.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: The WAPT management Console :keywords: waptconsole, management, WAPT, certificate, documentation, the WAPT Console .. |ok| image:: wapt-resources/icon-ok.png :scale: 5% :alt: Feature available .. |nok| image:: wapt-resources/icon-nok.png :scale: 5% :alt: Feature not available .. |date| date:: .. |add| image:: wapt-resources/icon-add.png :scale: 5% :alt: Additional feature .. |enterprise_feature| image:: wapt-resources/icon_wapt_enterprise.png :scale: 3% :alt: WAPT Enterprise feature only The WAPT Server having been successfully installed, now we will install the WAPT Console. .. _installing_the_WAPT_console: ########################################## How to install the management WAPT console ########################################## The WAPT Console is installed along side the WAPT Agent. Thus you first need to install the WAPT Agent on you management machine, please refer to :doc:`WAPT Agent documentation ` On Windows and macOS it is installed by default with WAPT Agent (but not configured by default), on Linux it is installed through an extra package. * Managing WAPT is done mainly via the WAPT Console installed on the :term:`Administrator`'s workstation. * It is recommended that the Administrator's computer be joined to the :term:`Organization`'s Active Directory. * The host name of the Administrator's workstation **MUST NOT be longer than 15 characters.** This is a limit of *sAMAccountName* attribute in Active Directory. * **The Administrator's computer will become critical for WAPT administration and WAPT package testing.** * If DNS records are properly configured, you should be able to access the WAPT web interface by visiting https://srvwapt.mydomain.lan. * The WAPT Console is supported on Windows, Linux and macOS. Some features, like WinPE pre-boot environement creation for WADS Windows deployment is not available on Linux and macOS. The Linux and macOS console support light and dark mode. .. _console_on_windows: .. warning:: The WAPT Console **MUST NOT** be installed on the WAPT Server. The WAPT Console **MUST** be installed on the admin workstation from which you manage your network. ************************************ Installing and starting WAPT Console ************************************ The WAPT Console is supported on Windows, Linux and macOS. Please choose your client OS. .. tabs:: .. tab for Windows .. tab:: Windows The WAPT Console is included by default in the WAPT Agent installer. .. attention:: If **the WAPT Agent** is not compiled and installed on your computer, you need to run de WAPT Agent installer to open and :ref:`configure the WAPT Console `. * Start the executable installer as :term:`Local Administrator` on the :term:`Administrator`'s workstation. * Choose the language for the WAPT installer. .. image:: wapt-resources/wapt_deploy_choose-language_dialog-box.png :align: center :alt: Choosing the language for deploying the WAPT installer * Click on :guilabel:`OK` to go on to the next step. .. image:: wapt-resources/wapt_deploy_accept-license_dialog-box.png :align: center :alt: Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * Choose additional configuration tasks (leave the default if not sure). .. figure:: wapt-resources/wapt_deploy_installer-options_dialog-box.png :align: center :alt: Choosing the WAPT Agent installer options Choosing the WAPT Agent installer options .. list-table:: Available options of the WAPT Agent installer :header-rows: 1 :widths: auto :align: center * - Settings - Description - Default value * - :guilabel:`Install WAPT service` checkbox - Enables the WAPT service on this computer. - Checked * - :guilabel:`Launch notification icon upon session opening` checkbox - Launches the WAPT Agent in systray on host startup. - Not checked * - :guilabel:`Disable hiberboot, and increase shutdown GPO timeout (recommended)` checkbox - Disables Windows fast startup for stability, it increases the timeout for the WAPT Exit utility. - Checked * - :guilabel:`Install the certificates provided by this installer` checkbox - Installs Tranquil IT certificate on this computer. - Not checked * - :guilabel:`Use a random UUID to identify the computer instead of BIOS` checkbox - For more information, check the documentation on :ref:`BIOS UUID bugs ` - Not checked * Set up the WAPT Server URL. .. tabs:: .. tab:: First installation * Choose :guilabel:`Don't change current setup`. We configure