.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: The WAPT management console :keywords: waptconsole, management, WAPT, certificate, documentation .. |ok| image:: wapt-resources/ok.png :scale: 5% :alt: feature available .. |nok| image:: wapt-resources/nok.png :scale: 5% :alt: feature not available .. |date| date:: The WAPT Server having been successfully installed, now we will install the WAPT console. .. _installing_the_WAPT_console: *************************** The WAPT management console *************************** .. Attention:: If you have already :ref:`generated the WAPT agent ` and :ref:`deployed the agent ` on your :term:`Administrator`'s workstation, then :ref:`launch the WAPT console `. .. note:: * Managing WAPT is done mainly via the WAPT console installed on the :term:`Administrator`'s workstation. * It is recommended that the Administrator's computer be joined to the :term:`Organization` 's Active Directory. * The host name of the Administrator's workstation **must not be longer than 15 characters.** This is a limit of *sAMAccountName* attribute in Active Directory. * **The Administrator's computer will become critical for WAPT administration and WAPT package testing.** * If DNS records are properly configured, you should be able to access the WAPT web interface by visiting https://srvwapt.mydomain.lan. * As of |date|, the WAPT console only installs on Windows. .. hint:: It is **highly recommended** to use the console on a **dedicated management machine**. .. _console_on_windows: If the WAPT Server is installed on a Windows host ================================================= .. warning:: The WAPT console **MUST NOT** be installed on your Windows based WAPT Server. The WAPT console must be installed on the workstation from which you manage your network. For installing the WAPT console, download :download:`waptsetup.exe ` with Tranquil IT server on the WAPT server. * Rename the file `waptsetup-tis.exe`. * Copy to :file:`C:\\wapt\\waptserver\\repository\\wapt`. You may now go on :ref:`downloading and launching the installation of the WAPT console on the Administrator's computer ` If the WAPT Server is installed on a Linux host =============================================== Go to next step, the WAPT Console is already on your server. .. _donwloading_the_WAPT_console: .. figure:: wapt-resources/web-interface-server.png :align: center :alt: The WAPT Server web interface The WAPT Server web interface * If DNS records are properly configured, you should be able to access the WAPT web interface by visiting: https://srvwapt.mydomain.lan. * Click on :guilabel:`WAPTSetup` link on the right-hand side of the WAPT Server web page. Installing on the Administrator’s computer ========================================== .. attention:: If **waptagent** are not compiled and installed on your computer, need to install waptsetup. Else, the WAPT console is already installed with the waptagent, you just need :ref:`configure it `. * Start the executable installer as :term:`Local Administrator` on the :term:`Administrator`'s workstation. * Choose the language and click on :guilabel:`OK` to install the WAPT console. .. figure:: wapt-resources/wapt_console-choose-language.png :align: center :alt: Choosing the language for WAPT Choosing the language for WAPT * Click on :guilabel:`OK` to go on to the next step. .. figure:: wapt-resources/wapt_console-accept-wapt-license.png :align: center :alt: Accepting the WAPT license terms Accepting the WAPT license terms * Accept the licence terms and click on :guilabel:`Next` to go to next step. * Choose your installation options (default values should be right for most installations). .. figure:: wapt-resources/wapt_console-choose-options.png :align: center :alt: Choosing the installer's options Choosing the installer's options .. list-table:: Available options of the WAPT installer :header-rows: 1 :widths: auto :align: center * - Settings - Description - Default value * - Install WAPT service - Add WAPT service on your management computer. - Checked * - Launch notification icon upon session opening - Launch waptagent on systray at startup. - Not checked * - Disable hiberboot, and increase shutdown GPO timeout (recommended) - Disable Windows fast startup for stability, increase timeout for waptexit. - Checked * - Install the certificates provided by this installer - Install Tranquil IT certificate only on this computer. - Not checked * - Use a random UUID to identify the computer instead of BIOS - For more information, check the documentation on :ref:`BIOS UUID bugs ` - Not checked * Set up the WAPT Server URL. .. hint:: Here, two choices become available to you. * If this is the first installation