Deploying the WAPT agent

Two methods are available to deploy the waptagent.exe.

The first method is manual and the procedure must be applied on each machine.

The second one is automated and relies on GPO.

Note

The waptsetup.exe installer is available at http://wapt.mydomain.lan/wapt/waptagent.exe.

If you do not sign the waptagent.exe installer with a commercial Code Signing certificate or a Code Signing certificate issued by the Certificate Authority of your Organization after having generated it, web browsers will show a warning message when downloading the installer. To remove the warning message, you must sign the .exe with a Code Signing certificate that can be verified by a CA bundle stored in the machine’s certificate store.

Hint

When to deploy the WAPT agent manually?

Manual deployment method is efficient in these cases:

  • testing WAPT;
  • using WAPT in an association/ an organization with a small number of computers, etc;

Deploying waptagent.exe automatically

Attention

This operation requires Local Administrator rights on the local computer.

Installing waptagent.exe

  • choose the language and click on Next to go to next step;
Choose the installation language

Choose the installation language

  • accept the license terms and click on Next to go to next step;
Accepting the EULA

Accepting the EULA

  • choose the installation directory and click on Next to go to next step;
Select the installation folder for the WAPT agent

Select the installation folder for the WAPT agent

  • choose the additional parameters and click on Next to go to next step;

Hint

leave Force-reinstall VC++ enabled checked. If the option box is ticked it is because the installation is necessary.

Choose the installer's options

Choose the installer’s options

  • choose the WAPT repository and the WAPT Server and click on Next to go to next step;
Choose the WAPT repository and server

Choose the WAPT repository and server

  • install the WAPT agent by clicking on Install;
Summary of installation options

Summary of installation options

  • wait for the installation of the WAPT agent to finish, then click on Finish to exit;
Installation in progress

Installation in progress

The installation of the WAPT agent is finished. With cmd.exe, launch a register to register the machine with the WAPT Server and an update to display the list of available WAPT packages.

End of WAPT agent installation

End of WAPT agent installation

Note

  • tick Register this host on WAPT Server to register the computer on the WAPT inventory server;
  • tick Update package list from repository to update the list of available packages;

To manage your Organization’s WAPT clients, visit the documentation on using the WAPT console.

Deploying automatically the WAPT agents

Important

Technical pre-requisites

Advanced network and system administration knowledge is required to achieve this procedure. A properly configured network will ensure its success.

Hint

When to deploy the WAPT agent automatically? The following method is useful in these cases:

  • a large organization with many computers;
  • a Samba Active Directory or Microsoft Active Directory for which you have enough administration privileges;
  • the security and the traceability of actions are important to you or to your Organization;
  • or just simply, you prefer to act with your head instead of with your feet ;)

Deploying the WAPT agents silently

Without waptdeploy

waptagent.exe is an InnoSetup installer, it can be executed with these silent switches:

waptagent.exe /VERYSILENT
  • Additional arguments available for waptdeploy
Settings Value Description
/dnsdomain mydomain.lan Domain in wapt-get.ini filled in during installation
/wapt_server https://srvwapt.mydomain.lan URL of the WAPT server in wapt-get.ini filled in during installation
/repo_url https://repo1.mydomain.lan/wapt URL of the WAPT repository in wapt-get.ini filled in during installation
/StartPackages= basic-group Group of WAPT packages to install by default
/verify_cert= 1 or relative path ssl\server\srvwapt.mydomain.lan.crt Value of verify_cert entered during installation
/CopyServersTrustedCA path to a bundle to copy to sslserver Certificate bundle for https connections (to be defined by verify_cert)
/CopypackagesTrustedCA path to a certificate bundle to copy into ssl Certificate bundle for verifying package signatures

Hint

The iss file for the InnoSetup installer is available here: C:\Program Files\wapt\waptsetup\waptsetup.iss.

You may choose to adapt it to your specific needs. Once modified, you’ll just have to recreate a waptagent.

To learn more about the options available with InnoSetup, visit this documentation.

