WAPT 2.2 F.A.Q. : 50 questions about WAPT

by | May 5, 2022 | WAPT

As you know, each new version of WAPT has its own dedicated webinar. OS deployment management via WAPT 2.2 respects this tradition! Even if the event is over, we have a lot of good news to share with you:

Discover the replay of the WAPT 2.2 live:

WAPT 2.2 F.A.Q. Summary:

With 50 questions listed in this WAPT 2.2 F.A.Q., you’re sure to find the answers you’re looking for! We hope that the summary will help you navigate through this huge flood of information:

All about WAPT :

General questions:

Should I migrate to the Discovery version before moving to WAPT Enterprise when using WAPT Community?
No. Only the license differs between WAPT Enterprise and WAPT Discovery. You can upgrade from WAPT Community to WAPT Enterprise without any worries.
Can WAPT Self Service packages be filtered?
Yes, this is possible with WAPT Enterprise. You can make a “Self Service” package that will define the visible packages according to the Active Directory group of your users.
Can we launch a "Update-package" in one click from the console with WAPT 2.2?
Yes, you can launch it from the private repository by right clicking: “Launch Update-package”.
Why doesn't the "audit data" tab appear in the console?
You have to go to the display preferences (in the “display” menu) and check the box “see the audit data tab”.

WAPT Store :

Can we host LUTI to test and deploy our own packages?
LUTI was developed as an internal tool so it is not yet possible. It may change later.
Are there other repositories than the official WAPT repository?
Simon used to own the “fourmis du web” repository but recently closed it. With the release of LUTI, we decided to give you access to our package testing repository. Once a package is built, it has a “pending” status for 5 days. The data is sent to VirusTotal, which has enough time to make sure there are no problems.
Do you plan to create a mailing list for new packages / package updates on the WAPT Store?
No. Only our Discord server contains a “WAPT Store” room where all WAPT Store updates are uploaded.

GLPI integration:

How does the integration of WAPT with GLPI work?
During the integration of WAPT with GLPI, you are asked to install the FusionIventory agent so that WAPT can pretend to be one of these agents. The inventory data from the console is rebuilt in FusionInventory format and sent to the FusionInventory plugin. However, you can’t use WAPT from GLPI.
Does GLPI manage the normalization of software names when it is linked to WAPT?
The “inventory” part is rebuilt like FusionInventory. The “software name normalization” part is not integrated.
Does WAPT support the new version of GLPI which is based on a fork of the FusionInventory agent?
If the format of the file didn’t change, it will. WAPT rebuilds the XML file as a FusionInventory client does.

Technical questions:

How do you manage the uninstallation of recalcitrant APPX (like the XBOX Game Bar)?
Unfortunately, this is a global problem with Windows 10.
Is it possible to automatically run the reporting queries and receive a summary email?
No, this is not possible. However, our API is available. To use it, you just have to execute the query you have pre-registered to see the result or even to send it to you by email.
Can we update Windows 10 with a ".cab" file and not an ".msu" file via WAPT?
Yes, you just have to change the version inside the package. We use the Windows 10 ISO file for the major version update. The “Setup.exe” file inside this ISO allows you to update Windows 10. This package is available on the WAPT Store. You just need to edit it to completely update the workstation from an old version of Windows 10 to a new version.
Does WAPT allow the same interaction as with an Active Directory when managing a file server and a domain with Zentyal?
Yes, it works well, with or without Samba AD domain. Zentyal integrates Samba4 in Active Directory mode, so it is the same integration as with Samba-AD or MS-AD.

The WAPT roadmap:

When will OS deployment work on Linux?
We already have a working PoC for Linux. It’s not available yet, but we are thinking about it.
What about Multicast?
This is not planned. We believed that unicast is sufficient by using gigabit on the network.
When will a Dual-Boot Windows / Linux be available?
We don’t know yet how to proceed for Dual-Boot. One solution would be to start with the deployment on Windows and continue with the deployment on Linux.
What about the feature in Tech Preview that aims to replace PyScripter?
Since WAPT 2.1 you can edit a package from the console. You can even run installations. However, some features are still missing. The goal is to integrate an equivalent to PyScripter into the WAPT console.
Do you plan to integrate with a Configuration Manager interface (such as RuckZuck)?
No, not for now.