and the WAPT agent has not already been built / installed. * Check :guilabel:`Static WAPT Informations` and set: * WAPT repository URL: http://srvwapt.mydomain.lan/wapt. * WAPT Server URL: https://srvwapt.mydomain.lan. .. figure:: wapt-resources/wapt_console-choose-repo-and-server-url.png :align: center :alt: Choosing the WAPT repository and server Choosing the WAPT repository and server * Choose the WAPT repository and server; click :guilabel:`Next`. * If the WAPT console or the WAPT agent is already installed: * Check :guilabel:`Don't change current setup`, then click :guilabel:`Next`. .. figure:: wapt-resources/wapt_console-already-repo-and-server-url.png :align: center :alt: The WAPT repository and server are already set The WAPT repository and server are already set * Get a summary of the WAPT console installation. .. figure:: wapt-resources/wapt_console-abstract-install.png :align: center :alt: The WAPT console installation abstract * Click :guilabel:`Install` to launch the installation, wait for the installation to complete, then click on :guilabel:`Finish` (leave default options). .. figure:: wapt-resources/wapt_console-installation-progress.png :align: center :alt: Installation Wizard in progress Installation Wizard in progress .. figure:: wapt-resources/wapt_console-installation-wizard-completed.png :align: center :alt: Installation Wizard has finished Installation Wizard has finished * Uncheck :guilabel:`Show installation documentation`. .. _configure_console: Starting the WAPT console ========================= * Launch the WAPT console: * By looking for the binary. :file:`C:\\Program Files (x86)\\wapt\\waptconsole.exe` * Or using the :guilabel:`Start` Menu. .. figure:: wapt-resources/wapt_console-start-menu.png :align: center :alt: The WAPT Console Start Menu The WAPT Console Start Menu * Log into the WAPT console with the :term:`SuperAdmin` login and password. .. figure:: wapt-resources/wapt_console-authentication.png :align: center :alt: The WAPT Console authentication window The WAPT Console authentication window If you have any issue logging into the WAPT console, please refer to the FAQ: :ref:`msg_error_open`. It is recommended to launch the WAPT console with a Local Administrator account to enable local debugging of WAPT packages. For Enterprise version, it is possible to authenticate with :ref:`Active Directory `. First start after server installation ------------------------------------- .. hint:: On first start, you must start the WAPT console with elevated privileges. :menuselection:`Right-click on the WAPT console binary --> Start as Local Administrator`. Certificate affectation ^^^^^^^^^^^^^^^^^^^^^^^ .. note:: A message may appear indicating that no personal certificate has been defined. .. figure:: wapt-resources/wapt_console-no-certificate.png :align: center :alt: WAPT personal certificate not present * Select :guilabel:`Yes` .. figure:: wapt-resources/wapt_console-basic-configuration-tab.png :align: center :alt: Window for the basic configuration of the WAPT console * Click on :guilabel:`New private key and certicate` and see :ref:`create your certificate. ` Packet prefix definition ^^^^^^^^^^^^^^^^^^^^^^^^ .. note:: A message may appear indicating that no package prefix has been defined. .. figure:: wapt-resources/wapt_console-no-prefix.png :align: center :alt: WAPT personal certificate not present * Select :guilabel:`Yes` * Set your packages prefix on :guilabel:`WAPT packages prefix` .. figure:: wapt-resources/wapt_console-basic-configuration-tab.png :align: center :alt: Window for the basic configuration of the WAPT console waptagent.exe errors ^^^^^^^^^^^^^^^^^^^^ .. note:: A message may appear indicating that your WAPT agent version is obsolete or not yet present. .. figure:: wapt-resources/wapt_console-waptagent-not-present.png :align: center :alt: WAPT agent not present If the :ref:`administrator's certicate ` existing, it's possible to :ref:`generating new agent ` by clicking on :guilabel:`Yes`. Also click on :guilabel:`No` and generate the :ref:`administrator's certicate `. .. _licence_activation: ****************** License activation ****************** .. note:: On WAPT, the difference between **Discovery** and **Enterprise** version are manage by licence used. Activating licence ================== .. hint:: For activating the licence, used the :file:`\licence.lic` file provided by our sales department. In the WAPT console, click on :guilabel:`?` tab .. figure:: wapt-resources/wapt_console-int-point-tab.png :align: center :alt: More info tab Choose :guilabel:`Licences` : .. figure:: wapt-resources/wapt_console-licence-no-licence.png :align: center :alt: Licence activation Select your :file:`\licence.lic` and click :guilabel:`Open`. .. figure:: wapt-resources/wapt_console-licence-ok-licence.png :align: center :alt: Licence activated Removing licence ================ In the WAPT console, click on :guilabel:`?