Welcome to WAPT’s official documentation by Tranquil IT, last compiled on 2021-09-10.

Click here for a PDF version of the complete documentation.

WAPT is a software and configuration deployment tool that may be compared to Microsoft SCCM (now called MECM), Ivanti UIM, IBM Bigfix, Tanium, OPSI, PDQDeploy, or Matrix42.

WAPT exists in two flavors, WAPT Discovery and WAPT Enterprise.

Main benefits

For System Administrators:

• install software and configurations silently;

• maintain up to date an installed base of software and configurations;

• configure software at the system and user level to reduce the load on support teams;

• remove unwanted or out of cycle software and configurations silently;

• reduce your need for support by your IT teams, whose reaction times are often long because of their workloads;

• reduce as much as possible the consumption of bandwidth on remote sites to preserve it for productive uses;

For IT Security Officers

• pilot the software installed base to converge to a security standard acceptable to the organization;

• prepare your enterprise for the coming GDPR and help your DPO keep his register of data processing, because you two will become close colleagues;

• no longer tolerate machines operating in Administrator mode;

• no longer tolerate users downloading and running software binaries from their home directory;

• start applying SRPs, also known as Applocker or WDAC to improve application level IT security;

• reduce the level of exposure to software vulnerabilities and lateral movement attacks;

• bring up audit indicators for a better knowledge of the state of installed IT devices and their global security level;

• be prompt to deploy updates to react to cyber attacks like Wannacry or notPetya;

For End-Users

• have installed software configured to work well in the context of your Organization and trust that they will work correctly;

• give Users more autonomy to install software safely and reliably;

• have better working and more predictable professional systems because of standard software configurations;

Presenting WAPT

• Introduction to WAPT
  • For what purpose is WAPT useful?
  • Security Certification from French Cyberdefense Agency ANSSI
  • The genesis of WAPT
• Fundamental principles
  • Repository principle
  • Replicated repository
  • Packages principle
  • Dependency mechanism
  • Private key / Public certificate principle
• WAPT mode of operation
  • Inventory
  • Information feedback
  • WAPT common interactions
  • WAPT agent behavior
  • Complete diagram of the WAPT operating mechanism
• WAPT Server architecture
  • Repository role
  • Inventory server role
  • Proxy role
• WAPT language and development environment
  • The strength of Python
  • The power of WAPT
• Comparing features between the WAPT versions
  • Summary of operating principles in WAPT
  • Current feature list as of 2021-09-10
  • Features coming soon
  • Main functional benefits of the Enterprise version of WAPT
  • Targeted use cases of WAPT Enterprise
  • Description of services available with a WAPT Enterprise contract

Installing WAPT

• Installation requirements
  • Hardware recommendations
  • Software recommendations
• Tips before installing
  • Configuring the Organization’s DNS for WAPT
  • Configuring DNS entries in Microsoft RSAT.
• Installing WAPT Server on Debian
  • Setting up the GNU/Linux Debian server
  • Configuring DEB repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on Ubuntu
  • Setting up the GNU/Linux Ubuntu server
  • Configuring DEB repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on CentOS7
  • Setting up the CentOS / RedHat server
  • Configuring RPM repository
  • Installing the WAPT Server packages
  • Post-configuring
• Installing WAPT Server on Windows
  • Discovery
  • Enterprise

Basic WAPT configuration

• WAPT management console
  • If the WAPT Server is installed on a Windows host
  • If the WAPT Server is installed on a Linux host
  • Installing on the Administrator’s computer
  • Starting the WAPT console
• Generating the Administrator’s certificate for signing WAPT packages
  • Private key wapt-private.pem
  • Public certificate : wapt-private.crt
  • Building a certificate
• Building the WAPT agent installer
  • Choosing the mode to uniquely identify the WAPT agents
  • Discovery
  • Enterprise

Advanced WAPT configuration

• Configuring the WAPT agent with advanced options
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT console
  • Description of available sections
  • Description of available options by section
• Configuring the WAPT Server
  • Section [option] to waptserver.ini
  • Configuring Nginx
  • Configuring WAPT Server for large deployments
• Configuring WAPT repositories
  • Replicating a repository
  • Multiple repositories
• Enhancing the security of your WAPT setup
  • Configuring the firewall on the WAPT Server
  • Configuring kerberos authentication
  • Activating the verification of the SSL / TLS certificate
  • Configuring user authentication against Active Directory
  • Configuring Client-Side Certificate Authentication
  • Generating the Certificate Authority (CA)
  • Deploying certificates of local IT admins on clients
  • Configuring Access Control Lists

