Hello, I have several questions to ask you about WAPT because we are looking for a multi-site, multi-user application deployment solution for a fleet of approximately 1500+ workstations.
The tool uses an ADMINISTRATOR account for deployment:
The tool uses a SYSTEM account for deployment:
The tool operates in PUSH mode:
The tool operates in PULL mode:
The tool allows package installation on system shutdown:
The tool allows installation on system startup or login:
The tool allows notifying the user of a deployment:
The tool allows the system user to postpone the installation:
The tool allows the system user to choose which software to install (Store mode without administrator rights):
The tool allows software deployment in non-silent mode (access to windows is possible):
It is possible to edit or update a package:
A package group can be created and a machine can be associated with one or more groups:
Software removal from the system can be configured:
The tool allows an audit before authorizing deployment (presence of a file, OS type, presence of a registry key):
The tool allows synchronizing repositories of Package deployment to remote sites (to save bandwidth):
Deployments can be restricted to certain computer groups based on the user (Computer/User Association):
Package editing can be restricted by user (Package/User Association):
Ability to power on, power off, or restart the workstation:
Inventory of workstations with system information:
Application of security settings to the workstation:
The package content is secured by signature or certificate (the author is known, package integrity is guaranteed):
Request for information on the WAPT Solution
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
The tool uses an ADMINISTRATOR account for deployment: No
The tool uses a SYSTEM account for deployment: Yes
The tool operates in PUSH mode: ?
The tool operates in PULL mode: ?
The tool allows installing packages when the machine shuts down: Yes - Waptexit.
The tool allows installation when the machine starts up or logs in: I think it can.
The tool allows notifying the user of a deployment: Or if you configure it.
The tool allows the user to postpone the installation: Yes on Waptexit, but I don't know how else.
The tool allows the user to choose the software they want to install (Store mode without administrator rights): Yes.
The tool allows deploying software in non-silent mode (access to windows possible): Yes.
It is possible to edit or update a package: Yes.
You can create a package group and associate a machine with one or more groups: Yes, even create a relationship with Active Directory.
You can configure the removal of software from the machine: Yes.
The tool allows performing an audit before authorizing deployment (presence of a file, OS type, presence of a registry key): Yes.
The tool allows synchronization of Package repositories on remote sites (to save bandwidth): No idea.
Can deployments be restricted to certain computer groups based on the user (Computer/User Association): No.
Can package editing be restricted by user (Package/User Association): Do you mean preventing them from touching the package's source code? The user doesn't have access to the server, so they can't touch it.
Can the machine be turned on, off, or restarted: No, unless you use a script.
Inventory of workstations with system information: Yes.
Application of security settings to the workstation: ?
The package content is secured by signature or certificate (the author is known, package integrity is guaranteed): Yes.
Three-quarters of the questions are answered in the wiki; a little searching and you can find everything you need, along with explanations. Not all my answers are 100% certain; I'm speaking as a WAPT user.
Regards
The tool uses a SYSTEM account for deployment: Yes
The tool operates in PUSH mode: ?
The tool operates in PULL mode: ?
The tool allows installing packages when the machine shuts down: Yes - Waptexit.
The tool allows installation when the machine starts up or logs in: I think it can.
The tool allows notifying the user of a deployment: Or if you configure it.
The tool allows the user to postpone the installation: Yes on Waptexit, but I don't know how else.
The tool allows the user to choose the software they want to install (Store mode without administrator rights): Yes.
The tool allows deploying software in non-silent mode (access to windows possible): Yes.
It is possible to edit or update a package: Yes.
You can create a package group and associate a machine with one or more groups: Yes, even create a relationship with Active Directory.
You can configure the removal of software from the machine: Yes.
The tool allows performing an audit before authorizing deployment (presence of a file, OS type, presence of a registry key): Yes.
The tool allows synchronization of Package repositories on remote sites (to save bandwidth): No idea.
Can deployments be restricted to certain computer groups based on the user (Computer/User Association): No.
Can package editing be restricted by user (Package/User Association): Do you mean preventing them from touching the package's source code? The user doesn't have access to the server, so they can't touch it.
Can the machine be turned on, off, or restarted: No, unless you use a script.
Inventory of workstations with system information: Yes.
Application of security settings to the workstation: ?
The package content is secured by signature or certificate (the author is known, package integrity is guaranteed): Yes.