OS deployment with WAPT 2.2:

OS deployment was the real star of this webinar and brought many questions! We tried to categorize them to make it easier to read:

Why use WAPT for OS deployment?

Do you have a comparison between WAPT and WDS?
No. WAPT uses HTTP (and not TFTP) faster, which makes the startup of “WIM” faster. The installation is still the slowest part.

There is no difference when you define a workstation model, you associate it with a driver pack.

We define the OU during the “Djoin”. If the machine already exists in the Active Directory, it will remain in the same place. Defining an OU requires to indicate an administrator password for the creation of a machine account in the XML files, which we do not recommend.

What are the advantages of using WAPT for OS deployment?
First of all, WAPT tries to start from a new ISO file, which comes from the manufacturer. We can get rid of the pre-installed software and anti-virus. We prefer to start from scratch rather than having to clean the computer.

Moreover, our method is, in our opinion, simpler because it does not use “CIFS” shares. The “Djoin” is integrated by default, which makes it possible to make the junction out of domain. Finally, we only use the “80 / 443 port” in order to get out of the “TFTP” as quickly as possible. The use of remote repositories is also advantageous since everything will be automatically replicated.

How does OS deployment impact package deployment? Is there a performance penalty when using both at the same time?
The NGINX server distributes the files. Therefore, it is sufficient to evaluate your deployment capacity. Server performance may decrease because there will be less bandwidth available. You can also create a remote repository dedicated to OS deployment.

How OS deployment works via WAPT

Can we deploy OS out of the domain?
Yes, you can deploy a workstation outside the domain. However, you will have to configure a local account with a password in the “Unattended” file. The advantage of having a domain is that you can directly make a junction and have a random password with the “LAPS support”.
Can we launch several OS deployments simultaneously?
Absolutely, you can launch as many deployments as you want at the same time.
How does WAPT manage Windows authentication? Do I have to revalidate it after a long time?
With WAPT, you just have to put the machine in the domain for it to work. There is no need to make regular joins as Active Directory manages this part.

Using PXE/IPXE:

Can we deploy OS in PXE?
Yes, you can do a USB boot or a network boot (PXE). It will use the TFTP server which will be hosted on the WAPT server. You will not need a CD or a USB key.
Can we use PXE if our WAPT server uses Linux?
You can set the PXE in Linux to address the TFTP server of the WAPT server. The “wapttftpserver” has been integrated into Debian / Redhat.
Can we add an IPXE entry in the Fog Menu to add OS deployment via WAPT?
Yes, when you make your IPXE script, you can choose to start using WAPT or using Fog. Both solutions use IPXE.
Is PXE booting active on remote repositories?
All files related to the deployment of operating systems are replicated to the remote repositories. It is up to you to activate the “TFTP” server.
Is PXE boot compatible with UEFI modes?
Yes, the IPXE file we provide is not compatible with the “Secure Boot”. So you will have to disable it in the BIOS. Nevertheless, we have provided a mode that allows you to do enable the “Secure Boot”.

You can use a signed IPXE file, some solutions provide this type of file. On our side, we propose to use all Microsoft files, which are correctly signed for Secure Boot BIOS. This allows you to boot entirely in “TFTP”, although it is slower.

Does IPXE WAPT work with Secure Boot?
No, we use the IPXE file from the official IPXE website, which is not compatible with “Secure Boot”. To do this, you have two options: Have a signed IPXE file (With IPXE Anywhere, for example) or download the “.wim” in “TFTP” (which is less fast).
Do we have to manually configure the BIOS of the machine beforehand to do a PXE boot? Can WAPT modify the BIOS?
The BIOS must be configured in advance, unless you run the PXE boot by hand. However, if you have a BIOS configuration tool that accepts command line parameters, you can create a package to change the parameters in question.

