[SOLVED] Accessing web page hash for GPO

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
admmelyne
Messages: 5
Registration: January 13, 2026 - 4:18 PM

January 13, 2026 - 4:27 PM

Hello,

I installed Wapt in cspn-toe mode. I don't have access to the server's web page (error 401) - but from what I've read on the forum, this is normal in cspn-toe mode. I successfully retrieved the agent .exe.

I would like to deploy this agent via GPO. However, it asks me to copy/paste the hash and other parameters from the server's web page: https://www.wapt.fr/fr/doc/wapt-deploy-agent.html#. How can I retrieve this hash and other parameters without using the web page? Perhaps I missed something in the documentation for GPO deployment when using cspn-toe mode.

I have the Discovery version 2.6.1.
The server is installed on Debian 13.
The console is installed on a Windows 11 VM.

Thank you for your help and have a good day, :)

Mélyne
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 14, 2026 - 10:07

Hi Mélyne,

CSPN mode isn't supported in the discovery version. So you need to stay in normal mode (which already includes a fair amount of security to guarantee the integrity of your deployments).

However, it's true that there are some missing details in the documentation. Regarding the agent hash, when the agent is created, it's placed on the machine of the administrator who generated it, and you just need to perform a SHA256 hash using any tool available on that machine (7-Zip, etc.).

Best regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 14, 2026 - 12:23

Hi again Mélyne,

I'd like to add that the CSPN-TOE mode, as its name suggests, is based on the TOE (Target of Evaluation) of the CSPN certification for WAPT. The CSPN is a time-constrained/budget-constrained certification. Therefore, some features are not covered by the TOE, such as WADS, WaptWUA, secondary repositories, etc.

So, unless you're in an environment with strict security requirements, it's not recommended to install in CSPN-TOE mode. If you properly implement all the WAPT security features, you'll already have a very secure environment (valid HTTPS certificate, Kerberos authentication for initial workstation registration, Kerberos authentication for administrators, signature key by adminsys, etc.).

Best regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
admmelyne
Messages: 5
Registration: January 13, 2026 - 4:18 PM

January 15, 2026 - 10:00

Hello,

Thank you so much for your feedback! It's much clearer now.

I've reinstalled it in standard mode. Still in discovery mode for the moment, at least during this testing phase. I chose Kerberos authentication.
Manually installing the agent on Windows client machines works, but it's impossible via GPO, whether through a scheduled task or a startup script. The GPO deploys correctly. But the client PC doesn't appear in the console, as if the deployment isn't starting. Could Kerberos authentication be the problem? Should I choose a different authentication method in discovery mode for GPO deployment to work?

Thank you (if I should start this thread elsewhere, please let me know; it's true that my message would probably be better suited to the Agent/Console section now).

Best regards,

Mélyne
High
User avatar
htouvet
WAPT Expert
Messages: 436
Registration: March 16, 2015 - 10:48
Contact :
Contact htouvet

January 16, 2026 - 09:49

Hello Mélyne,

Kerberos mode is not available in Discovery.
If you are in the testing phase, you can request a temporary license for a few workstations from the sales department.

Regards,

Hubert
Tranquil IT
High
Locked

Return to "WAPT Server"


  • To go further with WAPT