Deploying the WAPT agent¶
Two methods are available to deploy the waptagent.exe.
The first method is manual and the procedure must be applied on each machine.
The second one is automated and relies on GPO.
The waptagent.exe installer is available at http://wapt.mydomain.lan/wapt/waptagent.exe.
If you do not sign the
waptagent.exe installer with a commercial
Code Signing certificate or a
Code Signing certificate issued
by the Certificate Authority of your Organization
after having generated it, web browsers will show a warning message
when downloading the installer. To remove the warning message, you must
.exe with a
Code Signing certificate that can be verified
by a CA bundle stored in the machine’s certificate store.
When to deploy the WAPT agent manually?
Manual deployment method is efficient in these cases:
- testing WAPT;
- using WAPT in an association/ an organization with a small number of computers, etc;
Deploying waptagent.exe automatically¶
This operation requires Local Administrator rights on the local computer.
- choose the language and click on Next to go to next step;
- accept the license terms and click on Next to go to next step;
- choose the installation directory and click on Next to go to next step;
- choose the additional parameters and click on Next to go to next step;
leave Force-reinstall VC++ enabled checked. If the option box is ticked it is because the installation is necessary.
- choose the WAPT repository and the WAPT Server and click on Next to go to next step;
- install the WAPT agent by clicking on Install;
- wait for the installation of the WAPT agent to finish, then click on Finish to exit;
The installation of the WAPT agent is finished. With cmd.exe, launch a register to register the machine with the WAPT Server and an update to display the list of available WAPT packages.
- tick Register this host on WAPT Server to register the computer on the WAPT inventory server;
- tick Update package list from repository to update the list of available packages;
To manage your Organization’s WAPT clients, visit the documentation on using the WAPT console.
Deploying automatically the WAPT agents¶
Advanced network and system administration knowledge is required to achieve this procedure. A properly configured network will ensure its success.
When to deploy the WAPT agent automatically? The following method is useful in these cases:
- a large organization with many computers;
- a Samba Active Directory or Microsoft Active Directory for which you have enough administration privileges;
- the security and the traceability of actions are important to you or to your Organization;
- or just simply, you prefer to act with your head instead of with your feet ;)
Deploying the WAPT agents silently¶
waptagent.exe is an InnoSetup installer, it can be executed with these silent switches:
- Additional arguments available for waptdeploy
||https://srvwapt.mydomain.lan||URL of the WAPT server in
||https://repo1.mydomain.lan/wapt||URL of the WAPT repository in
||basic-group||Group of WAPT packages to install by default|
||1 or relative path
||path to a bundle to copy to
||Certificate bundle for https connections (to be defined by
||path to a certificate bundle to copy into
||Certificate bundle for verifying package signatures|
iss file for the InnoSetup installer is available here:
C:\Program Files (x86)\wapt\waptsetup\waptsetup.iss.
You may choose to adapt it to your specific needs. Once modified, you’ll just have to recreate a waptagent.
To learn more about the options available with InnoSetup, visit this documentation.
waptdeploy is a small binary that:
- checks the version of the WAPT agent;
- downloads with http the waptagent.exe installer;
- launches the silent installer with arguments (checked options defined during the compilation of the WAPT agent);
/VERYSILENT /MERGETASKS= ""useWaptServer""
- updates the WAPT Server with the WAPT agent status (WAPT version, package status);
waptdeploy must be started as Local Administrator, that is why we advise you to use a GPO.
Creating a GPO to deploy the WAPT agents¶
waptdeploy.exe by visiting:
Creating the GPO¶
- create a new group strategy called install_wapt on the Active Directory server (Microsoft or Samba-AD);
- add a new strategy: ;
- click on Browse to select the
waptdeploy.exein the destination folder;
- click on Open to import the
- click on Open to confirm the importation of the waptdeploy binary;
Starting with version 1.3.7, it is necessary to provide the checksum
waptagent.exe as an argument to the waptdeploy GPO.
This will prevent the remote machine from executing an erroneous/ corrupted waptagent binary.
--hash="checksum du WaptAgent"--minversion=220.127.116.11 --wait=15
Parameters and waptagent.exe checksum to use for the waptdeploy GPO are available on the WAPT Server by visiting https://wapt.mydomain.lan.nt.
- copy the required parameters;
- click on OK to go on to the next step;
- click on OK to go on to the next step;
- apply resulting GPO strategy to the Organization’s Computers OU (Organizational Units);
Additional arguments available for waptdeploy¶
||Forces the installation of waptagent.exe even if the WAPT agent is already installed|
||https://wapt/wapt/waptagent.exe||Gives explicitly the WAPT agent URL/path to use to download the WAPT agent|
||autorunTray,installService,installredist2008,autoUpgradePolicy||Sets waptagent installation tasks|
||10||Timeout for installing the WAPT agent.|
||/dnsdomain=mydomain.lan /wapt_server= /repo_url=||Passing additional parameters to waptagent|
--hash="43254648348435423486"--minversion=18.104.22.168 --waptsetupurl=http://srvwapt.mydomain.lan/waptagent.exe --wait=10
- For waptdeploy to work best, you may execute the same GPO on computer shutdown;
Launching waptdeploy with a scheduled task¶
You may also choose to launch waptdeploy using a scheduled task that has been set by GPO.
This method is particularly effective for deploying WAPT on workstations when the network is neither available on starting up or shutting down.
The method consists of using a GPO to copy
- Source :
- Destination :
waptagent.exein the netlogon share of your Active Directory Server;
then create a GPO to set up a scheduled task that will launch waptdeploy:
--hash="43254648348435423486"--minversion=22.214.171.124 --waptsetupurl=C:\windows\temp\waptagent.exe --wait=10
choose a time after which the scheduled task will trigger and set the re-triggering of the task every 30 minutes until success:
allow the scheduled task to start even if the device is powered on battery: