[SOLVED] How does application group management work on OUs

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
Welsh
Messages: 15
Registration: December 6, 2022 - 9:44 AM

December 6, 2022 - 12:53

Hello,
we recently subscribed to the WAPT Enterprise offer a few months ago, and I just deployed a "core application" group across our entire Active Directory directly on the Computers OU branch. It works perfectly, we're delighted.
Due to an issue we encountered last week, we had to create a new OU under Computers, and we need to remove a core application program to install a proprietary one.
I created a second application group that simply excludes the antivirus package and includes the new one.
I applied it to this new sub-OU, but the installation of both antivirus programs keeps looping.
Is there no other way to proceed?
Sorry to ask, but I haven't been able to find any documentation on this.
Thank you in advance for any help you can provide. ;-)
Last edited by bgallois on Dec 9, 2022 - 10:20, edited 1 time.
- 1 WAPT 2.5.5.15602 Enterprise server (3000 workstations) + 1 WAPT 2.4.0.14058 Enterprise server (10000 workstations)
- WAPT server OS: Linux REHL 8.7
- Administration/package creation machine OS: Windows Server 2019 v1809
High
User avatar
t.heroult
Messages: 307
Registration: December 8, 2020 - 10:13 AM

December 6, 2022 - 2:15 PM

Hello
. Yes, packages are cumulative.
To my knowledge, there's no way to override a package's instruction to install software by using another package in the same directory tree.
If the instruction is given to install software for PCs in the "Computers" OU, it will apply to nested OUs.
In any case, it's not ideal to leave computers in the "Computers" OU. It's generally preferable to create a directory tree that distinguishes between servers, workstations, laptops, etc.
Server: WAPT Enterprise 2.6.1.17786 on Debian
Consoles: Windows 10 & 11
Infrastructure: Windows

Did you know? When parrotfish undergo smoltification, their osmoregulation mechanism is reversed!
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

December 7, 2022 - 12:27

Hi Baptiste,

as Tom rightly points out, there's no way to block inheritance with OU packages. It's an architectural choice we made back then to avoid replicating the overly complex Microsoft GPO management console.

You can remove the dependency of the OU package located on the Computer and create a separate OU package for each sub-OU.

It's also possible to create a self-configuring package that, in its `def install()` function, checks which OU the workstation is in (or another condition) and performs the installations accordingly (basically, it runs `WAPT.install('my-package')`). This is less elegant in terms of defining dependencies and pre-downloading them (because the workstation doesn't know it needs them until it tries to install this configuration package), but it can still be helpful when dealing with tricky situations.

Best regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
User avatar
vcardon
WAPT Expert
Messages: 278
Registration: Oct 06, 2017 - 10:55 p.m.
Location: Nantes, France

December 8, 2022 - 10:03 PM

Hello Baptiste,

Now that you've gotten a taste of WAPT, it will allow you to think about structuring your computer fleet according to your Organizational Units.

The most obvious are "servers," "desktops," "laptops," and "tablets," and below all that, perhaps brands and models to associate them with driver versions, etc.

Normally, if you create this hierarchy, it should already help you.

Then there are the "profile" packages, which are WAPT packages associated with Active Directory groups linked to the computers. So, the "profile" packages are a second management approach that should cover all conceivable human situations.
Vincent CARDON
Tranquil IT
High
Welsh
Messages: 15
Registration: December 6, 2022 - 9:44 AM

December 9, 2022 - 9:55 AM

Hello,
thank you very much for your feedback, it confirms what I thought. ;)
The main goal was to avoid having to create 47 "application framework" definitions for our 47 OUs (which only represent the partitioning of the 2000 workstations we manage; the servers have their own OU outside the "computers" OU ;) ).
I will therefore organize things differently.
Thank you very much for this clarification.
Best regards,
Baptiste
- 1 WAPT 2.5.5.15602 Enterprise server (3000 workstations) + 1 WAPT 2.4.0.14058 Enterprise server (10000 workstations)
- WAPT server OS: Linux REHL 8.7
- Administration/package creation machine OS: Windows Server 2019 v1809
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT