Tips on Package Updates

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Answer
ddcorazon
Messages: 37
Registration: May 30, 2023 - 11:53 p.m.

May 21, 2024 - 02:43

Hello everyone,

I hope you're doing well. 😊

I'm slowly transitioning to full-time work (I had a busy start to the year with client migrations)🤣) and I would need your advice; I have several questions
Question 1: What do you consider the best way to manage software updates for an existing fleet using WAPT?

To explain my current procedure, what I do is, for example, when I take a machine with Chrome, Edge, or another browser installed, I go to my private repository, download the package from the internet, and then go to the machine, add dependencies to the package, and let it run. Since Chrome is already installed, I don't think it reinstalls it (or at least I don't believe so), so it hasn't caused any problems so far.

The problem is that one time out of 100, I'll get a bug between the Wapt package version and the version running on the machine, and then my machine goes into error status
Screenshot 2024-05-21 022221.png
Screenshot 2024-05-21 022221.png (36.98 KB) Viewed 3811 times
.

So what's the best way to do this? Uninstall the software from the machine and reinstall it from the WAPT repository, adding the dependency (I usually import packages directly from the WAPT store, and the same goes for updates)? Or add the dependency anyway, as I'm currently doing, even though it might cause some bugs?


The second question follows somewhat from the first: ideally, should I build my packages myself, or is it perfectly fine to use the WAPT store? (I have a client using Microsoft Apps for Business 32-bit, and I think I'll have to build the package since there's no 32-bit version on the store.) And when I build a package myself and add it as a dependency to a machine, if I need to update the package (I assume I have to rebuild the package with the new version, remove the old package from the repository, and re-import the new package built into our private repository), if I keep the same name for the package, will the machines with this package as a dependency recognize that it's just an update of a package they have as a dependency, or do I need to add the dependency to the new package?

And one last question: I have some workstations on my network where the users are not local administrators (workstations in Active Directory). Is this a problem for installing software and/or Windows updates via WAPT? Or can they use the admin account that was used during WAPT installation to perform the installations?
If it's too long to explain, feel free to just give me a link to some documentation; I'll study it🤣
Thank you for your answers and have a great day!👌

Augustin
High
Gaelds
Messages: 254
Registration: Nov 22, 2015 - 08:37

May 28, 2024 - 08:22

Good morning,

WAPT uses the Windows SYSTEM account, so there's no need to make users local administrators. On the contrary, using WAPT will allow you to avoid this major security issue. For updates to packages previously installed manually, there will indeed be quite a few cases where it doesn't work correctly. Either you manually uninstall the old version, or you add an uninstallation command to the beginning of the package, for example:

Code: Select all

run_notfatal(r'MsiExec.exe /x{XXXXXX-XXXXX-XXXXXXXXX} /passive /norestart')
Replace {XXXXXX-XXXXXX-XXXXXXXXX} with the uninstallation key for the software in question (search for it with "wapt-get list-registry" or in the console's software inventory)

For version changes, simply keep the same package name and, if necessary, update the wapt/control file with the correct version. Machines with this package as a dependency will receive the update as soon as it is uploaded to the repository, unless a condition is not met (minimum OS version, 32/64 architecture, package in "PREPROD" mode, etc.)

The best approach, once you've imported/created all the packages you need, is to start with a clean OS and install everything using WAPT. The OS and drivers can also be deployed via WAPT.
High
ddcorazon
Messages: 37
Registration: May 30, 2023 - 11:53 p.m.

September 5, 2024 - 11:49 PM

gaelds wrote: May 28, 2024 - 08:22 Hello,
WAPT uses the Windows SYSTEM account, so there's no need to make users local administrators. On the contrary, using WAPT will allow you to avoid this major security issue. For updates to packages previously installed manually, there will indeed be quite a few cases where it doesn't work correctly. Either you manually uninstall the old version, or you add an uninstallation command to the beginning of the package, for example:
run_notfatal(r'MsiExec.exe /x{XXXXXX-XXXXXX-XXXXXXXXX} /passive /norestart')
Replace {XXXXXX-XXXXXX-XXXXXXXXX} with the uninstallation key of the software in question (to be found with "wapt-get list-registry" or in the console's software inventory).
For version changes, you just need to keep the same package name and, if necessary, complete the wapt/control file with the correct version. Machines with this package as a dependency will receive the update as soon as it's uploaded to the repository, unless a condition isn't met (minimum OS version, 32/64 architecture, package in "PREPROD" mode, etc.).
Ideally, once you've imported/created all the packages you need, you should start with a clean OS and install everything using WAPT. The OS and drivers can also be deployed via WAPT.
Good morning,

My apologies, I thought I had replied to you.

Thank you for the explanation and sorry for the delay.

Good day
High
Answer

Return to “WAPT Packages”


  • To go further with WAPT