Deploy software with WPKG and Active Directory

Home Blog Deploy software with WPKG and Active Directory

4sysops - The online community for SysAdmins and DevOps

    , ,   0
WPKG is a simple and powerful open source solution designed to deploy software on Windows machines without repackaging installers. It can be used to deploy many formats of installers (MSI, NSIS, Install Shield, and Inno Setup), and it can execute commands and scripts. In this tutorial, we'll see how to set up a WPKG environment in Active Directory.
Latest posts by Riccardo Bicelli (see all)
Contents of this article

Requirements ^

The basic requirement for a working installation of WPKG is to create a share accessible in read mode from your computers.

If you want to collect logs for further processing, it is advisable to create a Logs subdirectory, accessible in write mode from WPKG clients, in order to store the log files.

First, grab a copy of WPKG from the official website, unpack the zip file to a directory on your server, and then set up an SMB share (for example, \\myserver\wpkg).

What is WPKG-GP? ^

WPKG-GP is a client that runs as a Group Policy extension and displays messages regarding WPKG progress on the machine logon screen. We will deploy WPKG-GP at first via GPO using WPKG mechanisms. To do so, we have to set up a package in the WPKG tree.

Once you have obtained the WPKG-GP setup, copy WPKG-Gp-%version%_%architecture%.exe to the packages/WPKG-GP directory.

WPKG tree on server

WPKG tree on server

You can download WPKG-GP from its GitHub releases page.

Set up Wpkg-GP ^

Create the WPKg-GP.ini file

Create the file packages/WPKG-GP/WPKG-Gp.ini. This will be your WPKG configuration file pushed by the installer. You'll have to edit the lines highlighted in bold, according to your environment.

[WpkgConfig]
EnableViaLGP = 1
IgnoreGroupPolicy = 0
DisableAtBootUp = 0

**WpkgCommand = \\myserver\wpkg\wpkg.js /synchronize**

WpkgVerbosity = 1

WpkgMaxReboots = 10
WpkgRebootPolicy = force

WpkgExecuteByNonAdmins = 0
WpkgExecuteByLocalUsers = 1
WpkgActivityIndicator = 1

[EnvironmentVariables]
SOFTWARE =\\myserver\wpkg\packages

Tip: You can also control some parameters via GPO. ADMX templates are available in the source package or via GitHub.

Create Wpkg-GP Package

Next, create the package file packages/WPKG-GP.xml, and change the value for the variable VERSION in order to reflect the setup version you downloaded:

<?xml version="1.0" encoding="UTF-8"?>
<packages>
<package id="wpkg-gp" name="WPKG-GP" revision="%version%">
 
    <variable name="VERSION" value=*0.17.17" />
 
    <variable name="ARCHITECTURE" value="x86" architecture="x86" />
    <variable name="ARCHITECTURE" value="x64" architecture="x64" />
 
    <check type="uninstall" condition="versiongreaterorequal" path="Wpkg-GP %version% .*" value="%version%"/>
 
    <!-- Install WPKG-GP -->
    <!-- wpkg-gp.ini contains settings such as location of wpkg.js, username/password to connect as, and the %SOFTWARE% environment variable -->
    <install cmd="%SOFTWARE%\wpkg-gp\Wpkg-GP-%VERSION%_%ARCHITECTURE%.exe /S /INI %SOFTWARE%\wpkg-gp\Wpkg-GP.ini">
        <exit code="3010" reboot="delayed" />
    </install>
 
    <upgrade include="install" />
 
    <remove
	cmd='"%PROGFILES%\WPKG-GP\uninstall.exe" /S' />
 
</package>
</packages>

Create the Wpkg-GP Installation Group Policy Object

Before creating the group policy, create a wpkg-gp.cmd in your WPKG root share. Change the variables highlighted in bold to reflect your environment.

@ECHO OFF
SET SOFTWARE=\\myserver\wpkg\packages
cscript \\myserver\wpkg\wpkg.js /quiet /install:wpkg-gp

Now create a Group Policy object and link it to the organizational unit of the computers on which you want to manage software packages with wpkg.

Add a computer startup script in Computer Configuration/Policies/Windows Settings/Scripts/Startup: \\myserver\wpkg\wpkg-gp.cmd

In the same GPO, you can adjust the WPKG-GP settings.

Add WPKG gp installation to startup scripts

Add WPKG gp installation to startup scripts

WPKG hosts and profiles database ^

In order to have a working installation of WPKG, you need to create a host and profiles database.

