional benefits of the Enterprise version of WAPT
  • Targeted use cases of WAPT Enterprise
  • Description of services available with a WAPT Enterprise contract

Installing WAPT

• Installation requirements
  • Hardware recommendations
  • Software recommendations
• Tips before installing
  • Configuring the Organization’s DNS for WAPT
  • Configuring DNS entries in Microsoft RSAT.
• Installing WAPT Server on Debian
  • Setting up the GNU/Linux Debian server
  • Configuring DEB repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on Ubuntu
  • Setting up the GNU/Linux Ubuntu server
  • Configuring DEB repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on CentOS7
  • Setting up the CentOS / RedHat server
  • Configuring RPM repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on Windows
  • Discovery
  • Enterprise

Basic WAPT configuration

• The WAPT management console
  • If the WAPT Server is installed on a Windows host
  • If the WAPT Server is installed on a Linux host
  • Installing on the Administrator’s computer
  • Starting the WAPT console
• License activation
  • Activating licence
  • Removing licence
  • License location
  • License error
• Generating the Administrator’s certificate for signing WAPT packages
  • Private key wapt-private.pem
  • Public certificate : wapt-private.crt
  • Building a certificate
• Building the WAPT agent installer
  • Choosing the mode to uniquely identify the WAPT agents
  • Discovery
  • Enterprise

Advanced WAPT configuration

• Configuring the WAPT agent with advanced options
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT console
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT Server
  • Section [option] of waptserver.ini
  • Configuring Nginx
  • Configuring WAPT Server for large deployments
• Configuring WAPT repositories
  • Repository location on server
  • Replicating a repository
  • Multiple repositories
• Enhancing the security of your WAPT setup
  • Configuring the firewall on the WAPT Server
  • Configuring kerberos authentication
  • Activating the verification of the SSL / TLS certificate
  • Configuring user authentication against Active Directory
  • Configuring Client-Side Certificate Authentication
  • Generating the Certificate Authority (CA)
  • Deploying certificates of local IT admins on clients
  • Configuring Access Control Lists

Upgrading WAPT server

• Upgrade Community to Enterprise
• Upgrade Discovery to Enterprise
• Minor WAPT server update
  • Debian
  • Ubuntu
  • Centos / RedHat
  • Windows
• Upgrading WAPT on a from 2.0 to 2.1
  • Debian
  • Ubuntu
  • CentOS / RedHat
  • Windows
• Upgrading WAPT on a from 1.8.2 to 2.1
• Upgrading WAPT on a from 1.8.2 to 2.0
  • Debian
  • Ubuntu
  • CentOS / RedHat
  • Windows
• Upgrading WAPT on a from 1.6/1.7 to 1.8
  • Debian
  • CentOS
  • Windows
• Upgrading WAPT from versions older than 1.6

Backing up the WAPT Server

• Backing up the WAPT Server
  • Linux
  • Windows
• Restoring the WAPT Server
  • Linux
  • Windows

Uninstalling the WAPT agent

• Uninstalling the WAPT agent from clients
  • Windows
  • Linux
  • MacOS

How to use WAPT?

• Deploying the WAPT agent
  • Windows
  • Linux
  • MacOS
• Updating the WAPT agents
  • Manually
  • Via waptupgrade
• Using the WAPT console
  • Add package for the host
  • Check updates for the host
  • Apply updates for the host
  • Performing a global search on all hosts
  • Showing the inventory
  • How to perform actions on the hosts?
  • Importing packages from external repository
  • Importing packages from local file
  • Managing packages on repository
• Using the WAPT console advanced
  • Using profile bundles in WAPT
  • Using Organizational Unit packages in WAPT
  • Using WAPT Windows Update Agent (WAPTWUA)
  • Using the reporting functions in WAPT
  • Connecting to the WAPT database using a PostgreSQL client
  • Synchronizing WAPT inventories to GLPI
  • Adding plugins in the Console
  • Re-signing all host packages from the WAPT console
• Using WAPT Self-Service
  • Presentation
  • Working principle
  • Using self-service feature
  • Using Self-Service application
  • WAPT Agent Settings for WAPT Self-Service
  • Video demonstration
• Using WAPTtray
  • Functionalities of the WAPTtray
• Using WAPTExit
  • Manually triggering the execution of WAPTexit
  • Triggering WAPTexit with a scheduled task
  • Avoiding the cancellation of upgrades
  • Increase the trigger time in waptexit
  • Do not interrupt user activity
  • Launching the installation of packages with a special level of priority
  • Customizing WAPTexit
  • Registering/ unregistering WAPTexit
  • Customizing your WAPT
• Using WAPT with the Command Line
  • Using the more common functions in WAPT with the command line
  • Using special Command Lines with WAPT
  • Using the Command Line to create WAPT packages

