.. Reminder for header structure:        
  Parts (H1)          : #################### with overline
  Chapters (H2)       : ******************** with overline
  Sections (H3)       : ====================
  Subsections (H4)    : --------------------
  Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^
  Paragraphs (H6)     : """""""""""""""""""""

.. meta::
 :description: Deploying your workstations via WADS
 :keywords: Documentation, Deployment, WAPT, WADS

.. |date| date::

.. _wapt_ghosting_hosts:

###############################################
Simplifying the deployment of your workstations
###############################################

Many companies and administrations include software and configurations in the OS images they deploy on their fleets of hosts.

But from now on this is no longer the recommended method for several reasons:

* Each time you make a new image, you waste a lot of time installing software and configuring it. You are very limited in the user configurations that you will be able to include in your image.

* Each time you make a new image, you will have to keep track of the changes in a text document, a spreadsheet, or a change management tool.

* OS editors (notably Microsoft) advise the use of raw ISO images and their parameterization in post-install.

* Finally, if you introduce in your image security configurations, network configurations, or configurations to limit the intrusion of telemetry, these configurations can disrupt the normal functioning of WAPT, it will complicate future diagnostics.

**With WAPT this is no longer necessary**

.. note::

    If your configuration is correct and you **simply want to review the deployment method for a machine**, you can refer to the quickstart guide.

    * :ref:`Quickstart wapt for Windows<quickstart_wads_windows>`
    * :ref:`Quickstart wapt for Linux<quickstart_wads_linux>`


***************
Recommendations
***************

Tranquil IT recommends:

* Do **not keeping** the same local **administrator password that was used during workstation deployment**.

To improve security, we recommend installing the `tis-laps-by-wapt <https://wapt.tranquil.it/store/fr/tis-laps-by-wapt>`_ package. This package automatically rotates the local administrator password after deployment.

This solution is compatible with Windows, macOS, and Linux workstations.

In addition, the **generated password is securely stored in encrypted** form and can only be accessed by authorized users. The password **information is available from the audit data of the host in the WAPT Console**.

* To make only one raw image per OS type with `MDT <https://docs.microsoft.com/en-us/mem/configmgr/mdt/>`_, `Fog <https://fogproject.org/>`_ (win10, win2016, etc) or :ref:`WAPT WADS <wapt_wads>` without any configuration or software installation.

.. white_toggle::
  :titleen: If you want to install a WAPT agent in your Windows image, follow these steps:
  :titlefr: Si vous souhaitez installer un agent WAPT dans votre image Windows, procédez comme suit :

    Run the following commands in CMD:

      .. code-block::

        net stop waptservice  
        wapt-get delete-param uuid
        wapt-get delete-public-param uuid
        wapt-get delete-public-param hardware_uuid
        wapt-get delete-param hardware_uuid
        wapt-get delete-param hostname
        wapt-get delete-public-param hostname
        del "C:\Program Files (x86)\wapt\private\*.crt" "C:\Program Files (x86)\wapt\private\*.pem"  
    
    Do a `Sysprep <https://learn.microsoft.com/fr-fr/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation?view=windows-11>`_.

    Then, shut down the machine.

* To create as many Organizational Units as you have host types in the *CN=Computers* OU (ex: *standard_laptop*, *hardened_laptop*, *workstations*, *servers*, etc) in your Active Directory.

* To configure your Active Directory to distribute the WAPT Agent by GPO to the different Host Organizational Units; this way, you can opt for fine grained configurations of your :file:`waptagent.ini` for the hosts attached to each OU.

.. hint::

  To save you time, you can base your security configuration strategy on security WAPT packages already available in the `WAPT Store <https://wapt.tranquil.it/>`_, you will only need to complete them according to your Organization's specific security requirements.

* To create in the *CN=Computers* OU as many Organizational Units as there are types of computer usage in your organization (*accounting*, *point_of_sale*, *engineering*, *sedentary_sales*, etc).

* To create generic WAPT packages of your software applications with their associated configurations.

Deployment scenario
===================

* You receive or the IT manager at the remote site receives a new computer in its box.

* You configure the host's MAC address in DHCP so that it gets the right system image and is positioned in the right Organizational Unit at the end of the deployment process.

* The expected system image is downloaded on the host in masked time, the host is placed in the right Organizational Unit.

* The WAPT Agent registers the host with the WAPT Server, it appears in the WAPT Console.

* The WAPT Agent detects that it is in an Organizational Unit that requires a particular software set and a particular security configuration.

* The WAPT Agent downloads and executes software packages and security configuration packages in hidden time; the WAPT Agent automatically removes delegated rights that are rendered useless after joining the domain to prevent them from being subsequently exploited in an unauthorized manner.

* Either by group of hosts or host by host, you finalize the configuration of the hosts by assigning specific WAPT packets to them.

.. hint::

  If you want, you can even leave the final configuration step to your users by configuring WAPT self-service for them (printer configurations, special software needs, etc).