` tab .. figure:: wapt-resources/wapt_console-int-point-tab.png :align: center :alt: More info tab Choose :guilabel:`Licences` : .. figure:: wapt-resources/wapt_console-licence-ok-licence.png :align: center :alt: Licence activation Select the row and click :guilabel:`Remove License` : .. figure:: wapt-resources/wapt_console-licence-confirm-remove.png :align: center :alt: Licence removed After confirmation, licence are removed : .. figure:: wapt-resources/wapt_console-licence-no-licence.png :align: center :alt: Licence activation License location ================ :file:`\licence.json` are stocked on server on following location : * Debian / Ubuntu : .. code-block:: ini /var/www/licences.json * Red Hat / CentOS .. code-block:: ini /var/www/html/licences.json * Windows : .. code-block:: ini C:\wapt\waptserver\repository\licences.json License error ============= Expired licence --------------- If the licence is expired status display :guilabel:`Expired` : .. figure:: wapt-resources/wapt_console-licence-expired.png :align: center :alt: Licence expired Old licence location -------------------- On console installation, if licence is located an old location, this error appear : .. figure:: wapt-resources/wapt_console-licence-error-old-location.png :align: center :alt: Licence error to old location Error activating licence ------------------------ This error is due to a problem with the post-configuration script and a special configuration of NGINX. .. figure:: wapt-resources/wapt_console-licence-error-added.png :align: center :alt: Error activating licence **3 points** are to be checked : 1. Check if :file:`/etc/nginx/sites-enabled/wapt.conf` is a symbolic link of :file:`/etc/nginx/sites-available/wapt.conf`. * Use this command : .. code-block:: bash ls -l /etc/nginx/sites-enabled/wapt.conf * If symbolic link exist, output is : .. code-block:: bash lrwxrwxrwx 1 root root 36 Jun 9 09:35 /etc/nginx/sites-enabled/wapt.conf -> /etc/nginx/sites-available/wapt.conf * Also remove file an create symbolic link : * remove :file:`/etc/nginx/sites-enabled/wapt.conf` .. code-block:: bash rm /etc/nginx/sites-enabled/wapt.conf * create symbolic link : .. code-block:: bash ln -s /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-enabled/wapt.conf 2. Check if :file:`licences.json` is present in :guilabel:`location` section of :file:`/etc/nginx/sites-enabled/wapt.conf` .. code-block:: bash location ~ ^/(wapt/waptsetup-tis.exe|wapt/waptagent.exe|wapt/waptdeploy.exe|sync.json|rules.json|licences.json)$ { add_header Cache-Control "store, no-cache, must-revalidate, post-check=0, pre-check=0"; add_header Pragma "no-cache"; root "/var/www"; } * If exist, restart NGINX : .. code-block:: bash systemctl restart nginx * Also add :file:`licences.json` in :guilabel:`location` section of :file:`/etc/nginx/sites-enabled/wapt.conf` and restart NGINX. .. code-block:: bash systemctl restart nginx 3. If error also exist : * Empty :file:`/var/www/licences.json` : .. code-block:: bash > /var/www/licences.json * Retry :ref:`licence activation ` .. _create_certificate: ******************************************************************** Generating the Administrator's certificate for signing WAPT packages ******************************************************************** .. hint:: * The name of the private key is :file:`wapt-private.pem`. * The name of the public certificate signed with the private key is :file:`wapt-private.crt`. Private key *wapt-private.pem* ============================== .. attention:: The :file:`wapt-private.pem` file is **fundamental for security**. It must be stored in a safe place and correctly protected. The :file:`wapt-private.pem` file is the private key, it is located by default in the :file:`C:\\private` folder of the :term:`Administrator` workstation and is password protected. This private key will be used along with the certificate to sign packages before uploading them onto the WAPT repository. .. danger:: The :file:`wapt-private.pem` file **MUST NOT** be stored on the WAPT server. Public certificate : *wapt-private.crt* ======================================= The :file:`wapt-private.crt` file is the public certificate that is used along with the private key. It is by default created in the :file:`C:\\private` folder of the Administrator, copied and deployed in :file:`C:\\Program Files (x86)\\wapt\\ssl` on the Windows desktops or in :file:`/opt/wapt/ssl` on the Linux and MacOS devices managed by the Administrator via