Creating WAPT packages

• Package structure detailed
  • The control file
  • The setup.py file
  • The wapt.psproj file
  • The icon.png file
  • The manifest.sha256 file
  • The signature file
  • Other files
• Python 2 to Python 3
• Setting up your WAPT development and test environment
  • Prerequisites
  • Recommendations regarding the test environment
  • Testing method
• Principles of creating package template from the WAPT console
  • Creating a package template from the WAPT console
  • Customizing the package before uploading it to your repository
• Presentation of PyScripter
  • PyScripter project explorer
  • Run Configurations
  • Editor panel
  • Python Console
  • Testing locally the installation of the WAPT package
  • Testing locally the uninstallation of the WAPT package
• Packaging .msi packages (example)
  • Passing additional arguments
  • Video demonstration
• Packaging .exe packages (example)
  • Finding the uninstallation key
  • Special case of a non-silent uninstaller
  • Video demonstration
• Packaging empty packages
• Building the package and sending it to the WAPT server
  • Working with non standard return codes
• Simple examples of commonly used setuphelper functions
  • Testing and manipulating folders and files
• Manipulating registry keys
  • Checking the existence of a registry key
  • Showing the value of a registry key
  • Modifying the value of a registry key
• Creating and destroying shortcuts
  • A simple shortchut
  • A menu folder shortcut
  • A desktop shortcut
  • A current user desktop shortcut
• Windows environment/ Software/ Services
  • Windows version check
  • Check if 64bits architecture
  • Program Files variable
  • AppData variable
  • Disable temporarily the wow3264 file redirector
  • Get current user
  • Get computer name
  • Get computer domain
  • Action on installed software
• Using control file fields
  • Get packages version
  • Get software name
• Managing a WAPT package with another WAPT package
  • Installing a package
  • Removing a package
  • Forgetting a package
• Improving my package
  • Copying a file
  • Uninstalling unwanted versions
  • Improving setup.py to use variables
  • Customizing the user environment
  • Using the audit functions for compliance
  • Updating automatically a software package
  • Deploying a portable software with WAPT
  • Packaging Windows Update .msu packages
  • Packaging simple Linux packages
  • Encrypting sensitive data contained in a WAPT package
• Using different IDEs for developing WAPT packages
  • On Windows
  • On Linux / macOS
• Configuring WAPT to use a custom editor
  • On Windows
  • On Linux/ macOS

The WAPT console in detail

• Menus
  • File Tab
  • View tab
  • Tools tab
  • ? tab
• Inventory tab
  • Refresh
  • Edit host
  • Check updates
  • Apply updates
• Performing a global search on all hosts
• OU AD on WAPT
  • Include computers from subfolders
  • Searching Organizational Units
  • Displaying Organizational Units
  • Creating or editing Organizational Unit package
  • Checking for updates on all host of an Organizational Unit
  • Applying upgrades on all hosts in an Organizational Unit
• Host inventory
  • Host status
  • Host layout
  • Detailed actions on the hosts
  • Host sub tab
  • Host informations
  • Search keywords
  • Package status filtering
  • Package layout
  • Package status
  • Acting on packages installed on a host
  • Hardware inventory tab
  • Software inventory tab
  • Windows update tab
  • Task tab
  • Packages overview
  • Audit data
• WAPT Packages tab
  • Refresh packages list
  • Import packages
  • Import from file
  • Make packages template from setup file
  • Search tab
  • Last version only
  • Filter packages
  • Show host
  • Architecture
  • OS
  • Locale
  • Maturity
  • Action on packages
• Windows Update tab
  • Refresh
  • Download WSUSScan cab from Microsoft Web site
  • Show Download history
  • ActWUAGetUnusedKB
• Source tab
• Reporting tab
  • Refresh
  • Design mode
  • Execute
  • Export to spreadsheet
  • Normalize software titles
  • Right click menu
• Secondary repos tab
  • Left on tab
  • Right on tab

Enhancing your productivity with WAPT

• Simplifying the imaging of your workstations
  • What do you suggest to do then?

Frequent problems and questions

• Frequent problems
  • Resetting the WAPT Linux Server password
  • I lost my WAPT private key
  • My private key has been stolen
  • My BIOS UUID bugs
  • WAPTdeploy does not work
  • Windows does not wait for the network to be up on startup
  • WAPT Exit will not launch
  • WAPTExit halts after 15 minutes and does not finish the installing the packages
  • Error message when opening the WAPT console
  • Problems with registering a host with WAPT
  • Problems when enabling enable-check-certificate
  • Problems when creating a package
  • Frequent problems caused by Anti-Virus software
  • I have an issue with my proxy - THttpClientSocket.SockRecv(1) read = 0
• Common mistakes
  • How to move my repository to another partition
  • Using a network drive to store and deliver WAPT packages
  • Using the register() function in your audit scripts
  • EWaptBadControl: ‘utf8’ codec can’t decode byte
  • I have a lot more hosts in the console than I have host packages on my server?
• Installing WAPT Server with Ansible
  • Requirements
  • Installing the Ansible role
  • Using the Ansible role
  • Deploying the Linux WAPT Agent with Ansible

Using the WAPT server APIs

• Using the WAPT server APIs

Appendix

• Contacting Tranquil IT
• Glossary
• Presentation of the security principles in WAPT
• (For software editors) Applying best practices to packaging software
• WAPT release Strategy
• Security bulletin
• Changelog
• WAPT End user License Agreement
• External component licenses used in WAPT