.. _wapt_wads:

*********************************************************
Deploying your workstations via WADS |enterprise_feature|
*********************************************************

WADS for WAPT Automated Deployment Services was developed to provide a simple solution for Operating System deployments via WAPT.

The OS Deployment is available for Windows, Debian and its derivates and for RedHat and its derivates.

WADS mode of operation
======================

Schematically, deploying an :abbr:`OS (Operating System)` involves **3** steps:

1. Importing the different media and files required for the deployment, such as Operating System :mimetype:`.iso` images, driver packs and configuration files.

.. figure:: wapt-resources/wapt_wads_media-import_flow-diagram.png
  :align: center
  :alt: Flow diagram for importing the files required for the WADS deployment

  Flow diagram for importing the files required for the WADS deployment

2. Creating the boot support.

.. figure:: wapt-resources/wapt_wads_media-boot_flow-diagram.png
  :align: center
  :alt: Flow diagram for creating the booting support for the WADS deployment

  Flow diagram for creating the booting support for the WADS deployment

3. Launching the deployment on the target host using the network or a USB stick.

.. figure:: wapt-resources/wapt_wads_media-boot-launch_flow-diagram.png
  :align: center
  :alt: Flow diagram for using the boot support in the WADS deployment

  Flow diagram for using the boot support in the WADS deployment

Difference between WADS and other solutions
===========================================

* **Classic** deployment solution.

.. figure:: wapt-resources/wapt_wads_classic-deployment_flow-diagram.png
  :align: center
  :scale: 60%
  :alt: Flow diagram for a classic OS deployment

  Flow diagram for a classic OS deployment

* **WADS** deployment solution.

.. figure:: wapt-resources/wapt_wads_wads-deployment_flow-diagram.png
  :align: center
  :scale: 75%
  :alt: Flow diagram for a WADS deployment

  Flow diagram for a WADS deployment

.. hint::

  * The WADS operating mode respects the recommanded method of the OS vendor.

  * With WADS, all functionnalities are grouped on the same WAPT Server.

  * Therefore, there is no need to set up any additional infrastructure other than the WAPT Server.

Software differences
--------------------

.. list-table:: Differences between WADS and other methods
  :header-rows: 1
  :widths: auto
  :align: center

  * - WADS deployment Server
    - Standard MDT method
    - Benefit
  * - Uses iPXE
    - Uses :abbr:`CIFS (Common Internet File System)` file server protocol.
    - No need to setup a file server and no need to open additional ports.
  * - No :abbr:`OS (Operating System)` image configuration needed
    - Requires manually editing an answer file configuration.
    - Simplicity, all configurations are provided by WAPT
  * - Uses HTTPS to download the Windows OS image
    - Uses CIFS to download the Windows OS image.
    - The target hosts may be deployed over the internet using the USB stick method.
  * - The WADS method embeds all necessary files
    - The MDT method requires assembling files from different sources.
    - The deployment, the configuration and the OS updates are bundled into one WAPT software package.

*************************************************
Installing and configuring TFTP and DHCP for WADS
*************************************************

.. _tftp_server:

Installing and configuring a TFTP server
========================================
 
.. warning::

   If you have installed another tftp server on the WAPT Server, please uninstall it first.

   This documentation is for WAPT 2.2.1 and higher.

Having port udp/69 open on the WAPT Server for inbound traffic as well as the tftp ephemeral port range (49152-65535)
  
Having tftp conntrack enabled on intermediate firewalls if you have firewalls between the server and the client computer.

Choose your distribution.

.. tabs::

  .. tab:: Linux Debian and derivatives / RedHat and derivatives

    * Enable and start the TFTP server.

    .. code-block:: bash

      systemctl enable wapttftpserver
      systemctl start wapttftpserver

    * You may test that the tftp server works properly using a tftp client and test download the :file:`snponly.efi` file. 
      If you are testing the following command on a RedHat based machine other than the waptserver, beware of the local outbound firewall that blocks outgoing tftp client requests.

    .. code-block:: bash

      cd ~
      tftp srvwapt.mydomain.lan
        binary
        get snponly.efi
        quit
      ls -l snponly.efi

  .. tab:: Windows

    * When installing the server, tick the WADS tftp check mark. 
      You can re-run the installer if it was not done at that time. 
      You can check that the service is configured and running with the command:

    .. code-block:: bash

      sc query wapttftpserver

    * If the server is installed but not started, you can start it with:

    .. code-block:: bash

      net start wapttftpserver

.. _dhcp_server:

Installing and configuring a DHCP server
========================================

You can either use HTTP or TFTP (slower) to download binaries.

.. warning::
  
  Downloading through HTTP implies the use of an iPXE binary (:file:`ipxe.efi` or :file:`snponly.efi`) that is not signed and it will NOT BE POSSIBLE to enable SECURE BOOT on the client machines.