Upgrading WAPT server

• Minor WAPT server update
  • Debian
  • Ubuntu
  • Centos / RedHat
  • Windows
• Upgrading WAPT on a from 1.8.2 to 2.0
  • Debian
  • Centos / RedHat
  • Windows
• Upgrading WAPT on a from 1.6/1.7 to 1.8
  • Debian
  • CentOS
  • Windows
• Upgrading WAPT from 1.5 to 1.6

Backing up the WAPT Server

• Backing up the WAPT Server
  • Linux
  • Windows
• Restoring the WAPT Server
  • Linux
  • Windows

Uninstalling the WAPT agent

• Uninstalling WAPT agent from clients
  • Windows
  • Linux
  • MacOS

How to use WAPT?

• Deploying WAPT agent
  • Windows
  • Linux
  • MacOS
• Updating the WAPT agents
  • Manually
  • Via waptupgrade
• Using the WAPT console
  • Add package for the host
  • Check updates for the host
  • Apply updates for the host
  • Performing a global search on all hosts
  • Showing the inventory
  • How to perform actions on the hosts?
  • Importing packages from external repository
  • Importing packages from local file
  • Managing packages on repository
• Using the WAPT console advanced
  • Using profile bundles in WAPT
  • Using Organizational Unit packages in WAPT
  • Using WAPT Windows Update Agent (WAPTWUA)
  • Using the reporting functions in WAPT
  • Connecting to the WAPT database using a PostgreSQL client
  • Synchronizing WAPT inventories to GLPI
  • Re-signing all packages by WAPT console
• Using WAPT Self-Service
  • Presentation
  • How does it work?
  • How to use the self-service feature?
  • How to use the self-service on the user station?
  • Customizing the Self Service interface
  • WAPT Agent Settings for WAPT Self-Service
  • Configuring a different authentication method for the self-service
  • Video demonstration
• Using WAPTtray
  • Functionalities of the WAPTtray
• Using WAPTExit
  • Manually triggering the execution of WAPTexit
  • Triggering WAPTexit with a scheduled task
  • Avoiding the cancellation of upgrades
  • Increase the trigger time in waptexit
  • Do not interrupt user activity
  • Launching the installation of packages with a special level of priority
  • Customizing WAPTexit
  • Registering/ unregistering WAPTexit
• Using WAPT with the Command Line
  • Using the more common functions in WAPT with the command line
  • Using special Command Lines with WAPT
  • Using the Command Line to create WAPT packages

Creating WAPT packages

• Package structure detailed
  • The control file
  • The setup.py file
  • The wapt.psproj file
  • The icon.png file
  • The manifest.sha256 file
  • The signature file
  • Other files
• Python 2 to Python 3
• Setting up your WAPT development and test environment
  • Prerequisites
  • Recommendations regarding the test environment
  • Testing method
• Principes of creating package template from the WAPT console
  • Creating a package template from the WAPT console
  • Customize the package before make and edit
• Presentation of Pyscripter
  • PyScripter project explorer
  • Run Configurations
  • Editor panel
  • Python Console
  • Testing locally the installation of the WAPT package
  • Testing locally the uninstallation of the WAPT package
• Packaging .msi packages (example)
  • Passing additional arguments
  • Video demonstration
• Packaging .exe packages (example)
  • Finding the uninstallation key
  • Special case of a non-silent uninstaller
  • Video demonstration
• Building the package and sending it to the WAPT server
  • Working with non standard return codes
• Simple examples of commonly used setuphelper functions
  • Testing and manipulating folders and files
• Manipulating registry keys
  • Checking the existence of a registry key
  • Showing the value of a registry key
  • Modifying the value of a registry key
• Creating and destroying shortcuts
  • A simple shortchut
  • A menu folder shortcut
  • A desktop shortcut
  • A current user desktop shortcut
• Windows environment/ Software/ Services
  • Windows version check
  • Check if 64bits architecture
  • Program Files variable
  • AppData variable
  • Disable temporarily the wow3264 file redirector
  • Get current user
  • Get computer name
  • Get computer domain
  • Action on installed software
• Using control file fields
  • Get packages version
  • Get software name
• Manage WAPT package by another WAPT package
  • Installing a package
  • Removing a package
  • Forgetting a package
• Improving my package
  • Copying a file
  • Uninstalling unwanted versions
  • Improving setup.py to use variables
  • Customizing the user environment
  • Using the audit functions for compliance
  • Updating automatically a software package
  • Deploying a portable software with WAPT
  • Packaging Windows Update .msu packages
  • Packaging simple Linux packages
  • Encrypting sensitive data contained in a WAPT package
• Using different IDEs for developing WAPT packages
  • On Windows
  • On Linux / macOS
• Configuring WAPT to use a custom editor
  • On Windows
  • On Linux/ macOS

