Hello
, is it possible to set a password to secure the uninstallation of the WAPT agent?
Thank you.
[SOLVED] Password to uninstall the agent
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Currently, no, because logically we consider that a local administrator of the machine should have all rights, including the right to uninstall the WAPT agent.
Local Admin is Local Admin; WAPT's objective is not to deprive a legitimate admin user of their rights.
WAPT self-service addresses this practice of granting admin rights to a user on a workstation by allowing them to install software even though they don't have admin rights.
What use cases led you to ask your question?
Local Admin is Local Admin; WAPT's objective is not to deprive a legitimate admin user of their rights.
WAPT self-service addresses this practice of granting admin rights to a user on a workstation by allowing them to install software even though they don't have admin rights.
What use cases led you to ask your question?
Vincent CARDON
Tranquil IT
Tranquil IT
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
I agree with what Vincent said
If it's really necessary with a package, you need to modify:
To replace with a small script that asks for a password
Otherwise, you delete it completely
And the software will no longer appear in appwiz.cpl
But if the user is an admin, they can ultimately do whatever they want... even switch to a system account
If it's really necessary with a package, you need to modify:
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1\UninstallString
Otherwise, you delete it completely
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1
But if the user is an admin, they can ultimately do whatever they want... even switch to a system account
-
Renaud Villet
- Messages: 30
- Registration: January 23, 2020 - 2:12 PM
So, in theory, yes, you're right.
But in practice, there are always special cases, especially when managing a large number of machines!
This option would therefore be quite useful for avoiding some problems...
But in practice, there are always special cases, especially when managing a large number of machines!
This option would therefore be quite useful for avoiding some problems...
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
C:\Program Files (x86)\wapt\uninstall.py:
then edit:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1\UninstallString
and add:
Should work
Code: Select all
import waptguihelper
import hashlib
from setuphelpers import run
password = waptguihelper.login_password_dialog("Uninstall WAPT","Uninstall WAPT",'Uninstall WAPT',"")['password']
hashpassword = hashlib.sha256(password.encode('utf-8')).hexdigest()
print(hashpassword)
if hashpassword == '31f7a65e315586ac198bd798b6629ce4903d0899476d5741a9f32e2e521b6a66':
run(r'start "" "C:\Program Files (x86)\wapt\unins000.exe"')
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WAPT_is1\UninstallString
and add:
Code: Select all
"C:\Program Files (x86)\wapt\waptpython.exe" "C:\Program Files (x86)\wapt\uninstall.py"-
pierre.baridon
- Messages: 12
- Registration: Nov 14, 2020 - 10:55
- Location: Clermont-Ferrand
Hello,
Indeed, in practice we will always have users with administrative rights, even if WAPT allows us to limit this.
For example, the antivirus we deploy is managed and password-protected against uninstallation because we don't want users (even if they are administrators of their machines) to be able to uninstall it.
We would like to be able to do the same with WAPT to avoid "losing" machines.
Sincerely,
Indeed, in practice we will always have users with administrative rights, even if WAPT allows us to limit this.
For example, the antivirus we deploy is managed and password-protected against uninstallation because we don't want users (even if they are administrators of their machines) to be able to uninstall it.
We would like to be able to do the same with WAPT to avoid "losing" machines.
Sincerely,
- Installed WAPT version (2.1.0 Enterprise)
- Server OS: Debian
- Administration/package creation machine OS: Windows 10
- Server OS: Debian
- Administration/package creation machine OS: Windows 10
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello,
to implement effective uninstallation protection, I think there's no other option than to create a kernel module. I don't believe WAPT can do that.
You could check with your antivirus software to see if it can protect certain paths.
Regards,
Denis
to implement effective uninstallation protection, I think there's no other option than to create a kernel module. I don't believe WAPT can do that.
You could check with your antivirus software to see if it can protect certain paths.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