To complete this tutorial, you need at least a default profile assigned to all hosts. So let's edit the profiles.xml file at the WPKG root:

<?xml version="1.0" encoding="UTF-8"?>
<profiles:profiles xmlns:profiles="http://www.wpkg.org/profiles"
	xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.wpkg.org/profiles xsd/profiles.xsd ">		

	<profile id="default">
		<package package-id="wpkg-gp" />
	</profile>		
	
</profiles:profiles>

Tip: You can create a single XML file per profile in the Profiles folder or use a single profiles.xml file.

Next, edit the hosts.xml:

<?xml version="1.0" encoding="UTF-8"?>

<hosts:wpkg xmlns:hosts="http://www.wpkg.org/hosts" xmlns:wpkg="http://www.wpkg.org/wpkg"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.wpkg.org/hosts xsd/hosts.xsd ">

	<host name=".+" profile-id="default" />
</hosts:wpkg>

The hosts file is processed from top to bottom, and the first profile match will be applied. This means that every profile you create must contain the wpkg-gp package, or it will be uninstalled at every reboot.

For example, you can create a workstations profile:

<?xml version="1.0" encoding="UTF-8"?>
<profiles:profiles xmlns:profiles="http://www.wpkg.org/profiles"
	xmlns:wpkg="http://www.wpkg.org/wpkg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.wpkg.org/profiles xsd/profiles.xsd ">		

	<profile id="default">
		<package package-id="wpkg-gp" />
	</profile>
	
	<profile id="workstations">
		 <depends profile-id="default" />
		 <package package-id="7zip" />
	</profile>
	
</profiles:profiles>

If you have naming conventions for your hosts, assigning profiles is a breeze. Your hosts.xml could look like this:

<?xml version="1.0" encoding="UTF-8"?>

<hosts:wpkg xmlns:hosts="http://www.wpkg.org/hosts" xmlns:wpkg="http://www.wpkg.org/wpkg"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.wpkg.org/hosts xsd/hosts.xsd ">

	<host name="WKS.+" profile-id="workstations" />
	<host name=".+" profile-id="default" />
</hosts:wpkg>
Wpkg GP in action at logon screen

Wpkg GP in action at logon screen

Useful resources ^

The WPKG wiki contains many silent installers.

If you want to give users more control over Wpkg-GP operations, you could consider adding the Wpkg-gp-client.

There's a web application called WPKG Express 2 that can be used to manage WPKG configuration and packages. It also offers reporting.

Subscribe to 4sysops newsletter!

Conclusion ^

Even if WPKG looks like an old project, it is still a good deployment tool, designed with simplicity in mind. At first glance, silent installer creation could seem difficult, but after some practice it will become easier than many other similar products.

+1
avatar
Related Articles
0 Comments

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

Follow 4sysops

Twitter Facebook Linkedin RSS

Subscribe to email updates

4sysops Leaderboards

Member Leaderboard – Month

Member Leaderboard – Year

Author Leaderboard – 30 Days

Author Leaderboard – Year

Site Wide Activities [RSS]

Viewing 1 - 7 of 7 items

  • Gerold Manders commented on Set up Windows 11 Home with an offline account 4 minutes ago

    During the Windows install procedure, you are asked to select a WiFi radio station to connect to for network/internet access. Simply do not connect to any WiFi node and continue.

    That won't work when you upgrade your Windows 10 installation to Windows 11. So that would be another reason to re-install instead of upgrade.

    As I live and work in South America, I work for a company in Europe. Internet over there is great, so everyone is there on the 'Cloud' band wagon. Over here internet (and the electricity grid) is not that fast or reliable, so I like things to be on-premise. You have no idea how many times I have been called an old-fashioned fossil by the pro-cloud people over in Europe. While it is simply a case of being able to continue working when internet fails and/or electricity is gone (diesel generator). As some power/internet failures are fixed within an hour, while others can take 24 hours.

    That is my reality that is simply not understood by pro-cloud persons. They say that you can continue working, because 'it is the cloud man'. They simply cannot grasp the concept of not being able to reach the systems in your cloud.

    Then again, those youngsters are also without a clue when their computers/laptops/tablets actually develop a hardware problem that is easily fixed by a person like myself. Some things are not taught anymore it seems.

    Windows 11 requires an even more simplified interface for professionals to work with? Generally speaking, have we (and the teaching institutes) not been pampering the newer generations of IT professionals too much lately?

    0
  • Profile picture of Wolfgang Sommergut

    Wolfgang Sommergut commented on Block or force upgrade to Windows 11 with Group Policy 7 minutes ago

    Jason, thanks for you link to the Microsoft documentation! Their explanation seems strange, who would use deferrals to get an upgrade to Windows 11? Even if this means that you'll not get an automatic update to Windows 11, I would not rely on Microsoft's ever changing policies and poor documentation. Rather define explicitly the target version you want in order to block or force the upgrade to Windows 11.

