Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

Wapt Self Service / local admin rights

https://forum.tranquil.it/viewtopic.php?t=1995

Page 1 of 1

Wapt Self Service / local admin rights

Published: September 24, 2019 - 2:36 PM
by mydanbau
Hello everyone,

First of all, thank you to this active community.

I recently deployed the WAPT tool within our company (Community version). The deciding factor in choosing this solution was the Self Service functionality, which gives users complete autonomy in deploying software. I based https://www.tranquil.it/wapt-self-servi ... logiciels/ my decision to our IT department on this description:

"WAPT Self Service, Enterprise or Community version?
Ah, the tricky question… not really! Indeed, WAPT Self Service is available in both the Community and Enterprise versions. One small feature differentiates the two versions, however. Filtering by user or AD group is only available in the WAPT Enterprise Self Service. And of course, you can try WAPT Enterprise for free for a month. This gives you time to realize you won't be able to live without it!"

Filtering wasn't essential in our case. After testing, I found that without admin rights on the machine, the user cannot install software. Is there a trick I'm missing? It's clearly stated that the only difference between the community and enterprise versions is filtering by user or security group.

Thanks.


OS: Windows Server 2016
Wapt server version: 1.7.4.6165

Re: Wapt Self Service / local admin rights

Published: September 24, 2019 - 11:53 PM
by vcardon
mydanbau wrote: Sep 24, 2019 - 2:36 PM After testing, I find that without admin rights on the machine, the user cannot install software.
This is the intended behavior; your users should not have admin privileges on their machines.

If your users are admins, then they bypass all the security and guarantees provided with WAPT, ... because they are local admins.

As observed, in Community, self-service is all or nothing. If the user belongs to the AD group waptselfservice, then they will be able to install any application from your repository as a regular user.

In Enterprise, you can create groups in your Active Directory (AD) and assign users to them. With self-service rules, you can associate AD groups with self-service authorized applications, allowing users who are members of those AD groups to install the applications authorized by their respective AD groups.

It works perfectly. This feature was validated again today in a demonstration with a large French company subject to the military programming law, and it passed their screening without any questions.

Sincerely.

Vincent
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru