WAPT 2.2 F.A.Q. : 50 questions about WAPT
You know it, every new version of WAPT gets its own dedicated webinar. Managing OS deployment via WAPT 2.2 certainly didn’t miss out on this rule! Although the event has passed, we have plenty of good news to share with you:
- The replay is available for free on our YouTube channel.
- Find all the live questions in this WAPT 2.2 FAQ!
- Also, discover our dedicated playlist for WAPT webinars!
- Don’t hesitate to check out previous WAPT FAQs if you still have any questions.
- Finally, if WAPT Enterprise catches your eye, remember you can try it for free for a month!
Discover the replay of the WAPT 2.2 FAQ live:
The table of contents for the WAPT 2.2 FAQ:
With 50 questions listed in this WAPT 2.2 FAQ, you will surely find the answers you are looking for! We hope the table of contents will help you navigate through this vast amount of information:
- General Questions
- WAPT Store
- Integration with GLPI
- Technical Questions
- <[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]
Everything about WAPT:
General Questions:
If I use WAPT Community, do I need to migrate to the Discovery version before switching to WAPT Enterprise?
No, only the license differs between WAPT Enterprise and WAPT Discovery. You can transition from WAPT Community to WAPT Enterprise without any issues.
Is it possible to filter WAPT Self Service packets?
Yes, it’s possible with WAPT Enterprise. You can create a “Self Service” package that defines the packages visible based on the Active Directory group of your users.
Can you launch an "Update-package" with one click from the console using WAPT 2.2?
Yes, you can launch it from the private repository by right-clicking: “Launch the Update-package”.
Why doesn't the "audit data" tab appear in the console?
You need to go to the display preferences (under the “View” menu) and check the box “show audit data tab”.
The WAPT Store:
Can we host LUTI to test and deploy our own packages?
LUTI was developed as an internal tool, so it’s not possible yet. This may evolve in the future.
Are there any repositories other than the official WAPT repository?
Not to our knowledge. Simon owned the “fourmis du web” repository but recently closed it. However, with the release of LUTI, we have decided to give you access to our test package repository. Once a package is built, it is put on hold for 5 days. The data is sent to VirusTotal, which has enough time to ensure there are no issues.
Do you plan to create a mailing list for new packages / package updates on the WAPT Store?
No. Only our Discord server has a “WAPT Store” channel where all WAPT Store updates are posted.
Integration with GLPI:
How do you integrate WAPT with GLPI?
During the integration of WAPT with GLPI, you are asked to install the FusionInventory agent so that WAPT can masquerade as one of these agents. The inventory data from the console is reconstructed in the FusionInventory format and sent to the FusionInventory plugin. However, the reverse is not possible, meaning you cannot control WAPT from GLPI.
Does GLPI support software name normalization when linked to WAPT?
The “inventory” part is rebuilt in the style of FusionInventory. Therefore, the “software name normalization” part is not integrated.
Does WAPT support the new GLPI version, which is based on a fork of the FusionInventory agent?
If the file format has not changed, yes. WAPT reconstructs the XML file just like a FusionInventory client does.
Technical Questions:
How do you manage the uninstallation of recalcitrant APPX (like XBOX Game Bar)?
Unfortunately, this is a global issue with Windows 10.
Is it possible to automatically execute reporting queries and receive a summary e-mail?
No, it is impossible. However, our API is available. To use it, you just need to execute the request you have pre-recorded to see the result or even send it to yourself by email.
Is it possible to update Windows 10 with a file in ".cab" and not in ".msu" via WAPT?
Yes, you just need to modify the version in the package. We rely on the Windows 10 ISO file for major version updates. The “Setup.exe” file inside this ISO facilitates the upgrade of Windows 10 installations. This package is available on the WAPT Store. Simply edit it to fully update the workstation from an older version of Windows 10 to a newer one.
Does WAPT provide the same interaction as Active Directory when managing a file server and a domain with Zentyal?
Yes, it works well, with or without a Samba AD domain. Zentyal integrates Samba4 in Active Directory mode, so it provides the same integration as with Samba-AD or MS-AD.
WAPT Roadmap:
When will OS be deployed on Linux?
We already have a functional PoC (Proof of Concept) for Linux. It’s not available yet, but we are considering it.
What about Multicast?
Currently, it’s not planned. We find that unicast suffices using gigabit on the network.
When is a Windows/Linux dual-boot planned?
We haven’t figured out how to proceed with Dual-Boot yet. One possible solution would be to start with deployment on Windows and then continue with deployment on Linux.
What about the Tech Preview feature to replace PyScripter?