Hybrid DHCP configuration
-------------------------

Here is a configuration that transfers the bootfile and binaries through TFTP if UEFI is enabled.
Secure Boot is possible.

.. note::

  The Hybrid DHCP configuration, do not work for a Linux deploiement.

.. tabs::

  .. tab:: DHCP server

    For example:

    .. code-block::

      subnet 192.168.110.0 netmask 255.255.255.0 {
      option routers 192.168.110.1;
      option subnet-mask 255.255.255.0;
      option domain-name-servers 192.168.110.1;
      next-server 192.168.110.30;  # TFTP server (Option 66)

      # If not iPXE
      if not exists user-class {
        # If legacy BIOS
        if (option vendor-class-identifier = "PXEClient:Arch:00000") {
          filename "boot/pxeboot.n12";
        } else {
          filename "efi/boot/bootmgfw.efi";
        }
      }
      # If iPXE
      else if option user-class = "iPXE" {
        # If legacy BIOS
        if (option vendor-class-identifier = "PXEClient:Arch:00000") {
          filename "http://srvwapt.mydomain.lan/api/v3/baseipxe?uefi=false&keymap=fr";
        } else {
          filename "http://srvwapt.mydomain.lan/api/v3/baseipxe?keymap=fr";
        }
      }
      }
   
    For more information you can refer to https://ipxe.org/howto/dhcpd

  .. tab:: DNSMASQ server

    For example:

    .. code-block::
      
      # Basic DHCP configuration
      interface=eth0
      dhcp-range=192.168.110.10,192.168.110.100,12h
      dhcp-option=3,192.168.110.1           # Default gateway
      dhcp-option=6,192.168.110.1           # DNS server

      # External TFTP server (Option 66)
      dhcp-option=66,192.168.110.30

      # Define client types
      dhcp-match=set:legacybios,PXEClient:Arch:00000
      dhcp-userclass=set:ipxe,iPXE

      # Not iPXE and legacy BIOS → pxeboot.n12
      dhcp-boot=tag:legacybios,tag:!ipxe,boot/pxeboot.n12,192.168.110.30

      # iPXE and legacy BIOS → iPXE URL with uefi=false
      dhcp-boot=tag:legacybios,tag:ipxe,http://srvwapt.mydomain.lan/api/v3/baseipxe?uefi=false&keymap=fr

      # Not iPXE and not legacy BIOS → bootmgfw.efi (UEFI boot)
      dhcp-boot=tag:!legacybios,tag:!ipxe,efi/boot/bootmgfw.efi,192.168.110.30

      # iPXE and not legacy BIOS → iPXE URL with uefi=true (implied)
      dhcp-boot=tag:!legacybios,tag:ipxe,http://srvwapt.mydomain.lan/api/v3/baseipxe?keymap=fr

      

  .. tab:: Windows

    You can use the following PowerShell command line to configure booting on your network.
    Please adapt the TFTP Server name and the deployment scope depending on your current installation.

    .. code-block:: powershell

      $scopeId = "192.168.110.0"  # target network
      $waptserver_ipaddress_tftp = "192.168.110.30"
      $url_waptserver = "http://srvwapt.mydomain.lan"
      $keymap = "fr"

      # Define DHCP Classes
      Add-DhcpServerv4Class -Name "legacy_bios" -Type Vendor -Data "PXEClient:Arch:00000" -ErrorAction SilentlyContinue
      Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE" -ErrorAction SilentlyContinue

      # Define option 66 (TFTP) for the declared scope only
      Set-DhcpServerv4OptionValue -ScopeId $scopeId -OptionId 66 -Value $waptserver_ipaddress_tftp

      # Define policies for this scope

      # 1. Legacy BIOS without iPXE
      Add-DhcpServerv4Policy -ScopeId $scopeId -Name "pxebootn12" -Condition AND -UserClass NE,iPXE -VendorClass EQ,legacy_bios* -ErrorAction SilentlyContinue
      Set-DhcpServerv4OptionValue -ScopeId $scopeId -PolicyName "pxebootn12" -OptionID 67 -Value "boot/pxeboot.n12"

      # 2. iPXE + legacy BIOS
      Add-DhcpServerv4Policy -ScopeId $scopeId -Name "wapt-ipxe-url-legacy" -Condition AND -UserClass EQ,iPXE -VendorClass EQ,legacy_bios* -ErrorAction SilentlyContinue
      Set-DhcpServerv4OptionValue -ScopeId $scopeId -PolicyName "wapt-ipxe-url-legacy" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?uefi=false&keymap=$keymap"

      # 3. Non iPXE + non legacy BIOS
      Add-DhcpServerv4Policy -ScopeId $scopeId -Name "bootmgfw.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios* -ErrorAction SilentlyContinue
      Set-DhcpServerv4OptionValue -ScopeId $scopeId -PolicyName "bootmgfw.efi" -OptionID 67 -Value "efi/boot/bootmgfw.efi"

      # 4. iPXE + UEFI
      Add-DhcpServerv4Policy -ScopeId $scopeId -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios* -ErrorAction SilentlyContinue
      Set-DhcpServerv4OptionValue -ScopeId $scopeId -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?keymap=$keymap"

HTTP configuration 
------------------
The PXE booting is a two step process.
First the UEFI/BIOS bootloader will download iPXE binary from the tftp server, then iPXE binary will download the iPXE script and boot binaries from http.
This is why we need to have a two step PXE DCHP configuration.