The WAPT console in detail

• Menus
  • File Tab
  • View tab
  • Tools tab
  • ? tab
• Inventory tab
  • Refresh
  • Edit host
  • Check updates
  • Apply updates
• Performing a global search on all hosts
• OU AD on WAPT
  • Include computers from subfolders
  • Search OU
  • Display OU
  • Create or Edit Organizational Unit package
  • Check updates on all host of this OU
  • Apply upgrades on all hosts of this OU
• Host inventory
  • Host status
  • Host layout
  • Detailed actions on the hosts
  • Host sub tab
  • Hardware inventory tab
  • Software inventory tab
  • Windows update tab
  • Task tab
  • Packages overview
  • Audit data
• WAPT Packages tab
  • Refresh packages list
  • Import packages
  • Make packages template from setup file
  • Search tab
  • Last version only
  • Filter packages
  • Show host
  • Architecture
  • OS
  • Locale
  • Maturity
  • Action on packages
• Windows Update tab
  • Source tab
  • Reporting tab
• Secondery repos tab
  • Left on tab
  • Rigth on tab

Enhancing your productivity with WAPT

• Simplifying the imaging of your workstations
  • What do you suggest to do then?
  • How does the scenario work?
  • Conclusion

Frequent problems and questions

• I have lost my SuperAdmin password
  • Resetting the WAPT Linux Server password
• I lost my WAPT private key
  • Generating or renewing a private key
  • Re-signing packages in the repositories
• My private key has been stolen
• How to move my repository to another partition
  • Linux
  • Windows
• My BIOS UUID bugs
  • Solving the BIOS UUID issue
• WAPTdeploy does not work
  • Symptoms
  • Solving the BIOS UUID issue
  • Launching WAPTdeploy locally
  • Windows does not wait for the network to be up on startup
• WAPT Exit will not launch
  • Solution: Hybrid shutdown
  • Solution: Windows Home edition
  • Solution: corrupted local GPO
• WAPTExit halts after 15 minutes and does not finish the installing the packages
  • Solution: increase the installation timeout
• Error message when opening the WAPT console
  • Version check
  • Connection refused
  • Service unavailable
  • Error connecting with SSL … verify failed
• Problems with registering a host with WAPT
• Problems when enabling enable-check-certificate
  • Message “Certificate CN ### sent by server does not match URL host ###”
• Problems when creating a package
  • Creating a package via the WAPT console
  • Problem with rights in the Windows Command Line utility
  • Problems with access rights and PyScripter
  • My WAPT package is too big and I can not upload it on the repository
  • WAPT package in error
  • Frequent problems caused by Anti-Virus software
  • EWaptBadControl: ‘utf8’ codec can’t decode byte
  • I have a lot more hosts in the console than I have host packages on my server?
• Common mistakes
  • Using a network drive to store and deliver WAPT packages
  • Using the register() function in your audit scripts
• Installing WAPT Server with Ansible
  • Requirements
  • Installing the Ansible role
  • Using the Ansible role
  • Role variables
  • Example Ansible playbook
• Deploying the Linux WAPT Agent with Ansible
  • Requirements
  • Installing the Ansible role
  • Using the Ansible role
  • Role variables
  • Example Ansible playbook

Using the WAPT server APIs

• Using the WAPT server APIs

Appendix

• Contacting Tranquil IT
• Glossary
• Presentation of the security principles in WAPT
• (For software editors) Applying best practices to packaging software
• WAPT release Strategy
• Security bulletin
• Changelog
• WAPT End user License Agreement
• External component licenses used in WAPT