- Tactical RMM: Open Source remote monitoring and management for Windows - Thu, Jan 27 2022
- Use OpenSSL-based software XCA as offline root certificate authority for AD Certificate Services - Wed, Jan 27 2021
- Deploy software with WPKG and Active Directory - Tue, Dec 8 2020
Requirements
The basic requirement for a working installation of WPKG is to create a share accessible in read mode from your computers.
If you want to collect logs for further processing, it is advisable to create a Logs subdirectory, accessible in write mode from WPKG clients, in order to store the log files.
First, grab a copy of WPKG from the official website, unpack the zip file to a directory on your server, and then set up an SMB share (for example, \\myserver\wpkg).
What is WPKG-GP?
WPKG-GP is a client that runs as a Group Policy extension and displays messages regarding WPKG progress on the machine logon screen. We will deploy WPKG-GP at first via GPO using WPKG mechanisms. To do so, we have to set up a package in the WPKG tree.
Once you have obtained the WPKG-GP setup, copy WPKG-Gp-%version%_%architecture%.exe to the packages/WPKG-GP directory.
You can download WPKG-GP from its GitHub releases page.
Set up Wpkg-GP
Create the WPKg-GP.ini file
Create the file packages/WPKG-GP/WPKG-Gp.ini. This will be your WPKG configuration file pushed by the installer. You'll have to edit the lines highlighted in bold, according to your environment.
[WpkgConfig] EnableViaLGP = 1 IgnoreGroupPolicy = 0 DisableAtBootUp = 0 **WpkgCommand = \\myserver\wpkg\wpkg.js /synchronize** WpkgVerbosity = 1 WpkgMaxReboots = 10 WpkgRebootPolicy = force WpkgExecuteByNonAdmins = 0 WpkgExecuteByLocalUsers = 1 WpkgActivityIndicator = 1 [EnvironmentVariables] SOFTWARE =\\myserver\wpkg\packages
Tip: You can also control some parameters via GPO. ADMX templates are available in the source package or via GitHub.
Create Wpkg-GP Package
Next, create the package file packages/WPKG-GP.xml, and change the value for the variable VERSION in order to reflect the setup version you downloaded:
<?xml version="1.0" encoding="UTF-8"?> <packages> <package id="wpkg-gp" name="WPKG-GP" revision="%version%"> <variable name="VERSION" value=*0.17.17" /> <variable name="ARCHITECTURE" value="x86" architecture="x86" /> <variable name="ARCHITECTURE" value="x64" architecture="x64" /> <check type="uninstall" condition="versiongreaterorequal" path="Wpkg-GP %version% .*" value="%version%"/> <!-- Install WPKG-GP --> <!-- wpkg-gp.ini contains settings such as location of wpkg.js, username/password to connect as, and the %SOFTWARE% environment variable --> <install cmd="%SOFTWARE%\wpkg-gp\Wpkg-GP-%VERSION%_%ARCHITECTURE%.exe /S /INI %SOFTWARE%\wpkg-gp\Wpkg-GP.ini"> <exit code="3010" reboot="delayed" /> </install> <upgrade include="install" /> <remove cmd='"%PROGFILES%\WPKG-GP\uninstall.exe" /S' /> </package> </packages>
Create the Wpkg-GP Installation Group Policy Object
Before creating the group policy, create a wpkg-gp.cmd in your WPKG root share. Change the variables highlighted in bold to reflect your environment.
@ECHO OFF SET SOFTWARE=\\myserver\wpkg\packages cscript \\myserver\wpkg\wpkg.js /quiet /install:wpkg-gp
Now create a Group Policy object and link it to the organizational unit of the computers on which you want to manage software packages with wpkg.
Add a computer startup script in Computer Configuration/Policies/Windows Settings/Scripts/Startup: \\myserver\wpkg\wpkg-gp.cmd
In the same GPO, you can adjust the WPKG-GP settings.
WPKG hosts and profiles database
In order to have a working installation of WPKG, you need to create a host and profiles database.
To complete this tutorial, you need at least a default profile assigned to all hosts. So let's edit the profiles.xml file at the WPKG root:
<?xml version="1.0" encoding="UTF-8"?> <profiles:profiles xmlns:profiles="http://www.wpkg.org/profiles" xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wpkg.org/profiles xsd/profiles.xsd "> <profile id="default"> <package package-id="wpkg-gp" /> </profile> </profiles:profiles>
Tip: You can create a single XML file per profile in the Profiles folder or use a single profiles.xml file.
Next, edit the hosts.xml:
<?xml version="1.0" encoding="UTF-8"?> <hosts:wpkg xmlns:hosts="http://www.wpkg.org/hosts" xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wpkg.org/hosts xsd/hosts.xsd "> <host name=".+" profile-id="default" /> </hosts:wpkg>
The hosts file is processed from top to bottom, and the first profile match will be applied. This means that every profile you create must contain the wpkg-gp package, or it will be uninstalled at every reboot.
For example, you can create a workstations profile:
<?xml version="1.0" encoding="UTF-8"?> <profiles:profiles xmlns:profiles="http://www.wpkg.org/profiles" xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wpkg.org/profiles xsd/profiles.xsd "> <profile id="default"> <package package-id="wpkg-gp" /> </profile> <profile id="workstations"> <depends profile-id="default" /> <package package-id="7zip" /> </profile> </profiles:profiles>
If you have naming conventions for your hosts, assigning profiles is a breeze. Your hosts.xml could look like this:
<?xml version="1.0" encoding="UTF-8"?> <hosts:wpkg xmlns:hosts="http://www.wpkg.org/hosts" xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.wpkg.org/hosts xsd/hosts.xsd "> <host name="WKS.+" profile-id="workstations" /> <host name=".+" profile-id="default" /> </hosts:wpkg>
Useful resources
The WPKG wiki contains many silent installers.
If you want to give users more control over Wpkg-GP operations, you could consider adding the Wpkg-gp-client.
There's a web application called WPKG Express 2 that can be used to manage WPKG configuration and packages. It also offers reporting.
Subscribe to 4sysops newsletter!
Conclusion
Even if WPKG looks like an old project, it is still a good deployment tool, designed with simplicity in mind. At first glance, silent installer creation could seem difficult, but after some practice it will become easier than many other similar products.