.. tabs::

  .. tab:: DHCP server

    For example:

    .. code-block:: xml

      <!-- global options -->
      next-server 192.168.110.30;

      option ipxe-url code 175 = text;
      option client-architecture code 93 = unsigned integer 16;

      <!-- subnet mydomain.lan netmask 255.255.255.0 -->

      if option client-architecture = 00:00 {
        if exists user-class and option user-class = "iPXE" {
          filename "http://srvwapt.mydomain.lan/api/v3/baseipxe?uefi=false&keymap=fr";
        }
        else{
          filename "undionly.kpxe";
        }

      } else {
        if exists user-class and option user-class = "iPXE" {
          option ipxe-url "http://srvwapt.mydomain.lan:80/";
          filename "http://srvwapt.mydomain.lan/api/v3/baseipxe?keymap=fr";
        }
        else{
          filename "snponly.efi";
        }
      }

    For more information you can refer to https://ipxe.org/howto/dhcpd

  .. tab:: DNSMASQ server

    For example:

    .. code-block:: xml

      dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
      dhcp-boot=tag:!ipxe,undionly.kpxe,IP_WAPTSERVER
      dhcp-boot=tag:ipxe,http://srvwapt.mydomain.lan/api/v3/baseipxe?uefi=false

    For example for one machine:

    .. code-block:: xml

      dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
      dhcp-mac=set:waptserver,MAC_ADDRESS_TARGET_COMPUTER
      dhcp-boot=tag:!ipxe,undionly.kpxe,waptserver,IP_WAPTSERVER
      dhcp-boot=tag:ipxe,http://srvwapt.mydomain.lan/api/v3/baseipxe?uefi=false,waptserver

  .. tab:: Windows

    You can use the following PowerShell command line to configure iPXE booting on your network.
    Please adapt the *$url_waptserver* and *$waptserver_ipaddress_tftp* depending on your current installation.
    *keymap* is the keyboard language.

    .. code-block:: powershell

      $waptserver_ipaddress_tftp = "192.168.110.30"
      $url_waptserver = "http://srvwapt.mydomain.lan"
      $keymap = "fr"

      Add-DhcpServerv4Class -Name "legacy_bios" -Type Vendor -Data "PXEClient:Arch:00000"
      Add-DhcpServerv4Class -Name "iPXE" -Type User -Data "iPXE"

      Set-DhcpServerv4OptionValue -OptionId 66 -Value "$waptserver_ipaddress_tftp"

      Add-DhcpServerv4Policy -Name "wapt-ipxe-url-legacy" -Condition AND -UserClass EQ,iPXE -VendorClass EQ,legacy_bios*
      Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-legacy" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?uefi=false&keymap=$keymap"

      Add-DhcpServerv4Policy -Name "wapt-ipxe-url-uefi" -Condition AND -UserClass EQ,iPXE -VendorClass NE,legacy_bios*
      Set-DhcpServerv4OptionValue -PolicyName "wapt-ipxe-url-uefi" -OptionID 67 -Value "$url_waptserver/api/v3/baseipxe?keymap=$keymap"

      Add-DhcpServerv4Policy -Name "snponly.efi" -Condition AND -UserClass NE,iPXE -VendorClass NE,legacy_bios*
      Set-DhcpServerv4OptionValue -PolicyName "snponly.efi" -OptionID 67 -Value "snponly.efi"

      Add-DhcpServerv4Policy -Name "undionly.kpxe" -Condition AND -UserClass NE,iPXE -VendorClass EQ,legacy_bios*
      Set-DhcpServerv4OptionValue -PolicyName "undionly.kpxe" -OptionID 67 -Value "undionly.kpxe"

      For more information, you can refer to https://ipxe.org/howto/msdhcp


.. attention::

  If your DHCP server does not allow you to set such conditions, you can run the following script that will compile customized bootfiles:

  .. code-block:: bash

    /opt/wapt/waptserver/scripts/compile_ipxe.sh

  It will create 3 bootfiles that you can use on your DHCP server: :file:`ipxe_custom.efi` (UEFI), :file:`snponly_custom.efi` (UEFI) and :file:`undionly_custom.kpxe` (Legacy).

.. _wapt_wads_windows:

*************************************
How to add computers to the wads list
*************************************

To add a workstation, you must at least know its hostname and mac addresses.

With wapt you have three main ways in the top menu of WADS for adding computers.