Since WAPT 2.1, it has been possible to edit a package from the console. It is even possible to launch installations. However, some features are still missing. The goal is to integrate an equivalent of PyScripter into the WAPT console.
Are you planning to integrate with a Configuration Manager interface (such as RuckZuck)?
No, not at the moment.
OS Deployment with WAPT 2.2:
The real star of this webinar, OS deployment, has attracted numerous questions! We’ve categorized them to simplify reading for you:
Why use WAPT for OS deployment?
Do you have a comparison between WAPT and WDS?
No. On the WAPT side, using HTTP instead of TFTP results in faster booting of the “WIM” file. However, the installation process remains the slowest part.
There are also no differences when defining a workstation model and associating it with a driver pack.
We define the OU during “Djoin”. If the machine already exists in Active Directory, it will remain in the same location. Defining an OU on the fly requires specifying an administrative password for creating machine accounts in XML files, which we do not recommend.
What are the advantages of using WAPT for OS deployment?
Firstly, WAPT aims to start fresh with a new ISO file directly from the manufacturer. This allows us to break free from pre-installed software and antivirus programs. We prefer starting clean rather than having to clean up afterward.
Additionally, we believe our method is simpler because it does not rely on CIFS shares. The “Djoin” is integrated by default, allowing for workstation joining outside the domain. Moreover, we only use ports 80/443 for outbound traffic to avoid lingering in TFTP as much as possible. The use of secondary repositories is also beneficial as everything is automatically replicated.
How does OS deployment impact package deployment? Should we expect a drop in performance when using both at the same time?
The NGINX server distributes the files. Therefore, you just need to consider your deployment capacity. The network performance of the server may decrease as there will be less available bandwidth. You can also create a dedicated secondary repository for OS deployment to balance the load.
How OS deployment works via WAPT:
Is it possible to deploy OS outside the domain?
Yes, it is possible to deploy a workstation outside the domain. However, you will need to configure a local account with a clear-text password in the “Unattended” file. The advantage of having a domain is that you can directly join it and use a randomly generated password with “LAPS support”.
Can I run several OS deployments simultaneously?
Absolutely, you can launch as many deployments simultaneously as needed.
How does WAPT handle Windows authentication? Does it need to be revalidated after a certain time?
With WAPT, simply joining the machine to the domain is sufficient for it to function. There is no need to rejoin regularly as Active Directory manages this aspect.
Using PXE / iPXE:
Can OS be deployed in PXE?
Yes, you can perform a USB boot or network boot (PXE). The latter will utilize the TFTP server hosted on the WAPT server. This way, you won’t need a CD or USB drive.
Can we use PXE if our WAPT server runs under Linux?
You can configure PXE on Linux to point to the TFTP server of the WAPT server. The “wapttftpserver” has been integrated into Debian / Redhat.
Can I add an IPXE entry to the Fog Menu to add OS deployment via WAPT?
Yes! When you create your IPXE script, you can choose to boot using WAPT or using Fog. Both solutions use IPXE.
Is PXE startup active on secondary repositories?
The files related to operating system deployment are indeed replicated on remote repositories. It’s up to you to activate the TFTP server.
Is PXE boot compatible with UEFI modes?
Yes. The IPXE file we provide is not compatible with “Secure Boot”. Therefore, you will need to disable Secure Boot in the BIOS. However, we have a mode planned that allows for “Secure Boot enabled”.
Alternatively, you can use a signed IPXE file; some solutions provide this type of file. On our side, we suggest using all Microsoft files, which are properly signed for Secure Boot BIOS. This enables full booting via TFTP, albeit slower.
Does IPXE WAPT work with Secure Boot?
No, we use the IPXE file from the official IPXE website, which is not compatible with “Secure Boot”. To address this, you have two options: Obtain a signed IPXE file (such as with IPXE Anywhere) or download the “.wim” via TFTP (which is slower).
Is it necessary to manually configure the machine's BIOS beforehand for PXE booting? Can WAPT modify the BIOS?
The BIOS must be configured beforehand, unless you initiate PXE boot manually. However, if you have a BIOS configuration tool that accepts command-line parameters, you can create a package to change those settings.
Using WinPE:
Have you planned to inject drivers (storage / network) into WinPE?
Exactly! You need to modify the “winpe.wim” file located in the “Program Files” and integrate drivers into it. The injection process can be done by following Microsoft’s official procedures.
How can I deploy a system using the WinPe key without a Domain Controller or TFTP?