a WAPT package, a GPO or an Ansible role. This certificate is used to validate the signature of packages before installation. .. attention:: * If the public certificate used on WAPT the console is not derived from the private key used for generating the WAPT agents, no interaction will be possible. * The child certificates of private keys are functional for interactions. .. _building_certificate: Building a certificate ====================== In the WAPT console go to :menuselection:`Tools --> Build certificate`. .. figure:: wapt-resources/wapt_console-build-certificate-from-menu.png :align: center :alt: Building a self-signed certificate Building a self-signed certificate .. important:: We have two different options: * :ref:`Creating a certificate for the Discovery version `. * :ref:`Creating a certificate for the Enterprise version `. .. _create_certificate_discovery: Discovery --------- * Fill in the following fields. .. figure:: wapt-resources/wapt_certificate-generate-certificate-discovery.png :align: center :alt: Creating a self-signed certificate for the Discovery version Creating a self-signed certificate for the Discovery version .. list-table:: Certificate informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Target key directory` - Folder where the private key and the public certificate will be stored. - |ok| * - :guilabel:`Key filename` - name of the :mimetype:`.pem` and :guilabel:`Name of the private key`. - |ok| * - :guilabel:`Private key password` - Password for locking and unlocking the key. - |ok| * - :guilabel:`Confirm password` - Password confirmation for locking and unlocking the key. - |ok| * - :guilabel:`Certificate name` - Name of the :mimetype:`.crt` certificate. - |ok| * - :guilabel:`Common Name (CN)` - Display name of the certificate. - |ok| * - :guilabel:`City` - Name of the certificate holder's city to register in the certificate. - |nok| * - :guilabel:`Country (2 chars. E.g : FR)` - Name of the certificate holder's country (FR, EN, ES, DE ...) to register in the certificate. - |nok| * - :guilabel:`Service` - Name of certificate holder's service or organizational department to register in the certificate. - |nok| * - :guilabel:`Organization` - Name of the certificate holder's Organization to register in the certificate. - |nok| * - :guilabel:`E-mail address` - Email address of the certificate holder to register in the certificate. - |nok| * - :guilabel:`Export PKCS12`` - Create :mimetype:`*.p12` certificate in :guilabel:`Target key directory`. - |nok| (recommended) Additional details are stored in the private key. This information will help with identifying the origin of the certificate and the origin of the WAPT package. .. hint:: The password complexity must comply with your :term:`Organization`'s security requirements (visit the `ANSSI website `_ for recommendations on passwords). .. danger:: * The path to your private key must not be in the installation path of WAPT (:file:`C:\\Program Files (x86)\\wapt`). * If your key is stored in :file:`C:\\Program Files (x86)\\wapt`, your :term:`Administrator` private key will be deployed on your clients, **absolutely a no go!**. * The :file:`wapt-private.pem` file should not be stored on the WAPT server. * Click on :guilabel:`OK` to go on to the next step. If everything has gone well the following message will appear: .. figure:: wapt-resources/wapt_certificate-successfully-generated.png :align: center :alt: Certificate generated successfully Certificate generated successfully * Click on :guilabel:`OK`. .. figure:: wapt-resources/wapt_certificate-confirm-copy-into-ssl-folder.png :align: center :alt: Confirmation of the copy of the certificate in the ssl folder Confirmation of the copy of the certificate in the ssl folder * Click on :guilabel:`Yes` to copy the newly generated certificate in the folder :file:`C:\\Program Files (x86)\\wapt\\ssl` on Windows or :file:`/opt/wapt/ssl` on Linux or MacOS. This certificate will be picked up during the compilation of the WAPT agent and deployed on the client computers. You may go on to the next step and :ref:`Building the WAPT agent installer `. .. _create_certificate_enterprise: Enterprise ---------- With WAPT Enterprise, you can create a Master key with a Certificate Authority flag that can both sign packages and sign new certificates. .. hint:: In order to create new signed certificates for delegated users, please refer to :ref:`creating a new certificate `. .. figure:: wapt-resources/wapt_certificate-generate-certificate-enterprise.png :align: center :alt: Creating a self-signed certificate for Enterprise version Creating a self-signed certificate for Enterprise version .. list-table:: Certificate informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Target key directory` - Folder where the private key and the public certificate will be stored. - |ok| * - :guilabel:`Key filename` - name of the :mimetype:`.pem` and :guilabel:`Name of the private key`. - |ok| * - :guilabel:`Private key password` - Password for locking and unlocking the key. - |ok| * - :guilabel:`Confirm password` - Password confirmation for locking and unlocking the key. - |ok| * - :guilabel:`Tag as code signing` - Check this box if the certificate/ key pair will be allowed to sign software packages. - |ok| * - :guilabel:`Tag as CA certificate` - Check this box if this certificate can be used to sign other certificates (main or intermediate Certificate Authority). - |ok| * - :guilabel:`Certificate name` - Name of the :mimetype:`.crt` certificate. - |ok| * - :guilabel:`Common Name (CN)` - Display name of the certificate. - |ok| * - :guilabel:`City` - Name of the certificate holder's city to register in the certificate. - |nok| * - :guilabel:`Country (2 chars. E.g : FR)` - Name of the certificate holder's country (FR, EN, ES, DE ...) to register in the certificate. - |nok| * - :guilabel:`Service` - Name of certificate holder's service or organizational department to register in the certificate. - |nok| * - :guilabel:`Organization` - Name of the certificate holder's Organization to register in the certificate. - |nok| * - :guilabel:`E-mail address` - Email address of the certificate holder to register in the certificate - |nok| * - :guilabel:`Authority Signing Key` - Key (:file:`*.pem`) of CA - |nok| * - :guilabel:`Authority Signing Certificate` - Certicate (:file:`*.crt`) of CA - |nok| * - :guilabel:`Export PKCS12` - Create :file:`*.p12` certicate in :guilabel:`Targets keys directory` - |nok| (recommended) Additional details are stored in the private key. This information will help with identifying the origin of the certificate and the origin of the WAPT package. .. hint:: The password complexity must comply with your :term:`Organization`'s security requirements (visit the `ANSSI website `_ for recommendations on passwords). .. note:: If your Organization is already equipped with an :term:`Certificate Authority` (CA), you will have to fill the certificate and the key in the fields :guilabel:`Authority Signing Key` and :guilabel:`Authority Signing Certificate`. With this procedure you can generate new certificates/ key pairs with or without **Code Signing** capability. For creating a Certificate Authority, go to the section on :ref:`generating the Certificate Authority (CA) `. .. danger:: * The path to your private key must not be in the installation path of WAPT (:file:`C:\\Program Files (x86)\\wapt`). * If your key is stored in :file:`C:\\Program Files (x86)\\wapt`, your Administrator private key will be deployed on your clients, **absolutely a no go!**. * The :file:`wapt-private.pem` file should not be stored on the WAPT server. If everything has gone well the following message will appear: .. figure:: wapt-resources/wapt_certificate-successfully-generated.png :align: center :alt: Certificate generated successfully Certificate generated successfully * Click on :guilabel:`OK` to go on to the next step. .. figure:: wapt-resources/wapt_certificate-confirm-copy-into-ssl-folder.png :align: center :alt: Confirmation of the copy of the certificate in the ssl folder Confirmation of the copy of the certificate in the ssl folder * Click on :guilabel:`Yes` to copy the newly generated certificate in the :file:`C:\\Program Files (x86)\\wapt\\ssl` folder. This certificate will be picked up during the compilation of the WAPT agent and deployed on the clients computers. You may go on to the next step and :ref:`build the WAPT agent installer `. .. _create_WAPT_agent: ********************************* Building the WAPT agent installer ********************************* The :program:`waptagent` binary is an `InnoSetup `_ installer. Once the WAPT console has been installed on the :term:`Administrator` computer, we have all files required to build the WAPT agent installer: * Files that will be used during building of the WAPT agent are located in :file:`C:\\Program Files (x86)\\wapt`. * Installer source files (:file:`.iss` files) are located in :file:`C:\\Program Files (x86)\\wapt\\waptsetup`. .. hint:: Before building the WAPT agent, please verify the public certificate(s) in :file:`C:\\Program Files (x86)\\wapt\\ssl`. If you wish to deploy other public certificates on your :term:`Organization`'s computers that are equipped with WAPT, you will have to copy them in that folder. .. danger:: **DO NOT COPY the private key** of any :term:`Administrator` in :file:`C:\\Program Files (x86)\\wapt`. This folder is used when building the WAPT agent and the private keys would then be deployed on all the computers. * In the WAPT console, go to :menuselection:`Tools --> Build WAPT agent` .. figure:: wapt-resources/wapt_console-build-wapt-agent-from-menu.png :align: center :alt: Generating the WAPT agent from the console Generating the WAPT agent from the console .. _agent_identify: .. hint:: Before building the WAPT agent, you need to choose how it will identify itself with the WAPT Server. Choosing the mode to uniquely identify the WAPT agents ====================================================== In WAPT you can choose the unique identification mode of the WAPT agents. When a WAPT agent registers the server must know if it is a new machine or if it is a machine that has already been registered. For this, the WAPT Server looks at the :abbr:`UUID (Universal Unique IDentifier)` in the inventory. WAPT offers 3 modes to help you distinguish between hosts, it is up to you to choose the mode that best suits you. .. attention:: After choosing a mode of operation it is difficult to change it, think carefully! Identifying the WAPT agents by their BIOS UUID (serial number) -------------------------------------------------------------- This mode of operation makes it possible to identify the machines in the console in a physical manner. If you replace a computer and give the new computer the same name as the previous one, you will have two computers that will appear in the WAPT console since you will have physically two different computers. .. note:: Some vendors do inadequate work and assign the same BIOS UUIDs to entire batches of computers. In this case, WAPT will only see one computer!!! Identifying the WAPT agent by host name --------------------------------------- This mode of operation is similar to that in Active Directory. The machines are identified by their hostname. .. note:: This mode does not work if several machines in your fleet share the same name. We all know it should not happen!! Identifying the WAPT agents with a randomly generated UUID ---------------------------------------------------------- This mode of operation allows PCs to be identified by their WAPT installation. Each installation of WAPT generates a unique random number. If you uninstall WAPT and then reinstall it, you will see a new device appear in your console. Discovery ========= .. figure:: wapt-resources/wapt_console-build-wapt-agent-from-menu.png :align: center :alt: Generating the WAPT agent from the console Generating the WAPT agent from the console .. list-table:: WAPT Agent informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Authorized packages certificates bundle` - Folder of trusted certificate. - |ok| * - :guilabel:`Include non CA too` - Include local WAPT certificate. - |nok| * - :guilabel:`Main WAPT repository address` - Address of the repository on the WAPT Server. - |ok| * - :guilabel:`WAPT Server address` - Address of the repository on the WAPT Server. - |ok| * - :guilabel:`Path to the https servers CA certificates bundle` - Path to the certificates used for HTTPS verification. - |nok| * - :guilabel:`Organization` - Name of the Organization to identify the origin of WAPT packages. - |nok| * - :guilabel:`Use computer FQDN for UUID` - If FQDN are used for :ref:`identifying WAPT agents `. - |nok| * - :guilabel:`Use random host UUID (for buggy BIOS)` - If random UUIDs are used for :ref:`identifying WAPT agents `. - |nok| .. danger:: * The checkbox **Use kerberos for the initial registration** must be checked **ONLY IF** you have followed the documentation on **Configuring the kerberos authentication**. * The checkbox **Verify the WAPT Server HTTPS certificate** must be checked **ONLY IF** you have followed the documentation on **Activating the verification of the SSL / TLS certificate**. * Provide the password for unlocking the private key. .. figure:: wapt-resources/wapt_console-enter-certificate-password.png :align: center :alt: Entering the password for unlocking the private key Entering the password for unlocking the private key .. figure:: wapt-resources/waptagent-creation-in-progress.png :align: center :alt: Progression of WAPT agent installer building Progression of WAPT agent installer building Once the WAPT agent installer has finished building, a confirmation dialog pops up indicating that the :program:`waptagent` binary has been successfully uploaded to https://srvwapt.mydomain.lan/wapt/. .. figure:: wapt-resources/waptagent-successfully-uploaded.png :align: center :alt: Confirmation of the WAPT agent loading onto WAPT repository Confirmation of the WAPT agent loading onto WAPT repository .. note:: A warning shows up