Tranquil IT Forum

Hello,

We have the WAPT console on a Windows 10 VM. The console opens with the single account created during installation.
When another person opens a new Windows session and logs in with this account, the console prompts them to configure the prefix, certificate, etc. If I cancel this screen, we can still access the console (we can see the packages, inventory, etc.), but the settings are then missing.
I don't know if that's clear.

Windows 10 22H2
WAPT Console: 2.3.0.13516

Hello Mikaël,

Mikael_S wrote: ↑Apr 25, 2023 - 2:16 PM We have the WAPT console on a Windows 10 VM. The console is opened with the single account created during installation.

Yes, in the Discovery version only the "admin" account is available. In the Enterprise version, you can connect the server to Active Directory to use Active Directory accounts so that each administrator has their own account.

When another person opens a new Windows session and logs in with this account, the console prompts them to configure the prefix, certificate, etc. If I cancel this screen, the console still opens (packets, inventory, etc. are visible), but the settings are then missing.

Indeed, the settings are stored in the file C:\Users\dcardon\AppData\Local\waptconsole\waptconsole.ini and are not stored on the server. The prefix could be stored on the server for automatic retrieval, but the private key is necessarily local to the machine (this is part of WAPT's security model, see the documentation). And the best practice is to have a private key per administrator, because it is the private key, more so than the console login/password, that secures everything.

I don't know if that's clear.

Yes, that was clear. I hope I was clear in turn.

Sincerely,

Denis

Hello,
thank you for these answers. I reread the documentation.
To be more precise, we are testing the Enterprise version.
Regarding certificate generation, if I understand correctly, we need to repeat the "Tools - Generate a certificate" procedure for each console user?
Another point: can the WAPT console be installed on multiple machines?

Hello Mikaël,

the waptconsole.exe binary is integrated by default into the WAPT agent, so if the client machine has the WAPT agent installed, the console is available. However, there is no icon in the Start menu. Your colleagues can find and launch it directly from the directory c:\program files (x86)\wapt\waptconsole.exe.

Regarding signature keys, it is strongly recommended to have one per system administrator, but if you are still learning, you can start with just one key. Indeed, many of the problems that first-time WAPT users encounter are related to certificate mix-ups.

Once you're comfortable with the process, you can create a certificate for each admin. Then you need to deploy these certificates to the machines that each person will administer (for example, the server admin's certificate is deployed to the servers, the workstation admin's certificate to the workstations, but not the other way around).

Note: I'm referring to a key and a certificate because there are actually two: a private key that remains on the admin's machine (remember to make a backup ), and a public certificate that goes with the key and is deployed to all the machines that will be managed with that key.

Sincerely,

Denis