Hello,
Under WAPT 2.5 we are unable to restrict local administrator access to the self-service interface as described in the documentation (
https://www.wapt.fr/fr/doc-2.5/wapt-sel ... inistrator )
. The parameter waptservice_admin_filter=True is deployed on the agents
. The agents have been restarted
. The AD group "waptselfservice" has been created and contains only one user.
However, any local admin who logs into the self-service interface sees all packages displayed, not just those activated in the self-service interface like regular users.
Have we missed something?
Thank you for your help.
Regards
[SOLVED] Self Service Restrictions
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Erems,
are there any local accounts with the same username as the domain account? There was a bug related to this in version 2.5 which should have been fixed in 2.6.
Regards,
Denis
are there any local accounts with the same username as the domain account? There was a bug related to this in version 2.5 which should have been fixed in 2.6.
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Hello,
just to let you know, we've upgraded to version 2.6, but the problem persists. Any user with administrator privileges can see all packages without restrictions.
If you have any ideas on how to investigate, I'd appreciate it.
Thank you.
just to let you know, we've upgraded to version 2.6, but the problem persists. Any user with administrator privileges can see all packages without restrictions.
If you have any ideas on how to investigate, I'd appreciate it.
Thank you.
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello
, * Are you entering a password in the self-service interface? Or is it a file token access (without a password), in version 2.6?
* Is your user not a member of the "domain admins" group?
Simon
, * Are you entering a password in the self-service interface? Or is it a file token access (without a password), in version 2.6?
* Is your user not a member of the "domain admins" group?
Simon
Hello,
the self-service area has been password-free since the update to version 2.6.
Indeed, the "admin" accounts I was testing with are also "domain admins". I just tried a local admin account only, and the self-service restriction seems to be working correctly.
So, I understand the issue, thank you.
the self-service area has been password-free since the update to version 2.6.
Indeed, the "admin" accounts I was testing with are also "domain admins". I just tried a local admin account only, and the self-service restriction seems to be working correctly.
So, I understand the issue, thank you.
Hello, this is yet another illustration of why you need two admin accounts, one for a local administrator and another for a domain administrator who will rarely be used. 
Vincent CARDON
Tranquil IT
Tranquil IT