Using WinPe:

Have you planned to inject drivers (storage / network) into the WinPE?
That’s right! You have to modify the “winpe.wim” file which is in the “Program file” and integrate the drivers. You can do this by following the official Microsoft procedures.
How to deploy system by WinPe key without Domain Controller or TFTP?
In the XML files, you can remove the “Junction” part in order to deploy a computer station outside the domain. It becomes an offline XML, which does not require a domain. You can bypass the use of “TFTP” with a USB key. You don’t need a TFTP server since the “WinPe” will be stored on this key. Only “ports 80 / 443” will be used.
Is there an easy way to generate a WinPE XML file for Windows 11?
There is a small difference in the XML files for Windows 10 and Windows 11. Indeed, there is a parameter of the XML file that is not well supported by Windows 11. It does not automatically find “install to available partition” if the value is “True”. We are going to provide XML files for Windows 11.
Can I see the procedure for creating the installation USB key?
Unfortunately, Simon could not show it live. When downloading the WinPe, you have to select the USB key on which you want to place the WinPe. From a security point of view, there is a small exception. Indeed, this action is blocked if the USB key is not empty. So you have to reconfigure it before selecting it.

Drivers management:

Is it possible to know how the drivers are installed with a ".cab" from Dell?
We use the same compatible with SCCM drivers pack that manufacturers like Dell or Lenovo can provide. By default, we create a “c:\installdir” folder and a “Drivers” subfolder on the computer. The driver pack is automatically rebuilt there. However, in order for the computer to retrieve them from the folder, the drivers must work in the same way as in the “Device Manager” folder. One solution is to first install the drivers on a computer and export the existing drivers with PowerShell.
Can we associate a computer model with a driver pack or an OU to have a predefined deployment template?
the location of the OU is defined at the workstation level during deployment. This is not yet automatic for the driver package. Nevertheless, we have all the information to do it. The computer could automatically take the manufacturer’s name as the driver pack name. For the moment, we prefer to work differently, but it could change.

Files management:

Can we use WIM files?
Yes, the WinPe file is a WIM file. You can edit the ISO file to change the WIM file inside.
How to remove the OOBE?
We provide an “XML Unattended” file that removes the default OOBE.
Can we use an ISO file delivered by our organization?
Absolutely, as long as the ISO file contains a “set-up.exe” file and can handle the XML configuration given in the WAPT console.

Updating Windows versions:

Can I upgrade versions of Windows with WAPT?
We prefer to use the “WAPT Windows 10 upgrade” package for this. We need to place the ISO file in the package. When we launch the installation, we base on the ISO file and the “Setup.exe” while running a “/auto upgrade/quiet”. This allows you to switch from an old version of Windows 10 to a new version of Windows 10.
How to manage the update of Windows versions when OS are in several languages?
First of all, WAPT Enterprise allows you to manage Windows updates. You can create a “tis-windows-10-upgrade” package for each language.

Snapshot capture:

Can we capture a workstation?
No, WAPT is based on an ISO from Microsoft.
Can the complete capture of a computer from a WDS server be deployed from WAPT afterwards?
We didn’t test it. We are not sure what it captures, or in what format. We are still in the early stages of OS deployment via WAPT. This will evolve over time.

Various questions:

Is there an OS image compacting?
No, WAPT does not capture screenshots but propose a “fresh install” from Microsoft ISO files. We do not install the operating system beforehand to capture its status and duplicate it on other computers.
What is the difference between an online and offline junction?
Online join requires you to enter a username/password in the XML file (i.e. a domain join account). With the offline join, the account will be pre-created in the Active Directory.
How to manage the installations that use the folder "appdatalocalxxx" as a "temp..." folder with WAPT?
You have to launch the installation in “session setup”, the software will not be installed on the machine but in each session of each user. We prefer to use a portable software to place it in “Program Files”. This avoids installing the software in each session.
How to manage disk partitioning?
By default, when you right-click on a computer, you can write a disk formatting script. You can edit it so that the computer refers to it, instead of the default script.
Is the TFTP server the default WAPT server?
For the moment no, but we have developed a “WAPT TFTP” server. We will make it available in WAPT, you are free to use it or not.
The option "Load a post-install script" does not load anything. Is it necessary to provide a specific file format? Is the loading done in the background, without showing anything?
For this to work, the script must be a “.cmd”.
And that’s it, we’re done with this WAPT 2.2 F.A.Q.! The comment area is yours if you still have questions. To make sure you don’t miss our next content (webinar, F.A.Q., or other), don’t hesitate to follow us on Reddit!
Demonstration

Group demo

18/04/2024 : 10h30 - 11h30

Let's go !