Three-quarters of the questions are answered in the wiki; a little searching and you can find everything you need, along with explanations. Not all my answers are 100% certain; I'm speaking as a WAPT user.
Regards
Hello and thank you for your replies.
The tool seems comprehensive. However, there's one point where my question isn't very clear, so I'll rephrase it.
In an environment with multiple sites or entities, each managed by a different technician, is it possible to limit technicians' management rights to the machines within their respective entities?
This way, a technician can only deploy packages to machines within their own network,
and they cannot modify a package they don't own.
Best regards.
The tool seems comprehensive. However, there's one point where my question isn't very clear, so I'll rephrase it.
In an environment with multiple sites or entities, each managed by a different technician, is it possible to limit technicians' management rights to the machines within their respective entities?
This way, a technician can only deploy packages to machines within their own network,
and they cannot modify a package they don't own.
Best regards.
Hello,
In this case, you can use multiple WAPTs, but unfortunately, there are no restrictions.
The best approach is to create a main repository with developed packages, and each WAPT server on each site will retrieve the packages it needs and distribute them to its own WAPT server. It can then modify the package and put it back on its repository, but not on the main repository. Alternatively,
the best solution is to duplicate the main repository on all the other sites, and the technician will select the correct package. However, in this case, users could, if you allow it, install any package they want.
I'm not sure if my explanation is clear enough...
Best regards
In this case, you can use multiple WAPTs, but unfortunately, there are no restrictions.
The best approach is to create a main repository with developed packages, and each WAPT server on each site will retrieve the packages it needs and distribute them to its own WAPT server. It can then modify the package and put it back on its repository, but not on the main repository. Alternatively,
the best solution is to duplicate the main repository on all the other sites, and the technician will select the correct package. However, in this case, users could, if you allow it, install any package they want.
I'm not sure if my explanation is clear enough...
Best regards
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
Hello,
what jmercier is asking is possible. We'll see if the details meet your needs.
You can use Wapt in "multi-repo" mode,
which allows you to have several Wapt repositories for a single Wapt client.
It also allows for the management of multiple authorized signatures,
enabling a main repository (headquarters) duplicated across all sites, and then a second repository at each site for an on-site technician.
I've tried, with some difficulty, to explain this on my wiki:
https://wiki.lesfourmisduweb.org/index. ... -Repo_Wapt
Simon
what jmercier is asking is possible. We'll see if the details meet your needs.
You can use Wapt in "multi-repo" mode,
which allows you to have several Wapt repositories for a single Wapt client.
It also allows for the management of multiple authorized signatures,
enabling a main repository (headquarters) duplicated across all sites, and then a second repository at each site for an on-site technician.
I've tried, with some difficulty, to explain this on my wiki:
https://wiki.lesfourmisduweb.org/index. ... -Repo_Wapt
Simon
-
sfonteneau
- WAPT Expert
- Messages: 2318
- Registered: July 10, 2014 - 11:52 PM
- Contact :
It seems clear in my head, but I'm having trouble explaining it on paper.
For me, the server (retrieving machine information and reporting errors) must be located at the remote sites.
Headquarters simply provides a package repository, and only they have the private key.
However, the headquarters' public key must be on every WAPT client on the entire network to authorize installation.
Then, a second public key is added for each remote site so that the local technician can create their own new packages with a new prefix and their own private key.
Therefore, the on-site technician has the packages from headquarters, which they can assign as they wish to each machine, plus the packages they create themselves.
!!! Warning !!! Since they can create their own packages, nothing prevents them from making mistakes...
Some examples are explained here:
https://wiki.lesfourmisduweb.org/index. ... -Repo_Wapt
But given the project you want to set up, I strongly recommend contacting http://tranquil.it for assistance.
PS: (I don't work for them)
For me, the server (retrieving machine information and reporting errors) must be located at the remote sites.
Headquarters simply provides a package repository, and only they have the private key.
However, the headquarters' public key must be on every WAPT client on the entire network to authorize installation.
Then, a second public key is added for each remote site so that the local technician can create their own new packages with a new prefix and their own private key.
Therefore, the on-site technician has the packages from headquarters, which they can assign as they wish to each machine, plus the packages they create themselves.
!!! Warning !!! Since they can create their own packages, nothing prevents them from making mistakes...
Some examples are explained here:
https://wiki.lesfourmisduweb.org/index. ... -Repo_Wapt
But given the project you want to set up, I strongly recommend contacting http://tranquil.it for assistance.
PS: (I don't work for them)
