Hello,
is there a way to create an exception for a dependency of a unit package? (while keeping the machine under the unit package)
For example, for a unit package that depends on base packages deploying certificates, I want to prevent these certificates from being deployed on one or more machines dependent on the unit package (without modifying their OU or the unit package itself).
I've tried several configurations, such as creating a conflict between one of these packages and the machine package, but without success...
Exception for a dependency of a unit package
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
-
dcardon
- WAPT Expert
- Messages: 1930
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi Steven,
this approach would be similar to what you find in the AD GPO management interface, where you can disable GPO inheritance for a specific branch. For now, we've decided against doing this because it adds considerable complexity and it's easy to accidentally do things we didn't intend.
One way to address your use case, I think, is to create a "meta-package" that will install a package or not, depending on specific parameters [1].
This methodology offers great flexibility but can cause problems with the package downloads themselves. For example, if you're dealing with a user on a VPN, 802.1x, or Wi-Fi connection, and package installation occurs when the workstations are shut down, installing the meta-package won't be able to initiate the download and installation of the package because there will no longer be a network connection. We're currently looking into how to better handle this scenario.
Regards,
Denis
[1] https://www.wapt.fr/fr/doc/wapt-create- ... a-packages
this approach would be similar to what you find in the AD GPO management interface, where you can disable GPO inheritance for a specific branch. For now, we've decided against doing this because it adds considerable complexity and it's easy to accidentally do things we didn't intend.
One way to address your use case, I think, is to create a "meta-package" that will install a package or not, depending on specific parameters [1].
This methodology offers great flexibility but can cause problems with the package downloads themselves. For example, if you're dealing with a user on a VPN, 802.1x, or Wi-Fi connection, and package installation occurs when the workstations are shut down, installing the meta-package won't be able to initiate the download and installation of the package because there will no longer be a network connection. We're currently looking into how to better handle this scenario.
Regards,
Denis
[1] https://www.wapt.fr/fr/doc/wapt-create- ... a-packages
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
-
dcardon
- WAPT Expert
- Messages: 1930
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hi again Steven,
if the use case is for deploying a user certificate (or other things that don't impact the user on the machine, like a Thunderbird update that will break their Thunderbird), then we can force the package to install as soon as it's detected by the agent (so there's still a network connection).
Regards,
Denis
if the use case is for deploying a user certificate (or other things that don't impact the user on the machine, like a Thunderbird update that will break their Thunderbird), then we can force the package to install as soon as it's detected by the agent (so there's still a network connection).
Regards,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Okay, thanks for the clarification.
In theory, defining a "virtual" OU on the machines to be excluded could also work, but that would exclude all software from the unit package, not just those selected as exceptions.
In my opinion, the ability to prioritize exceptions on a machine would be a plus (via wapt-get.ini, for example).
In theory, defining a "virtual" OU on the machines to be excluded could also work, but that would exclude all software from the unit package, not just those selected as exceptions.
In my opinion, the ability to prioritize exceptions on a machine would be a plus (via wapt-get.ini, for example).