the agent with initial configuration in WaptConsole. .. figure:: wapt-resources/wapt_deploy_dont_change_settings_dialog_box.png :align: center :alt: Choosing "Don't change current setup" * Click :guilabel:`Next`. .. tab:: Upgrade * Check :guilabel:`Don't change current setup`, then click :guilabel:`Next`. .. figure:: wapt-resources/wapt_deploy_accept-repo-and-server-url_dialog-box.png :align: center :alt: The WAPT repository and the WAPT Server are already set The WAPT repository and the WAPT Server are already set * Get a summary of the WAPT Console installation. .. figure:: wapt-resources/wapt_deploy_install-summary_dialog-box.png :align: center :alt: Summary of the WAPT installation abstract Summary of the WAPT installation abstract * Click :guilabel:`Install` to launch the installation, wait for the installation to complete, then click on :guilabel:`Finish` (leave default options). .. image:: wapt-resources/wapt_deploy_installation-in-progress_dialog-box.png :align: center :alt: Dialog box showing the WAPT installation in progress .. image:: wapt-resources/wapt_deploy_installation-progress-completed_dialog-box.png :align: center :alt: Installation Wizard has finished * Uncheck :guilabel:`Show installation documentation`. Launch the WAPT Console: * By looking for the binary. :file:`C:\\Program Files (x86)\\wapt\\waptconsole.exe` * Or using the :guilabel:`Start` Menu. .. figure:: wapt-resources/windows_console_start-menu_screen-item.png :align: center :alt: Launching the WAPT Console from the Windows Start Menu Launching the WAPT Console from the Windows Start Menu. .. tab for Debian .. tab:: Debian and derivatives The WAPT Console is currently not included in the WAPT Agent installer. .. hint:: The WAPT Agent for Debian has been tested on Debian 9, 10, 11 and 12. The WAPT Agent for Ubuntu has only been tested on Ubuntu Bionic and Ubuntu Focal. * Update the underlying distribution and check that apt https transport is installed .. code-block:: bash sudo apt update && apt upgrade -y sudo apt install apt-transport-https lsb-release gnupg -y * Retrieve the key :mimetype:`.gpg`, add it to the Tranquil IT repository and install the WAPT Agent. .. code-block:: bash sudo wget -qO- https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub.gpg | tee /usr/share/keyrings/tiswapt-pub.gpg > /dev/null sudo echo "deb [signed-by=/usr/share/keyrings/tiswapt-pub.gpg] https://wapt.tranquil.it/$(lsb_release -is)/wapt-2.5/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/wapt.list export DEBIAN_FRONTEND=noninteractive sudo apt update sudo apt install tis-waptagent -y unset DEBIAN_FRONTEND The you have to install the tis-waptagent-gui package. .. code-block:: bash wget http://wapt.tranquil.it/wapt/releases/wapt-2.5/tis-waptagent-gui-2.5.4.15342-6215c9da-amd64.deb sudo apt install ./tis-waptagent-gui-2.5.4.15342-6215c9da-amd64.deb Launch the WAPT Console: * By looking for the binary. .. code-block:: bash /opt/wapt/waptconsole.bin * Or using the :guilabel:`Start` Menu. .. figure:: wapt-resources/wapt_console_startup_linux.png :align: center :alt: The WAPT Console startup on Linux The WAPT Console startup on Linux .. tab for Redhat .. tab:: Redhat and derivatives The WAPT Console is currently not included in the WAPT Agent installer. .. hint:: The WAPT Agent for RedHat based system has been tested on RedHat 7/8/9 and derivatives on x86_64 platforms. * Update the underlying distribution. .. code-block:: bash yum update * Retrieve the key :file:`.gpg` and configure the WAPT repository. .. code-block:: bash :substitutions: RH_VERSION=$(cat /etc/system-release-cpe | awk -F: '{ print $5}') wget -q -O /tmp/tranquil_it.gpg "https://wapt.tranquil.it/redhat${RH_VERSION}/RPM-GPG-KEY-TISWAPT-${RH_VERSION}"; rpm --import /tmp/tranquil_it.gpg cat > /etc/yum.repos.d/wapt.repo <`_ (10.14); * `Catalina `_ (10.15); * `Big Sur `_ (11.x); * `Monterey `_ (12.x). * `Ventura `_ (13.x). * `Sonoma `_ (14.x). * Download and install the WAPT Agent (note: the hash string may change, to get the latest, point your browser on the url https://wapt.tranquil.it/wapt/releases/wapt-2.5/). Choose the version depending on your processor architecture (intel or m1): .. code-block:: bash # for mac m1 curl -o tis-waptagent-2.5.4.15342-6215c9da-macos-all-arm64.pkg http://wapt.tranquil.it/wapt/releases/wapt-2.5.4.15342-6215c9da/tis-waptagent-2.5.4.15342-6215c9da-macos-all-arm64.pkg # for mac intel curl -o tis-waptagent-2.5.4.15342-6215c9da-macos-all-x86_64.pkg http://wapt.tranquil.it/wapt/releases/wapt-2.5.4.15342-6215c9da/tis-waptagent-2.5.4.15342-6215c9da-macos-all-x86_64.pkg sudo installer -target / -pkg tis-waptagent*.pkg You can get find the WAPT Console launcher in the WAPT folder in the Applications folder. .. figure:: wapt-resources/wapt_console_startup_macos.png :align: center :alt: The WAPT Console startup on macOS The WAPT Console startup on macOS .. attention:: Even if you are not using WAPT Agent for Windows, it is currently necessary to install tis-waptsetup-windows package on the server. .. include:: wapt-console.inc.rst .. _licence_activation: ************************* Activating a WAPT licence ************************* With WAPT, **Discovery** and **Enterprise** versions have different licences. To activate the licence, use the :file:`licence.lic` file provided by our sales department. * If you are launching the WAPT Console for the first time, a wizard will ask you if you have a WAPT Enterprise licence. .. image:: wapt-resources/wapt_console_first_start_licence.png :align: center :alt: First time wizard licence * Or in the WAPT Console, click on the :guilabel:`?` tab. .. image:: wapt-resources/wapt_console-more-info-tab_menu-list.png :align: center :alt: More information tab in the WAPT Console * Then choose :guilabel:`Licences`. .. figure:: wapt-resources/wapt_console_licence-no-licence_container-window.png :align: center :alt: Window listing no activated WAPT licence in the WAPT Console Window listing no activated WAPT licence in the WAPT Console * Finally, select your :file:`licence.lic` and click :guilabel:`Open`. .. figure:: wapt-resources/wapt_console_licence-ok_container-window.png :align: center :alt: Window showing an activated licence in the WAPT Console Window showing an activated licence in the WAPT Console *********************** Certificate affectation *********************** A message may appear indicating that no personal certificate is defined in the WAPT Console. .. figure:: wapt-resources/wapt_console_no-certificate_dialog-box.png :align: center :alt: WAPT personal certificate not found in the WAPT Console WAPT personal certificate not found in the WAPT Console * Select :guilabel:`Yes`. .. figure:: wapt-resources/wapt_console_basic-configuration-tab_container-window.png :align: center :alt: Window for the basic configuration of the WAPT Console Window for the basic configuration of the WAPT Console .. attention:: **A common user error** is to be tempted to create a new certificate at this step when one already exists. If you have previously defined and deployed a certificate on your fleet of computers, then you **MUST** select the currently defined certificate. You **MUST NOT** create a new certificate. * If this is your first time using WAPT, click on :guilabel:`New private key and certicate` and see :ref:`create your certificate `. .. _create_certificate: ******************************************************************** Generating the Administrator's certificate for signing WAPT packages ******************************************************************** * In the example, the name of the private key is :file:`wapt-private.pem`. * In the example, the name of the public certificate signed with the private key is :file:`wapt-private.crt`. Private key *wapt-private.pem* ============================== .. danger:: The :file:`wapt-private.pem` file is **fundamental for security**. It **MUST** be stored in a safe place and correctly protected. The :file:`wapt-private.pem` file **MUST NOT** be stored on the WAPT Server. The :file:`wapt-private.pem` file is the private key, it is located by default in the :file:`C:\\private` folder of the :term:`Administrator` workstation and is password protected. This private key will be used along with the certificate to sign packages before uploading them onto the WAPT repository. Public certificate *wapt-private.crt* ===================================== The :file:`wapt-private.crt` file is the public certificate that is used along with the private key. It is by default created in the :file:`C:\\private` folder of the Administrator, copied and deployed in :file:`C:\\Program Files (x86)\\wapt\\ssl` on Windows desktops or in :file:`/opt/wapt/ssl` on Linux and macOS devices. This certificate is used to validate the signature of WAPT packages before they are installed. .. attention:: * If the public certificate used on the WAPT