Using WAPT Self-Service WAPT Enterprise feature only

Presentation

With WAPT 1.7 Enterprise you can now filter the list of self-service packages available for your users.

Your users will be able to install a selection of WAPT packages without having to be a Local Administrator on their desktop.

The Users gain in autonomy while deploying software and configurations that are trusted and authorized by the Organization. This is a time saving feature for the Organization’s IT support Helpdesk.

How does it work?

With WAPT 1.7 Enterprise, a new type of WAPT package exists beside base, group, host, profile and unit packages: they are self-service packages.

Create a *self-service* package

Create a self-service package

A self-service package may now be deployed on hosts to list the different self-service rules that apply to the host.

How to use the self-service feature?

Hint

The self-service feature is only available with WAPT Enterprise.

In the Discovery version, only Local Administrators and members of the waptself-service group can access self-service on the agent.

In the Discovery version, it is not possible to filter the packages made accessible to the user.

In the console go to the tab Self-service rules.

You can now create your first self-service rule package.

  • give a name to your new self-service package;

  • click on Add to add an Active Directory group (at the bottom left);

  • name the self-service group (with F2 or type directly into the cell);

  • drag the allowed software and configuration packages for this self-service group into the central column;

  • add as many groups as you want in the package;

  • save the package and deploy the package on your selection of hosts;

  • once the package is deployed, only allowed packages listed in the self-service group(s) of which the User is a member will be shown to the logged in User;

Note

  • if a group appears in multiple self-service packages, then the rules are merged;

  • the authentication used is system authentication, local users and groups, but if the machine is in a domain then authentication and groups will also work with users and groups in the domain;

How to use the self-service on the user station?

The self-service is accessible to users in the start menu under the name Self-Service software WAPT.

It is also available directly in <base>\waptself.exe.

The login and password to enter when launching the self-service are the User’s credentials (local or Active Directory credentials).

The self-service then displays a list of packages available for installation.

Self Service

Self Service

  • the user can have more details on each package with the + icon;

  • different filters are available for the user on the left side panel;

  • the Update Catalog button is used to force a wapt-get update on the WAPT agent;

  • the list of package categories is displayed to the user. To add a category to the list, you must specify the category in the categories section of the control file of the relevant package;

  • the current task list of the WAPT agent is available with the task bar button;

  • it is possible to change the language of the interface with the configuration button at the bottom left.

Customizing the Self Service interface

Adding the Logo of your Organization

In the Enterprise version only of WAPT, it is possible to change the logo that appears in the self-service interface and therefore improve the acceptation of the Self Service feature by your users.

To do this, simply place the logo you want in <wapt>\templates\waptself-logo.png

Note

It is highly recommended to use a .png file with a 200 x 150px resolution.

Managing package categories

Default categories are:

  • Internet;

  • Utilities;

  • Messaging;

  • Security;

  • System and network;

  • Storage;

  • Media;

  • Development;

  • Office​​;

You can create your own categories easily by filling the control file’s categories section of any WAPT package and write a new category of your choice, WAPT will automatically show the package in the new category.

WAPT Agent Settings for WAPT Self-Service

WAPT Agent can be configured to force WAPT self-service packages filtering to Local Administrators WAPT Self-Service and Waptservice Authentification settings.

Configuring a different authentication method for the self-service

As mentioned above, authentication on WAPT service is configured by default in system mode.

This means that the WAPT service transmits the authentication directly to the operating system; it also recovers the groups by directly interrogating the operating system.

This behavior is defined with the value of service_auth_type in wapt-get.ini. The default value is system.

In this mode we assume that Local Administrators can see all the packages. To change this behavior, modify the value of waptservice_admin_filter in wapt-get.ini.

You may be interested in looking up this article describing the settings for WAPT Self-Service and Waptservice Authentification for more options.

Two additional modes are available :

  • waptserver-ldap: this mode allows authentication to the WAPT server. The WAPT server will make a LDAP request to verify authentication and groups. Warning ! For this to work, you must have configured LDAP authentication on the WAPT server, (the configuration of the admin group will be ignored) See this article on configuring authentication against Active Directory for more information.

  • waptagent-ldap, This mode allows authentication with an LDAP server identified in wapt-get.ini. The WAPT agent will make a LDAP request to verify authentication and groups.

    You may be interested in looking up this article describing the settings for WAPT Self-Service and Waptservice Authentification for more options.

    Note

    For the system authentication under GNU/Linux to work correctly, be sure to correctly configure your pam authentication and your nsswitch.conf. The id username command must return the list of the groups the user is member of.

Video demonstration

Using WAPTtray

wapttray is a utility working in user context, it is located in the WAPT folder C:\Program Files (x86)\wapt.

wapttray launches at logon if the option has been ticked during installation. The icon will show up in the Windows tray toolbar.