In the XML files, you can remove the “Join” section to deploy a workstation outside the domain. This turns it into an offline XML, not requiring a domain. If you prefer not to use TFTP, it is possible with a USB key. You don’t need a TFTP server since WinPE will be stored on this key. Only the 80/443 ports will be used.
Is there an easy way to generate a WinPE XML file for Windows 11?
There is a slight difference in XML files between Windows 10 and Windows 11. Specifically, there is a parameter in the XML file that Windows 11 does not handle well. It does not automatically find “install to available partition” if the value is set to “True”. We will provide functional XML files for Windows 11 as we’ve realized that we haven’t offered them yet.
Can I see the procedure for creating the USB installation key?
Unfortunately, Simon couldn’t demonstrate it live. When downloading WinPE, you need to select the USB drive where you want to place the WinPE. From a security standpoint, there’s a small exception. Indeed, this action is blocked if the USB drive isn’t empty. Therefore, you must empty and format it before selecting it.
Managing Drivers:
Is it possible to find out how the drivers are installed with a Dell ".cab"?
We use the same driver packs compatible with SCCM that manufacturers like Dell or Lenovo provide. By default, we create a “c:\installdir” folder and a sub-folder “Drivers” on the machine. The driver pack is automatically rebuilt there. For the machine to retrieve drivers from this folder, they must function the same way as they do in the “Device Manager” folder. One solution is to first install the drivers on a machine and export the existing drivers using PowerShell.
Is it possible to associate a workstation model with a driver pack or an OU in order to have a predefined deployment template?
You define the OU location at the workstation level during deployment. As for the driver pack, it is not yet automatic. However, we have all the necessary information to accomplish this. One possibility is for the machine to automatically take the manufacturer’s name as the driver pack name. Currently, we prefer a different approach, but this could change in the future.
File Management:
Can I use WIM files?
Yes, the WinPE file is a WIM file. Therefore, you can edit the ISO file to modify the WIM file contained within it.
How do I remove the OOBE?
We provide an “XML Unattended” file that disables OOBE by default.
Can we use an ISO file delivered by our organization?
Exactly, as long as the ISO file contains a “setup.exe” that can support the XML configuration specified in the WAPT console.
Updating Windows Versions:
Can I update Windows versions with WAPT?
We prefer using the “WAPT Windows 10 upgrade” package for this purpose. Simply place the ISO file within the package. When initiating the installation, we rely on the ISO file and “Setup.exe” while executing “/auto upgrade/quiet”. This facilitates upgrading from an older version of Windows 10 to a newer version of Windows 10.
How do you manage Windows version updates when OSes are in several languages?
Firstly, WAPT Enterprise allows you to manage Windows updates. You can create a package “tis-windows-10-upgrade” specific to each language.
System Imaging:
Is it possible to do machine capture?
No, WAPT relies on a Microsoft ISO.
Can the complete capture of a workstation from a WDS server subsequently be deployed from WAPT?
We haven’t tested it. We’re not sure what it captures or in what format. We’re still in the early stages of deploying OS via WAPT. This is expected to evolve over time.
Miscellaneous Questions:
Is there any OS image compression?
No, WAPT does not perform image capture but offers a “fresh install” from Microsoft ISO files. This means the operating system is not installed upfront to capture its state and duplicate it on other machines.
What's the difference between an in-line and an off-line junction?
Online joining requires you to enter an ID/password in the XML file (a domain join account). With offline joining, the account will be pre-created in Active Directory.
How can I manage installations that use the "appdatalocalxxx" folder as the "temp..." folder with WAPT?
You need to launch the installation in “session setup”; the software won’t install on the machine but in each user’s session. We prefer to use portable software to place it in “Program Files”. This avoids installing the software in each session.
How do I manage disk partitioning?
By default, when you right-click on the machine, you can write a disk formatting script. Therefore, it’s possible to edit it for the machine to use it instead of using the default script.
Is the TFTP server the default WAPT server?
Not for now, but we’ve developed a “WAPT TFTP server”. We’ll make it available in WAPT, and it’s up to you whether to use it or not.
The "Load a post-install script" option does not load anything. Is a specific file format required? Does it load in the background, without displaying anything?
To make it work, the script must absolutely be a “.cmd” file.
Secure and optimize your workstation with WAPT
Managing the confidentiality, security and auditing of workstations has become crucial...
Tranquil IT and Cyberwatch interface to detect and correct vulnerabilities in Linux, Windows and MacOS environments
Tranquil IT and Cyberwatch: How to detect and correct vulnerabilities in Linux, Windows and MacOS.
FAQ WAPT 2.5 : Answers to your questions
WAPT 2.5 has been available for several months now. In this specific FAQ, you'll find 10...