Console is not derived from the private key used for generating the WAPT Agents, the WAPT Console will not see the WAPT Agents and you will not be able to perform any action on any WAPT Agent. * Child certificates of private keys are also functional. .. CLARIFY above .. _building_certificate: Generating a certificate to use with WAPT ========================================= In the WAPT Console go to :menuselection:`Tools --> Build certificate`. .. figure:: wapt-resources/wapt_console_tools_menu-list.png :align: center :alt: Building a self-signed certificate Building a self-signed certificate With WAPT Enterprise, you can create a Master key with a Certificate Authority flag that can both sign WAPT packages and sign new certificates to be used with WAPT. In order to create new signed certificates for delegated users, please refer to :ref:`creating a new certificate `. .. figure:: wapt-resources/wapt_console_certificate-generate_dialog-box.png :align: center :alt: Creating a self-signed certificate for the WAPT Enterprise version Creating a self-signed certificate for the WAPT Enterprise version .. list-table:: Certificate informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required - Enterprise * - :guilabel:`Target key directory` - Defines the folder where the private key and the public certificate will be stored. - |ok| - * - :guilabel:`Key filename` - Defines the name of the :mimetype:`.pem` private key. - |ok| - * - :guilabel:`Private key password` - Defines the password for unlocking the key. - |ok| - * - :guilabel:`Confirm password` - Confirms the password for unlocking the key. - |ok| - * - :guilabel:`Certificate name` - Defines the name of the :mimetype:`.crt` certificate. - |ok| - * - :guilabel:`Tag as code signing` - Defines whether the certificate/ key pair will be allowed to sign software packages. - |ok| - |add| * - :guilabel:`Tag as CA certificate` - Defines whether the certificate can be used to sign other certificates (main or intermediate Certificate Authority). - |ok| - |add| * - :guilabel:`Common Name (CN)` - Defines the Common Name to register in the certificate. - |ok| - * - :guilabel:`City` - Defines the name of the certificate holder's city to register in the certificate. - |nok| - * - :guilabel:`Country (2 chars. E.g: FR)` - Defines the name of the certificate holder's country (FR, EN, ES, DE ...) to register in the certificate. - |nok| - * - :guilabel:`Service` - Defines the name of certificate holder's service or organizational department to register in the certificate. - |nok| - * - :guilabel:`Organization` - Defines the name of the certificate holder's Organization to register in the certificate. - |nok| - * - :guilabel:`E-mail address` - Defines the email address of the certificate holder to register in the certificate. - |nok| - * - :guilabel:`Authority Signing Key` - Defines the key (:mimetype:`.pem`) of the :abbr:`CA (Certificate Authority)`. - |nok| - |add| * - :guilabel:`Authority Signing Certificate` - Defines the certicate (:mimetype:`.crt`) of the :abbr:`CA (Certificate Authority)`. - |nok| - |add| * - :guilabel:`Export PKCS12` - Forces the creation of the :file:`*.p12` certicate in the :guilabel:`Targets keys directory` - |nok| (recommended) - Additional details are stored in the private key. This information will help with identifying the origin of the certificate and the origin of the WAPT package. The password complexity **MUST** comply with your :term:`Organization`'s security requirements (visit the `ANSSI website `_ for recommendations on passwords). .. INCLUDE START .. danger:: * The :file:`wapt-private.pem` file **MUST NOT** be stored on the WAPT Server. .. INCLUDE STOP * Click on :guilabel:`OK` to go on to the next step. If everything has gone well the following message will appear. .. figure:: wapt-resources/wapt_console_certificate-successfully-generated_dialog-box.png :align: center :alt: Dialog box informing the certificate has been generated successfully Dialog box informing the certificate has been generated successfully * Click on :guilabel:`OK`. .. figure:: wapt-resources/wapt_console_certificate-confirm-copy-into-ssl-folder_dialog-box.png :align: center :alt: Dialog box requesting confirmation of the copy of the certificate in the ssl folder in the WAPT Console Dialog box requesting confirmation of the copy of the certificate in the ssl folder in the WAPT Console * Click on :guilabel:`Yes` to copy the newly generated certificate in the folder :file:`C:\\Program Files (x86)\\wapt\\ssl` on Windows or :file:`/opt/wapt/ssl` on Linux or macOS. This certificate will be picked up during the compilation of the WAPT Agent and deployed on the client computers. You may go on to the next step and :ref:`Building the WAPT Agent installer `. .. _create_WAPT_agent: ************************ Packet prefix definition ************************ A message may appear indicating that no package prefix has been defined. .. figure:: wapt-resources/wapt_console_no-prefix_dialog-box.png :align: center :alt: Dialog box informing that no prefix has been set in the WAPT configuration Dialog box informing that no prefix has been set in the WAPT configuration * Select :guilabel:`Yes` * Set your packages prefix on :guilabel:`WAPT packages prefix` .. figure:: wapt-resources/wapt_console_basic-configuration-tab_container-window.png :align: center :alt: Window for the basic configuration of the WAPT Console Window for the basic configuration of the WAPT Console .. warning:: The prefix is case sensitive, we recommand to use lower case. **************** WAPT Agent check **************** A message may appear indicating that your WAPT Agent version is obsolete or not yet present. .. figure:: wapt-resources/wapt_console_waptagent-not-present_dialog-box.png :align: center :alt: Dialog box informing that the WAPT Agent is not present on the WAPT Server Dialog box informing that the WAPT Agent is not present on the WAPT Server If the :ref:`administrator's certicate ` has not yet been generated, it is possible to :ref:`generate a new WAPT Agent ` by clicking on :guilabel:`Yes`. Also click on :guilabel:`No` and generate the :ref:`administrator's certicate `. Building the WAPT Agent installer ================================= The :program:`waptagent` binary is an `InnoSetup `_ installer. Once the WAPT Console has been installed on the :term:`Administrator` computer, we have all files required to build the WAPT Agent installer. Before building the WAPT Agent, please verify that your certificates are ready. If you wish to deploy other public certificates on your :term:`Organization`'s computers that are equipped with WAPT, you will have to copy them in a common folder then select it when generating the WAPT agent. The former method for building the WAPT agent did not prevent copying the private key of any :term:`Administrator` in :file:`C:\\Program Files (x86)\\wapt`. It means that, by error, a private key could be deployed on every computer, becoming a serious **security breach**. Before 2.3.0 version, this folder was used when building the WAPT Agent and the private keys would then be deployed on all the computers. Now, the new method is far more secure. It uses a waptsetup that is signed by Tranquil IT, the configuration being written into a :mimetype:`json` file that is attached to the signed waptsetup file. Alternatively, we can also :ref:`create a WAPT configuration package ` that will be called when deploying the WAPT Agent. This method is called `certificate stuffing `_. On top of avoiding errors, like deploying a private certificate by error, the method has the advantage of no longer requiring to custom build a WAPT Agent. This method finally avoids Antivirus incorrectly flagging the :file:`waptsetup` file as a false positive. When the WAPT Agent will be silently installed, it will take the **default** configuration: it will build the WAPT Agent's :file:`wapt-get.ini` configuration file and extract certificates into :file:`wapt/ssl`. To secure this installation (for example with GPOs), :program:`waptsetup.exe` and its integrated :mimetype:`json` configuration have the name and hash of the configuration name on the WAPT Server. When the installer will apply the :mimetype:`json` configuration, it checks beforehand with this hash that the :mimetype:`json` data has not been altered. * In the WAPT Console, go to :menuselection:`Tools --> Build WAPT Agent`. .. figure:: wapt-resources/wapt_console_waptagent-build_menu-item.png :align: center :alt: Generating the WAPT Agent from the WAPT Console Generating the WAPT Agent from the WAPT Console .. _agent_identify: Before building the WAPT Agent, you need to choose how it will identify itself with the WAPT Server. Choosing the mode to uniquely identify the WAPT Agents ====================================================== In WAPT you can choose the unique identification mode of the WAPT