With waptdeploy

waptdeploy is a small binary that:

  • checks the version of the WAPT agent;
  • downloads with http the waptagent.exe installer;
  • launches the silent installer with arguments (checked options defined during the compilation of the WAPT agent);
/VERYSILENT /MERGETASKS= ""useWaptServer""
  • updates the WAPT Server with the WAPT agent status (WAPT version, package status);

Note

waptdeploy must be started as Local Administrator, that is why we advise you to use a GPO.

Creating a GPO to deploy the WAPT agents

Download waptdeploy.exe by visiting: http://wapt.tranquil.it/wapt/releases/latest/waptdeploy.exe.

Creating the GPO

  • create a new group strategy called install_wapt on the Active Directory server (Microsoft or Samba-AD);
  • add a new strategy: Computer configuration ‣ Strategies ‣ Windows configuration ‣ Scripts ‣ Startup ‣ Add;
Creating a group strategy to deploy the WAPT agent

Creating a group strategy to deploy the WAPT agent

  • click on Browse to select the waptdeploy.exe script;
Finding the waptdeploy.exe file on your computer

Finding the waptdeploy.exe file on your computer

  • copy waptdeploy.exe in the destination folder;
Selecting the waptdeploy.exe script

Selecting the waptdeploy.exe script

  • click on Open to import the waptdeploy.exe script;
Selecting the waptdeploy.exe script

Selecting the waptdeploy.exe script

  • click on Open to confirm the importation of the waptdeploy binary;

Passing arguments

Hint

Starting with version 1.3.7, it is necessary to provide the checksum of the waptagent.exe as an argument to the waptdeploy GPO.

This will prevent the remote machine from executing an erroneous/ corrupted waptagent binary.

--hash="checksum du WaptAgent"--minversion=1.5.1.23 --wait=15

Note

Parameters and waptagent.exe checksum to use for the waptdeploy GPO are available on the WAPT Server by visiting https://wapt.mydomain.lan.nt.

Web console of the WAPT Server

Web console of the WAPT Server

  • copy the required parameters;
add the *waptdeploy* script to the startup GPO

add the waptdeploy script to the startup GPO

  • click on OK to go on to the next step;
WAPTdeploy GPO to be deployed on next startup

WAPTdeploy GPO to be deployed on next startup

  • click on OK to go on to the next step;
  • apply resulting GPO strategy to the Organization’s Computers OU (Organizational Units);

Additional arguments available for waptdeploy

Settings Value Description
--force   Forces the installation of waptagent.exe even if the WAPT agent is already installed
--waptsetupurl https://wapt/wapt/waptagent.exe Gives explicitly the WAPT agent URL/path to use to download the WAPT agent
--tasks autorunTray,installService,installredist2008,autoUpgradePolicy Sets waptagent installation tasks
--wait 10 Timeout for installing the WAPT agent.
--setupargs= /dnsdomain=mydomain.lan /wapt_server= /repo_url= Passing additional parameters to waptagent
--hash="43254648348435423486"--minversion=1.5.1.23 --waptsetupurl=http://srvwapt.mydomain.lan/waptagent.exe --wait=10

Hint

  • For waptdeploy to work best, you may execute the same GPO on computer shutdown;

Launching waptdeploy with a scheduled task

You may also choose to launch waptdeploy using a scheduled task that has been set by GPO.

Hint

This method is particularly effective for deploying WAPT on workstations when the network is neither available on starting up or shutting down.

The method consists of using a GPO to copy waptdeploy.exe and waptagent.exe:

  • Source : \mydomain.lan\netlogon\waptagent.exe
  • Destination : C:\windows\temp\waptagent.exe
WAPT agent installation progress

WAPT agent installation progress

  • copy waptdeploy.exe and waptagent.exe in the netlogon share of your Active Directory Server;

  • then create a GPO to set up a scheduled task that will launch waptdeploy:

    c:\windows\temp\waptdeploy.exe
    

    Arguments:

    --hash="43254648348435423486"--minversion=1.5.1.23 --waptsetupurl=C:\windows\temp\waptagent.exe --wait=10
    
    Task installation properties

    Task installation properties

  • choose a time after which the scheduled task will trigger and set the re-triggering of the task every 30 minutes until success:

    Advanced properties of the installation task

    Advanced properties of the installation task

  • allow the scheduled task to start even if the device is powered on battery:

    Power settings

    Power settings