indicating that the GPO hash value should be changed. GPOs may be used to deploy the WAPT agent on your Organization's computers. .. danger:: After building the agent, install the new WAPT agent on the WAPT management console. Enterprise ========== * Fill in the informations that are necessary for the installer. .. figure:: wapt-resources/waptagent-enterprise-info.png :align: center :alt: Filling in the informations on your Organization Filling in the informations on your Organization .. list-table:: WAPT Agent informations :header-rows: 1 :widths: auto :align: center * - Value - Description - Required * - :guilabel:`Authorized packages certificates bundle` - Folder of trusted certificate. - |ok| * - :guilabel:`Include non CA too` - Include local WAPT certificate. - |nok| * - :guilabel:`Main WAPT repository address` - Address of the repository on the WAPT Server. - |ok| * - :guilabel:`WAPT Server address` - Address of the repository on the WAPT Server. - |ok| * - :guilabel:`Verify https server certificate` - If :ref:`HTTPS certificate client authentication ` is activated on the WAPT server. - |nok| * - :guilabel:`Use repository access rules` - For using rules of for :ref:`replicating remote repositories `. - |nok| * - :guilabel:`Path to the https servers CA certificates bundle` - Path to the certificates used for HTTPS verification. - |nok| * - :guilabel:`Use Kerberos for initial registration` - If :ref:`Kerberos ` authentification of the WAPT agents is used with the WAPT Server. - |nok| * - :guilabel:`Organization` - Name of the Organization to identify the origin of WAPT packages. - |nok| * - :guilabel:`Use computer FQDN for UUID` - If FQDN are used for :ref:`identifying WAPT agents `. - |nok| * - :guilabel:`Use random host UUID (for buggy BIOS)` - If random UUIDs are used for :ref:`identifying WAPT agents `. - |nok| * - :guilabel:`Always install these packages` - Installs automatically a :ref:`group ` packages upon WAPT agent installation. - |nok| * - :guilabel:`Enable automatic install of packages based on AD Groups` - Enables the installation of :ref:`profile packages `. **This feature can degrade the performance of WAPT**. - |nok| * - :guilabel:`Allow remote reboot` - Allows remote reboots from the WAPT console. - |nok| * - :guilabel:`Allow remote shutdown` - Allows remote shutdown from the WAPT console. - |nok| * - :guilabel:`Manage Windows updates with WAPT` | :guilabel:`Disable WAPT WUA` | :guilabel:`Don't set anything` - Enables or disables :ref:`WAPT WUA `. - |ok| * - :guilabel:`Allow all updates by default unless explicitely forbidden by rules` - Allows all Windows updates if not forbidden by WUA rule packages. - |nok| * - :guilabel:`Scan / download scheduling` - Sets the Windows Update scan periodicity. - |nok| * - :guilabel:`Minimum delay before installation (days after publish date)` - Sets a deferred installation delay before publication. - |nok| * - :guilabel:`Install pending Windows updates at shutdown` - Installs update when the machine shuts down. - |nok| .. hint:: For more information to Windows update section, refer to :ref:`this article on configuring WAPTWUA on the WAPT agent ` .. danger:: * The checkbox **Use kerberos for the initial registration** must be checked **ONLY IF** you have followed the documentation on :ref:`Configuring the kerberos authentication `. * The checkbox **Verify the WAPT Server HTTPS certificate** must be checked **ONLY IF** you have followed the documentation on :ref:`Activating the verification of the SSL / TLS certificate `. * Provide the password for unlocking the private key. .. figure:: wapt-resources/wapt_console-enter-certificate-password.png :align: center :alt: Providing the password for unlocking the private key Providing the password for unlocking the private key .. figure:: wapt-resources/waptagent-creation-in-progress.png :align: center :alt: Progression of WAPT agent installer building Progression of WAPT agent installer building Once the WAPT agent installer has finished building, a confirmation dialog pops up indicating that the :program:`waptagent` binary has been successfully uploaded to https://srvwapt.mydomain.lan/wapt/. .. figure:: wapt-resources/waptagent-successfully-uploaded.png :align: center :alt: Confirmation of the WAPT agent loading onto WAPT repository Confirmation of the WAPT agent loading onto WAPT repository .. note:: A warning shows up indicating that the GPO hash value should be changed. GPOs may be used to deploy the WAPT agent on your Organization's computer. .. attention:: After building the agent on your management PC, quit the WAPT console and :ref:`install ` the **new WAPT agent** that has been generated on your WAPT management computer.