Agents. When a WAPT Agent registers the WAPT Server **MUST** know if it is a new host or if it is a host that has already been registered. For this, the WAPT Server looks at the :abbr:`UUID (Universal Unique IDentifier)` in the inventory. WAPT offers 3 modes to help you distinguish between hosts, it is up to you to choose the mode that best suits you. .. attention:: After choosing a mode of operation, it is difficult to change it, think carefully! .. tabs:: .. tab:: BIOS UUID (serial number) This mode of operation makes it possible to identify the hosts in the WAPT Console in a physical manner. If you replace a computer and give the new computer the same name as the previous one, you will have two computers that will appear in the WAPT Console since you will have physically two different computers. .. note:: Some vendors do inadequate work and assign the same BIOS UUIDs to entire batches of computers. In this case, WAPT will only see one computer!!! .. tab:: host name This mode of operation is similar to that in Active Directory. The hosts are identified by their :abbr:`FQDN (Fully Qualified Domain Name)`. .. note:: This mode does not work if several hosts in your fleet share the same name. We all know this should never happen. .. tab:: Randomly generated UUID This mode of operation allows PCs to be identified by their WAPT installation. Each installation of WAPT generates a unique random number. If you uninstall the WAPT Agent and then reinstall the WAPT Agent on the host, you will see a new device appear in the WAPT Console. .. note:: In this mode, the UUIDs have the prefix RMD. Build ===== * In the WAPT Console, go to :menuselection:`Tools --> Build WAPT Agent`. .. figure:: wapt-resources/wapt_console_waptagent-build_menu-item.png :align: center :alt: Generating the WAPT Agent from the WAPT Console Generating the WAPT Agent from the WAPT Console * Check in the informations that are necessary for the installer. .. figure:: wapt-resources/wapt_console_waptagent_build_minimal.png :align: center :alt: Filling in the informations on your Organization Filling in the informations on your Organization .. list-table:: WAPT Agent informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required - Enterprise * - :guilabel:`Authorized packages certificates` - Defines all trusted certificates buildled with WAPT Agent installer and set in default configuration. - |ok| - * - :guilabel:`Main WAPT repository address` - Defines the URL of the main WAPT repository. - |ok| - * - :guilabel:`WAPT Server address` - Defines the URL of the WAPT Server. - |ok| - * - :guilabel:`Https server certificate checking` - Defines whether the :ref:`HTTPS certificate client authentication ` is activated on the WAPT Server. - |ok| - * - :guilabel:`Use Kerberos for initial registration` - Defines whether :ref:`Kerberos authentication ` of the WAPT Agents is to be used with the WAPT Server. - |nok| - .. danger:: * The checkbox :guilabel:`Use kerberos for the initial registration` may be checked **ONLY IF** you have followed the documentation on :ref:`Configuring the kerberos authentication `. If you click on :guilabel:`Show advenced settings`, you can configure more parameters for WAPT Agent. .. figure:: wapt-resources/wapt_console_waptagent_build_advanced.png :align: center :alt: Setting more parameters for WAPT Agent configuration Setting more parameters for WAPT Agent configuration .. list-table:: WAPT Agent informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required - Enterprise * - :guilabel:`Always install these "profile" packages` - Defines whether to automatically install :ref:`group packages ` upon WAPT Agent installation. - |nok| - |add| * - :guilabel:`Enable automatic install of packages based on AD Groups` - Enables the installation of :ref:`profile packages `. **This feature can degrade the performance of WAPT**. - |nok| - |add| * - :guilabel:`Allow remote reboot` - Defines whether to allow remote reboots from the WAPT Console. - |nok| - |add| * - :guilabel:`Allow remote shutdown` - Defines whether to allow remote shutdowns from the WAPT Console. - |nok| - |add| * - :guilabel:`Include DMI infos in inventory` - Get DMI infos in agent inventory - |nok| - * - :guilabel:`Include WMI infos in inventory (Windows only)` - Get WMI infos in agent inventory - |nok| - * - :guilabel:`Use repository access rules` - Defines whether repository access rules are to be used for :ref:`replicating remote repositories `. - |nok| - |add| * - :guilabel:`Use computer FQDN for UUID` - Defines whether :abbr:`FQDNs (Fully Qualified Domain Names)` are to be used for :ref:`identifying WAPT Agents `. - |nok| - * - :guilabel:`Use random host UUID (for buggy BIOS)` - Defines whether random :abbr:`UUIDs (Universally Unique IDentifiers)` are to be used for :ref:`identifying WAPT Agents `. - |nok| - * - :guilabel:`Manage Windows updates with WAPT` | :guilabel:`Disable WAPT WUA` | :guilabel:`Don't set anything` - Enables or disables :ref:`WAPT WUA `. - |ok| - |add| * - :guilabel:`Waptupgrade package maturity` - Allows to choose the maturity of the waptupgrade package. - |ok| - |add| For more information to Windows update section, refer to :ref:`this article on configuring WAPTWUA on the WAPT Agent `. * Provide the password for unlocking the private key. .. figure:: wapt-resources/wapt_console_enter-certificate-password_dialog-box.png :align: center :alt: Providing the password for unlocking the private key Providing the password for unlocking the private key .. figure:: wapt-resources/wapt_console_waptagent-creation-in-progress_dialog-box.png :align: center :alt: Progression of WAPT Agent installer building Progression of WAPT Agent installer building Once the WAPT Agent installer has finished building, a dialog pops up asking you if you want to configure the local WAPT Agent. Click on :guilabel:`Yes`. .. info: An administrator privilege is required with Windows UAC (can be in background). .. figure:: wapt-resources/wapt_console_waptagent_configure_localagent.png :align: center :alt: Configure local WAPT Agent Configure local WAPT Agent .. _creating_initial_config_package: ****************************************** Initial Configuration |enterprise_feature| ****************************************** It is possible to configure the WAPT Agent for standard and advanced options via a GUI. Very similar to :ref:`creating a configuration package `, we **strongly** recommand you to see the section beforehand. The initial configuration aims to configure important parameters in the WAPT Agent, whether it be Windows, Linux or macOS. The method is very useful for installing a :ref:`WAPT Agent on Linux or macOS `. * In the WAPT Console, go to :menuselection:`Tools -> Edit initial configurations`. .. figure:: wapt-resources/wapt_console_edit-initial-configuration_menu-item.png :align: center :alt: Creating the initial configuration Creating the initial configuration After generating WAPT Agent for Windows, an inital configuration has been created automaticaly and named :guilabel:`default`. * Fill in the informations that are necessary for the configuration. .. figure:: wapt-resources/wapt_console_initial-configuration_container-window.png :align: center :alt: Editing the initial configuration Editing the initial configuration .. list-table:: Header :header-rows: 1 :widths: auto :align: center * - Value - Description * - :guilabel:`Advanced Editing` - Displays :ref:`the WAPT Agent configuration options ` as in :file:`wapt-get.ini`. * - :guilabel:`Add certificate` - Adds :ref:`certificate ` with the configuration. * - :guilabel:`Load Json` - Loads a previously created configuration. * - :guilabel:`Refresh Server Configuration` - Refreshes the list of available configurations. * - :guilabel:`+` - Creates a new configuration. * - :guilabel:`-` - Deletes a configuration. .. tabs:: .. tab:: global .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - Description - Required - Enterprise * - :guilabel:`Main WAPT Repository URL` - Defines the URL of the main WAPT repository. - |ok| - * - :guilabel:`WAPT Server URL` - Defines the URL of the WAPT Server. - |ok| - * - :guilabel:`Verify https server certificate` - Defines whether the :ref:`HTTPS certificate client authentication ` is activated on the WAPT Server. - |nok| - * - :guilabel:`Path to certificate authority for https servers` - Defines the path to the certificates used for HTTPS verification. - |nok| - * - :guilabel:`Allow remote reboot` - Defines whether to allow remote reboots from the WAPT Console. - |nok| - |add| * - :guilabel:`Allow remote shutdown` - Defines whether to allow remote shutdowns from the WAPT Console. - |nok| - |add| * - :guilabel:`Wake On Lan Relay` - Activates the :abbr:`WoL (Wake-on-Lan)` functionality on secondary repositories. - |nok| - |add| * - :guilabel:`Use computer FQDN for UUID` - Defines whether :abbr:`FQDNs (Fully Qualified