* By using :menuselection:`New` button.

* By using :menuselection:`Export selected hosts to WADS` button.

* By using :menuselection:`Import CSV` button.


The New button
==============

This option allows you to add individual computers manually. However, it does not support the configuration of multiple workstations at once.

If you already have :file:`Configuration` and :file:`Drivers`, you can drop them directly onto the new workstation to be deployed.

Example :

.. image:: wapt-resources/WADS-New_button.png
 :scale: 75%
 :align: center
 :alt: Deployment by new button on WADS


.. _export_selected_host_button:


The Export selected hosts to WADS button
========================================

This method can be used for computers that already have a wapt agent registered in the WAPT server.

By default, the button is not present in the menu bar. It can be activated in the inventory tab of the WAPT.

.. note::
  To activate the :menuselection:`Export selected hosts to WADS`, Go to the Inventory, then right-click in the toolbar, select :guilabel:`Customize the toolbar`.
  In the "Available commands", select "WADS", :menuselection:`Export selected hosts to WADS` and add in the "Toolbar commands".

    .. image:: wapt-resources/WADS-Add_export_button_in_inventory.png
      :scale: 50%
      :align: center
      :alt: Add export button in inventory


You can now select multiple workstations in the WAPT inventory and click on :menuselection:`Export selected hosts to WADS`. The selected workstations will then appear in the WADS tab.


The Import CSV option
=====================

This option allows the addition of multiple computers at once using a single :file:`CSV` file. 

In the :file:`CSV` file, you may include the following columns: "hostname", "mac_addresses", "status", "waiting_to_deploy", "product_key", "deploy_config_name", "driver_bundle", "disk_format", "djoin", "manufacturer", "uuid", "product", and "serial_number."

The minimum required columns are "hostname" and "mac_addresses."

Example of .csv document with the minimal requierement : 

.. code-block:: bat

  hostname;mac_addresses
  test1;08:00:27:00:fd:c1
  test2;08:00:27:00:fd:c2
  test3;08:00:27:00:fd:c3


****************************************************
Deploying a Windows OS via WADS |enterprise_feature|
****************************************************



.. hint::
  **Guidelines for Deploying Windows 11 OS**

  * **Windows 10 → Windows 11 (any version)**

    - Full upgrade only, requires an ISO.

  * **Windows 11 21H2 → Windows 11 22H2 or 23H2**

    - Full upgrade only, requires an ISO.

  * **Windows 11 22H2 → Windows 11 23H2**

    - Feature update via enablement package (KB5027397).

    *or*

    - Full upgrade requiring an ISO.

  * **Windows 11 21H2 / 22H2 / 23H2 → Windows 11 24H2**

    - Full upgrade only, requires an ISO.

IPXE Deployment process
=======================

1. **Using BIOS/UEFI**:

* the host makes a *DHCP* request to obtain an *IP* and the *PXE configuration* (TFTP server IP & iPXE file name)
  
or

* the host boots from a USB stick which embeds the *PXE configuration*

.. note::
  Tftp is not a protocol that cannot be secured, so the preferred method is to boot using a USB key.

2. **Using BIOS/UEFI**:

* the host makes a *TFTP* request to get *iPXE* and her configuration

or

* the host runs the *iPXE configuration* from the USB stick.

3. Then, using **iPXE**, the host makes a *HTTPS* request to the WADS Server to obtain the :abbr:`BCD (Boot Configuration Data)` and the :file:`WinPE` file.

4. Finally, using **WinPE**, the host contacts the WADS Server via *HTTP* to obtain the OS iso file and its associated configuration files.

.. warning::
  * USB stick: secure boot possible (official winpe files used). Works only under Windows.
  * The ipxe file provided by WAPT does not support secure boot (ipxe file from https://ipxe.org/).
  * You can buy a signed ipxe file from https://2pintsoftware.com/ (iPXE Anywhere) in order to use the secure boot. 
  * Deployment is also possible through TFTP exclusively although it is very slow.

Requirements before starting
============================

1. To use WADS on your WAPT Console, you need to install a specific package on your management station.

Two packages are available, only one is needed.
Choose according to your needs:

* `This package <https://wapt.tranquil.it/store/tis-wads-requirement-minimal>`_ integrates the **minimal requirements** for creating a WinPE file.

2. As of |date|, the user account using the WADS Console **MUST** have Local Administrator rights in the :ref:`WAPT Access Control Lists <ACL>`.

3. Signing WADS with your certificate:

* Go to the :menuselection:`Tools --> Sign Deploy Exe`.