    0

  • Jason Sandys commented on Block or force upgrade to Windows 11 with Group Policy 57 minutes ago

    The above is not correct with respect to WUfB. Devices will never be offered the upgrade to Win 11 until or unless you (the admin) explicitly opt them into getting the upgrade using one of the targeting mechanisms. Thus, doing nothing will not opt-in any devices and will prevent them from being offered Win 11 -- users cannot work around this (unless they use media). This is explicitly called out in the official docs at https://docs.microsoft.com/en-us/windows/whats-new/windows-11-prepare#cloud-based-solutions.

    0
  • Profile picture of ioannis

    ioannis commented on Patch management tips: Updating IT systems in large and small networks 4 hours, 55 minutes ago

    I guess it all comes to our experiences so far. I still find it impossible to automate user tasks on a server. Maybe it has to do with the diversity of the applications that they are already installed. Keep in mind that if an administrator takes that road he must also test/reconfigure/update the automation processes that he already created. Yes some simple login tests can be automated but still you add up extra workload....multiply that by 1000+ ...

    Concerning the pre-prod environment (when one is present) , the key users also dont want to spend extra time testing the updates on your test environment. For them it is your test environment, not theirs. "Their" pre-prod is valuable even more than the live one....and you should treat it like the production one as well :-/ I would also like to mention that sometimes the pre-prod environment does not exist in the corporate Network.More than 50% of the applications that run on our Servers come directly from external partners that just install them and update them without even sometimes letting you know.Imagine how difficult it is to keep track of the documentation, changes and the automated users tasks you mentioned before.

    With the backups themselves it depends on the administrator and how far is he willing to go.My approach to that is the following(considering that i am the sole responsible if something goes wrong):

    Every backup system has a database.All that an administrator needs is a read-only account on that database.Then with a simple SQL query you can see if there is a succesfull backup for your servers. Simple and fast (i am already doing that with Sesam, Veeam and Netbackup). Another solution would be to ask for a daily report.It is not that big deal to receive the backup report as well. Still doing the SQL thing though because i automate it with PS.

    thank you for your reply. It is always nice to have a solid conversation.

    0
  • Profile picture of Wolfgang Sommergut

    Wolfgang Sommergut wrote a new post, Block or force upgrade to Windows 11 with Group Policy 5 hours, 24 minutes ago

    Microsoft has already started rolling out Windows 11 via Windows Update and WSUS. It is not entirely clear when individual PCs will receive the upgrade, but most companies currently do not want it anyway. This upgrade can be blocked or specifically requested using a GPO setting.

    0
  • Profile picture of Leos Marek

    Leos Marek commented on Patch management tips: Updating IT systems in large and small networks 5 hours, 55 minutes ago

    BUT having a test environment similar to your production one is simply impossible.

    Can't agree on this one. Its very easy to have identical servers/applications. What differs is the load. You can have automated tests which simulate standard user behavior. With LOB applications its common to have key users that do the tests in the test/pre-prod environment. Thats the only way how an functional update can be validated.
    When we patched business critical application (not only from OS point of view, but also the application itself) we always had a Key user who did the app test and a Local IT support guy who did OS related tests.
    Yes, system admins do not always know the app itself, thats why I said its responsibility of system AND app owners 🙂

    With the backups its not that easy. Its the same like the system/app owner relation... In large organizations, Windows admins have no access to backup systems (Tivoli, etc etc). You cant ask backup team if your 3000 servers that you are going to patch were backed up successfully.
    Cheers

    0
  • Profile picture of ioannis

    ioannis commented on Patch management tips: Updating IT systems in large and small networks 6 hours, 49 minutes ago

    Very usefull piece of Information. Thank you.
    Since it is mentioned in various articles , guides etc i have to comment on the existence of a test environment. Yes having a test environment is a must and it should be used exactly like mentioned above , BUT having a test environment similar to your production one is simply impossible. A server in the test environment will never be even close to a "live" one. Even if you clone the server and make the copie available in the test environment , the administrator cannot make sure that the server is used like the live one or even test the server himself.
    We are unaware of the specific details of the applications that run on a server and only a real user or an App Admin can really tell the impact (if there was) that an update had. Real users don't connect to our test environment. They connect to the production one.
    What are we testing then? Mostly Server stability (BSOD, reboots etc) or known issues. What kind of precautions do we take? We take snapshots or make sure that a snapshot exists. We also make sure that we take backups (or check if they exist) of crucial Applications (such as databases ) that are not covered from a snapshot.
    I also believe that no matter how big is an organisation, the administrator who performs the patch management should always be aware of the backup procedures and be always in contact with the backup team.

    0
© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account