Domain Names)` are to be used for :ref:`identifying WAPT Agents `. - |nok| - * - :guilabel:`Always install these packages` - Defines whether to automatically install :ref:`group packages ` upon WAPT Agent installation. - |nok| - |add| * - :guilabel:`Use repository rules` - Defines whether :ref:`repositories are replicated `. - |nok| - |add| * - :guilabel:`Use Kerberos` - Defines whether :ref:`Kerberos authentication ` of the WAPT Agents is to be used with the WAPT Server. - |nok| - * - :guilabel:`Enable automatic install of packages based on AD Groups` - Enables the installation of :ref:`profile packages `. **This feature can degrade the performance of WAPT**. - |nok| - |add| * - :guilabel:`Maturities` - List of package maturities than can be viewed and installed by WAPT Agent. Default value is ``PROD``. Only ``DEV``, ``PREPROD`` and ``PROD`` values are used by Tranquil IT, however any value can be used to suit your internal processes. - |nok| - * - :guilabel:`Authentification type` - Sets how the self service authentication works. Possible values are: *system*, *waptserver-ldap* or *waptagent-ldap*. - |ok| - * - :guilabel:`Packages Audit Period` - Defines the frequency at which audits are triggered. - |ok| - .. tab:: waptwua .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Manage Windows updates with WAPT` - Enables or disables :ref:`WAPT WUA `. - |ok| * - :guilabel:`Allow all updates by default unless explicitely forbidden by rules` - Defines whether to allow all Windows Updates if not forbidden by WUA rule packages. - |nok| * - :guilabel:`Allowed Severities` - Defines a severity list that will be automatically accepted during a WAPT windows update scan. ex: *Important*, *Critical*, *Moderate*. - |nok| * - :guilabel:`Download updates from Microsoft Servers` - Defines whether updates are downloaded directly from Microsoft servers. - |nok| * - :guilabel:`Scan / download scheduling` - Defines the Windows Update scan recurrence (Will not do anything if *waptwua* package rule or :file:`wsusscn2.cab` file have not changed). - |nok| * - :guilabel:`Install pending Windows updates at shutdown` - Forces updates to install when the host shuts down. - |nok| * - :guilabel:`Installation scheduling` - Defines the Windows Update install recurrence (will do nothing if no update is pending). - |nok| * - :guilabel:`Minimum delay before installation (days after publish date)` - Sets a deferred installation delay before publication. - |nok| .. tab:: repo-sync .. attention:: These options should only be used on a secondary repository. .. list-table:: :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Use remote repo` - Enables the WAPT Server to serve as a repository. - |ok| * - :guilabel:`Remote repository directories` - Defines folders to synchronize. - |ok| * - :guilabel:`Synchronize only when asked` - Enable or disable automatic synchronization - |nok| * - :guilabel:`Synchronize task period` - Sets synchronization periodicity. - |ok| * - :guilabel:`Local repository time for synchronization start` - Sets synchronization start time (HH:MM / 24h format). - |nok| * - :guilabel:`Local repository time for synchronization end` - Sets synchronization start stop (HH:MM / 24h format). - |nok| .. list-table:: Column :header-rows: 1 :widths: auto :align: center * - Value - Description * - :guilabel:`Saved Properties` - List of :ref:`options ` with the configuration. * - :guilabel:`Certificate` - List of :ref:`certificate ` with the configuration. .. list-table:: Footer :header-rows: 1 :widths: auto :align: center * - Value - Description * - :guilabel:`Save on server` - Saves the configuration on the WAPT server. * - :guilabel:`Export As Json File` - Exports the configuration in :mimetype:`JSON`. * - :guilabel:`Close` - Closes the window. * After configuration it is possible to copy commands by right-clicking on the configuration. .. figure:: wapt-resources/wapt_console_initial-configuration_windows-copy-menu.png :align: center :alt: Copy command Copy command .. list-table:: Copy options :header-rows: 1 :widths: auto :align: center * - Value - Description * - :guilabel:`Copy URL` - Gives a download URL to retrieve the :mimetype:`.json` from the WAPT server. * - :guilabel:`Copy installation command` - Gives a command to install the configuration for a WAPT Agent. .. note:: It is possible to install a blank WAPT Agent and to give it the copied installation command to provide the configuration.