.. image:: wapt-resources/wapt_console_tools-menu_dialog-box.png
 :scale: 75%
 :align: center
 :alt: Tools menu in the WAPT Console

* Click on the :guilabel:`Sign` button:

.. figure:: wapt-resources/wapt_console_sign-exe_container-window.png
 :scale: 75%
 :align: center
 :alt: Window for signing binaries in the WAPT Console

4. Go to the :guilabel:`OS Deploy` tab:

.. figure:: wapt-resources/wapt_wads_main_container-window.png
    :scale: 50%
    :align: center
    :alt: Main window of the WADS Console

    Main window of the WADS Console

.. _add_winpe:

Adding the WinPE files
======================

.. note::

  :file:`WinPE` cannot be created from the Linux console. However, once the :file:`WinPE` has been uploaded to the WAPT server (by Windows console), machine deployment can be managed from the Linux WAPT Console.

`WinPE <https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/winpe-intro?view=windows-11>`_ is a minimal operating system used to install, deploy, and repair Windows.

On WADS, WinPE is used to bootstrap the deployment of Windows.

* If no WinPE file exists, or WinPE file is outdated then this pop-up will appear.

.. tabs::
  
  .. tab:: no WinPE file exists

    .. image:: wapt-resources/wapt_wads_winpe-add_dialog-box.png
        :align: center
        :alt: Dialog box informing to upload a WinPE file in the WADS Console

  .. tab:: WinPE file outdated

    .. image:: wapt-resources/wapt_wads_winpe_outdated.png
        :align: center
        :alt: Dialog box informing to update a WinPE file in the WADS Console

* Then click on :guilabel:`Upload WinPE`.

* Choose the keyboard layout.
  **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**.

* Select the certificate with which to sign the USB stick files.

.. figure:: wapt-resources/wapt_wads-create-winpe_dialog-box.png
    :scale: 75%
    :align: center
    :alt: Dialog box for selecting the keyboard in the WADS Console, certificates and drivers

.. note::

  Two options have been added to the WinPE configuration file:

  **Switch to Microsoft CA 2023 EFI Bootloader** : When enabled, this option loads the EFI bootloader with Microsoft's 2023 certificate. By default, WinPE boots using the 2011 certificate, which will expire in July 2026. Enabling this option ensures compatibility with modern secure boot requirements.

  **Ask for Static IP Address** : If your deployment environment lacks DHCP, you can use this option to prompt for a static IP address and network configuration during deployment. A dialog box will appear on the target machine, allowing you to manually specify the required network settings.

* If needed, please add network drivers in order to boot with PXE

* Wait while the :file:`WinPE` file uploads onto the WAPT administration computer.

.. image:: wapt-resources/wapt_wads_winpe_upload_information-box.png
    :align: center
    :scale: 100%
    :alt: Loading the WinPE file in the WADS Console

* Wait while the :file:`WinPE` file uploads to the WADS Server.

The :file:`WinPE` file has been successfully uploaded to the WADS Server.

.. hint::

  After each upgrade, you will have to re-sign the WinPE file.
  Do not forget to keep up-to-date network drivers if needed.

Adding the Operating System ISO
===============================

The next step is to add the Operating System :mimetype:`.iso` file to use for deploying Windows.

* Use the latest official Windows release from `Microsoft <https://www.microsoft.com/en-us/software-download/windows10>`_ as the :mimetype:`.iso` file.

.. figure:: wapt-resources/wapt_wads_iso-select_container-window.png
  :scale: 75%
  :align: center
  :alt: ISO section of the WADS Console

  ISO section of the WADS Console

* In the :guilabel:`Install ISO` section in the main WADS Console, click on the :guilabel:`+` button to upload the selected :mimetype:`.iso` file.

* Select the :mimetype:`.iso` file and give it a name.

.. figure:: wapt-resources/wapt_wads_iso_select_dialog-box.png
  :align: center
  :alt: Dialog box for selecting the ISO file to upload to the WADS Server

  Dialog box for selecting the ISO file to upload to the WADS Server

* When uploaded, the :mimetype:`.iso` file is signed with the selected certificate.

.. figure:: wapt-resources/wapt_wads_iso_signing_dialog-box.png
  :scale: 75%
  :align: center
  :alt: Dialog box informing of the signing progression of the ISO file in the WADS Console

  Dialog box informing of the signing progression of the ISO file in the WADS Console

* After the signing step has successfully completed, the :mimetype:`.iso` file is uploaded to the WADS Server.

.. figure:: wapt-resources/wapt_wads_iso_uploading_dialog-box.png
  :align: center
  :alt: Dialog box informing of the uploading progession of the ISO file in the WADS Console

  Dialog box informing of the uploading progession of the ISO file in the WADS Console

* After the uploading step has successfully completed, the :mimetype:`.iso` file appears in the :guilabel:`Install iso` section in the main WADS Console.

.. image:: wapt-resources/wapt_wads_iso-uploaded_screen-item.png
  :align: center
  :alt: The ISO file has been successfully added to the WADS repository

.. hint::

  It is possible to upload several :mimetype:`.iso` versions of Windows for different use cases.

.. _wads_xml_config:

Adding the Configuration answer file
====================================

The next step is to add the Configuration answer file that will be used to configure the deployment of the Windows Operating System.