We can also launch wapttray manually with a startup GPO pointing on C:\Program Files (x86)\wapt\wapttray.exe.

The tray icon is handy for autonomous users that want to choose the right moment to upgrade their packages.

WAPTtray in Windows notification tray

WAPTtray in Windows notification tray

Functionalities of the WAPTtray

List of functionalities of the WAPTtray

Action

Description

Showing the status of packages

launches the local web interface in a browser

Launching the installation of a update

launches the installation of pending upgrades

Refreshing the list of available

refreshes the list of available packages. Double-clicking on the tray icon brings about the same effect.

Launching the WAPT console

launches the WAPT console

Viewing the configuration file

opens the C:\Program Files (x86)\wapt\wapt-get.ini file with Local Administrator privileges (credentials may be asked)

Reloading network related service configuration

reloads the connection to the WAPT Server in the event of a network reconfiguration

Uploading the host’s inventory to the WAPT Server

updates the host’s inventory with the WAPT Server

Configuring all installed packages for the User

launches a session-setup to configure user environment for all packages installed on the host

Canceling WAPT tasks running on the host

shows running tasks, allows to cancel a running task, allows to cancel all running tasks

Stopping and starting the WAPT service

stops and reloads the WAPTservice

Exiting the WAPTtray

closes the tray icon without stopping the local WAPTservice

Using WAPTExit

waptexit allows to upgrade and install WAPT packages when a host is shutting down, at the user’s request, or at a scheduled time.

The mechanism is simple. If packages are waiting to be upgraded, they’ll be installed.

Hint

When to use WAPTexit?

The WAPTexit method is very effective in most situation because it does not require the intervention of the User or the Administrator.

WAPTexit window

WAPTexit window

WAPTexit

waptexit executes by default on shutdown; it is installed by default with the WAPT agent.

The behavior of waptexit is customizable in C:\Program Files (x86)\wapt\wapt-get.ini.

Manually triggering the execution of WAPTexit

By creating a desktop shortcut, one can allow users to launch upgrades by themselves at a time that is convenient to them simply by clicking the WAPTexit icon.

The behavior of waptexit is customizable in C:\Program Files (x86)\wapt\wapt-get.ini.

Triggering WAPTexit with a scheduled task

One can deploy a GPO or a WAPT package that will trigger WAPTexit at a pre-scheduled time.

Triggering WAPTexit with a scheduled task is best suited for servers that are not shutdown frequently.

You may adapt the procedure describing how to deploy the WAPT agent to trigger the WAPTexit.exe script at the time of your choosing.

Hint

You can use the following script for your scheduled task, adapted to your need (Enterprise only):

waptpython -c "from waptenterprise.waptservice.enterprise import start_waptexit
start_waptexit('',{'only_priorities':False,'only_if_not_process_running':True,
'install_wua_updates':False,'countdown':300},'schtask')"

Warning

All running software that are upgraded may be killed with possible loss of data. WAPTexit may fail to upgrade a software program if a software that you are upgrading is in the impacted_process list of the control file of one of the software you are trying to upgrade. See below for more information.

The method of triggering WAPTexit at a scheduled time is the least recommended method for desktops. It is better to let WAPTexit execute at shutdown or on user request.

Avoiding the cancellation of upgrades

To disable the interruption of the installation of updates you can run waptexit with the argument:

waptexit.exe -allow_cancel_upgrade = True

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
allow_cancel_upgrade = False

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be 10.

Increase the trigger time in waptexit

To specify the wait time before the automatic start of the installations you can start waptexit with the argument:

waptexit.exe -waptexit_countdown = 10000

Otherwise waptexit will take the value indicated in the configuration C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
waptexit_countdown = 25

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be 1.

Do not interrupt user activity

To tell WAPT not to run an upgrade of running software on the machine (impacted_process attribute of the package), you can run waptexit with the argument:

waptexit.exe -only_if_not_process_running=True

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
upgrade_only_if_not_process_running = True

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be False.

Launching the installation of packages with a special level of priority

To tell WAPT to only upgrade high priority packages, you can run waptexit with the argument:

waptexit.exe -priorities = high

Otherwise waptexit will take the value indicated in C:\Program Files (x86)\wapt\wapt-get.ini:

[global]
upgrade_priorities = high

If this value is not indicated in C:\Program Files (x86)\wapt\wapt\wapt-get.ini, then the default value will be Empty (no filter on priority).

Customizing WAPTexit

WAPT Enterprise feature only

It is possible to customize waptexit by placing the image you want in C:\Program Files (x86)\wapt\templates\waptexit-logo.png.

Registering/ unregistering WAPTexit

To register or unregister waptexit in local shutdown group strategy scripts, use:

  • to enable waptexit at host shutdown:

wapt-get add-upgrade-shutdown
  • to disable waptexit at host shutdown:

wapt-get remove-upgrade-shutdown