Tranquil IT Forum

I had the same problem as Mika, but unfortunately, the solution of directly entering the WAPT server URL doesn't work...

After a `gpresult /h gpo.html & gpo.html`, I can see on my client (Windows 7) that it hasn't been applied (unlike a GPO for changing the desktop background, for example, which works perfectly).
I admit I don't know what to do anymore; I've tested absolutely every solution available online. I liked WAPT, but without deployment via GPO, it's useless on a network of 500 workstations.

Arguments from my latest GPO (I think I've tried every possible argument combination):
waptdeploy.exe --hash=80c6ea[...] --minversion=1.3.12.15 --wait=15 --waptsetupurl="http://ip_of_my_wapt_server/wapt/waptagent.exe"
WAPT is installed on Windows Server 2016 (and Windows 2012 for testing).
If you have any ideas,
thank you.

Good morning,

Is the waptdeploy GPO completely separate from other GPOs (not included in Default Group Policy)?

Does it work if you enter the command manually?

Example : Does the wapt agent download correctly manually?

Thank you for your feedback.
I just tested both proposed solutions, and they both work; the client correctly connects to the WAPT server. However, the GPO does not work. (See attached image.)

The GPO is clearly separate from the other GPOs.

Okay, let's continue. Are there any antivirus programs installed on the workstations?

We've had experience with AVG and Sophos flagging waptdeploy.exe as a threat, adding it to the list of .exe files to ignore (by hash or UNC path).

Is there a software restriction strategy in place, like AppLocker or SRP?

What does the Windows Event Viewer show?

We do indeed have Sophos on our machines, but after a quick look, nothing seems out of the ordinary.
Furthermore, my test environment has no antivirus (nor an internet connection, for that matter), only a local network.
After running `gpupdate /force` on the test client machine (Windows 7), I see a "Schannel" error in the Event Viewer. I admit I'm a bit overwhelmed by this amount of information (see attached file).

EDIT: gpresult report attached.

The problem raised in this thread: https://community.spiceworks.com/topic/ ... nied-empty

It could be a permissions issue with the GPOs, which are probably being seen as empty because the machine can't see the policy contents.

The same applies to the global policy, by the way.

So, if I understand correctly from the thread you linked, it's a problem with computer GPOs that can't be applied to a user. I therefore "duplicated" my GPO in User Configuration (see attached image).
Now, the GPO is applied to the machine, but I have to log in as administrator to trigger the WaptAgent installation. Once logged in, the installation proceeds smoothly (and the machine reappears in the Wapt inventory).

The goal, however, would be to avoid having to log in as administrator to trigger this installation, thus remaining transparent to users.

Create an Organizational Unit (OU) and move the WAPT deployment test workstations into it.

This OU contains only computer accounts, no user accounts (which are usually in CN=Computers). Apply the Group Policy Object (GPO) to these computers.

Do not create the policy on the user side; they cannot install applications (normally, unless they are administrators of the workstation, of course). See attached

example from our managed services clients. -

Alexandre

Hello everyone.

When I try to install the agent via GPO, I get this error message. I've tried reinstalling the agent, but it doesn't work. However, manual installation works without any problems.
Thank you all for your help.


ERROR: NO HASH provided to check waptagent.axe. Either put the sha256 hash in command line or in c:\wapt\wapupgrade\maptagent.sha256

Hello,

you must specify the --hash parameter with the value available on the WAPT server webpage;

see the online documentation: https://www.wapt.fr/fr/doc/Installation ... -arguments