.. figure:: wapt-resources/wapt_wads_xml-select_container-window.png
  :scale: 50%
  :align: center
  :alt: Answer file section of the WADS Console

  Answer file section of the WADS Console

* In the :guilabel:`Configuration` section click on the :guilabel:`+` button to configure the answer file.

.. figure:: wapt-resources/wapt_wads_xml-create_container-window.png
  :scale: 50%
  :align: center
  :alt: Window for creating the answer configuration file in the WADS Console

  Window for creating the answer configuration file in the WADS Console

.. list-table:: Options for the answer file in the WADS Console
  :header-rows: 1
  :widths: auto

  * - Options
    - Description
  * - :guilabel:`Config Name` 
    - Defines the name of the XML answer file.
  * - :guilabel:`ISO Name`
    - Defines the :mimetype:`.iso` file to associate to the XML answer file.
  * - :guilabel:`For Windows`
    - Defines whether you install a Windows OS or Linux if unchecked.
  * - :guilabel:`Install Wapt`
    - Defines whether to install the **WAPT agent** after the installation of the Operating System.
  * - :guilabel:`Configuration file`
    - Defines the `XML answer files <https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs>`_ template to use for Windows or the configuration file for Linux.
  * - :guilabel:`Post install Script`
    - Defines a :mimetype:`.bat` post-install script to be run after the installation of the Operating System.

* Insert into the :guilabel:`Config Name` field the name of the answer file.

* Select with the :guilabel:`Iso Name` dropdown the ISO file to association to the deployment configuration.

* Check or uncheck the :guilabel:`Install WAPT` checkbox to install the WAPT Agent by default.

* Check or uncheck the :guilabel:`For Windows` checkbox to install a Windows OS.

* Select the answer file template to associate to the deployment configuration with the :guilabel:`Configuration File` field.
  If the OS is not Windows, select the configuration file for Linux.

* If necessary, set the post-install script in :guilabel:`Post install Script`, for example:

.. code-block:: bat

  Example 1 : If you want to install specific packages and wait for them all to be installed.

  "C:\Program Files (x86)\wapt\wapt-get.exe" -S ping --trycount=10 --retrydelay=5
  "C:\Program Files (x86)\wapt\wapt-get.exe" update -S
  "C:\Program Files (x86)\wapt\wapt-get.exe" -S install package-name
  "C:\Program Files (x86)\wapt\wapt-get.exe" -S install package-name2
  
  Example 2 : If you just want to upgrade, and packages will be installed by OU.
  start  cmd /c ping 127.0.0.1 -n 30  ^& start "" "C:\Program Files (x86)\wapt\waptexit.exe"

* Click on the :guilabel:`Save` button to create the answer file.

* When done, the configuration appears in the :guilabel:`Configuration` section.

.. figure:: wapt-resources/wapt_wads_xml-uploaded_screen-item.png
  :align: center
  :alt: Answer file added to the WADS Server in the WADS Console

  Answer file added to the WADS Server in the WADS Console

.. hint::

  It is possible to create several answer file configurations for different versions of Windows / Linux and for different use cases.

Substitution of variables in the XML answer file
------------------------------------------------

When WADS writes the XML answer file, some template variables are automatically replaced with values from the deployment context.

Available variables
^^^^^^^^^^^^^^^^^^^

``{{hostname}}``
  Replaced with the hostname of the machine.

``{{architecture}}``
  Replaced with the architecture of the ISO image associated with the configuration.

For example, if the machine hostname is ``PC-001`` and the associated ISO architecture is ``amd64``, the generated XML will contain the resolved values:

.. code-block:: text

  {{hostname}}     -> PC-001
  {{architecture}} -> amd64

.. note::

  The substitution is done when the XML answer file is written.
  The final XML file therefore no longer contains the ``{{hostname}}`` or ``{{architecture}}`` variables, but their corresponding values.

Selecting the Windows edition from the ISO
------------------------------------------

When an ISO contains several Windows editions, the edition to install is selected in the XML answer file with the ``InstallFrom`` metadata block.

For example, the following configuration selects the ``Professional`` edition:

.. code-block:: xml

  <InstallFrom>
      <MetaData>
          <Key>/IMAGE/FLAGS</Key>
          <Value>Professional</Value>
      </MetaData>
  </InstallFrom>

The ``Key`` defines which image metadata is used to select the Windows image, and the ``Value`` defines the expected value for the selected image.

In this example, Windows Setup searches the image contained in the ISO whose ``/IMAGE/FLAGS`` value is ``Professional``.

Selecting the edition by image index
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It is also possible to select the Windows edition by using the image index from the ``install.wim`` or ``install.esd`` file.

Before running ``DISM``, the Windows ISO must first be extracted or mounted in order to access the image file located in the ``sources`` directory.

For example, after extracting the ISO, you can list the available images with the following command:

.. code-block:: bat

  DISM /Get-WimInfo /WimFile:"C:\tranquilit\Win11_25H2_French_x64\sources\install.wim"

Example output:

.. code-block:: text

  Index : 6
  Nom : Windows 11 Professionnel
  Description : Windows 11 Professionnel

In this example, ``Windows 11 Professionnel`` corresponds to index ``6``.

The XML answer file can therefore select this image with ``/IMAGE/INDEX``:

.. code-block:: xml

  <InstallFrom>
      <MetaData>
          <Key>/IMAGE/INDEX</Key>
          <Value>6</Value>
      </MetaData>
  </InstallFrom>

Windows Setup will then install image index ``6`` from the ``install.wim`` file.

If the ISO contains an ``install.esd`` file instead of an ``install.wim`` file, adapt the command accordingly:

.. code-block:: bat

  DISM /Get-WimInfo /WimFile:"C:\tranquilit\Win11_25H2_French_x64\sources\install.esd"

Microsoft documentation for the ``InstallFrom`` metadata block is available here:

https://learn.microsoft.com/fr-fr/windows-hardware/customize/desktop/unattend/microsoft-windows-setup-imageinstall-dataimage-installfrom-metadata

.. note::

  The value configured in the XML answer file must match one of the images available in the ISO.
  The image indexes can differ depending on the ISO used, so they must be checked from the ``install.wim`` or ``install.esd`` file associated with the configuration.

Running the WADS post-installation script
-----------------------------------------

The WADS post-installation script can be launched in two different ways, depending on the XML answer file content.

Method 1: using a scheduled task
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If the XML answer file contains the following block:

.. code-block:: xml

  <component name="Microsoft-Windows-Deployment"
             processorArchitecture="{{architecture}}"
             publicKeyToken="31bf3856ad364e35"
             language="neutral"
             versionScope="nonSxS"
             xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <RunSynchronous>
          <RunSynchronousCommand wcm:action="add">
              <Path>"c:\installdir\wads.exe" --setup-startup-script="c:\installdir\SetupComplete.cmd"</Path>
              <Order>2</Order>
              <Description>postinstall</Description>
          </RunSynchronousCommand>
      </RunSynchronous>
  </component>

WADS installs a scheduled task.

This scheduled task runs at system startup and launches the following script:

.. code-block:: text

  c:\installdir\SetupComplete.cmd

At the end of the script execution, the scheduled task is automatically disabled.

.. note::

  The XML answer file provided by default in WAPT contains this configuration block.
  By default, WAPT therefore uses the startup-script method through a scheduled task.

Method 2: using SetupComplete.cmd
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

If the XML block shown above is not present, WADS uses the standard Microsoft method described here:

https://learn.microsoft.com/fr-fr/windows-hardware/manufacture/desktop/add-a-custom-script-to-windows-setup?view=windows-11

In this case, the post-installation script is written to:

.. code-block:: text

  %WINDIR%\Setup\Scripts\SetupComplete.cmd

With this method, the computer startup is blocked until the post-installation script has finished running.

.. warning::

  This method may not work in some cases.

  Microsoft indicates that this mechanism is disabled when using OEM product keys, except for Enterprise editions and Windows Server operating systems.

Joining the host to an Active Directory domain
==============================================

You can use your own answer file with WADS but by default, WADS integrate *2* types of answer files for Windows:

* **Offline** to join a computer with the `DirectAccess Offline Domain Join (Djoin) <https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess-offline-domain-join>`_ method.

* **Online** to join a computer on the AD.

.. tabs::

  .. _wads_join_online:

  .. tab:: Online method

    Update this part with your **join service account**, you can give a specific :abbr:`OU (Organizational Unit)` if you want.
    If not, just delete the line :guilabel:`MachineObjectOU`.

    .. code-block:: xml

      <Identification>
        <Credentials>
          <Domain>mydomain.lan</Domain>
          <Password>password</Password>
          <Username>wadsjoin</Username>
        </Credentials>
        <JoinDomain>mydomain.lan</JoinDomain>
        <MachineObjectOU>OU=MyOu,OU=MyParentOu,DC=MyDomain,DC=lan</MachineObjectOU>
      </Identification>

  .. _wads_join_offline:

  .. tab:: Offline method

    The offline method uses the `Djoin <https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/directaccess-offline-domain-join>`_ method.

    * Right-click on the host to open the menu list.

    .. image:: wapt-resources/wapt_wads_menu-list.png
      :align: center
      :scale: 75%
      :alt: WADS menu list

    * Click on :guilabel:`Prepare Djoin`.

    * Select the :abbr:`OU (Organizational Unit)` to which to attach the host (or define it manually) and click on :guilabel:`Save`.

    .. figure:: wapt-resources/wapt_console_wads-djoin-select-ou_dialog-box.png
      :align: center
      :scale: 75%
      :alt: Selecting the Organizational Unit to which to automatically attach the re-imaged host

      Selecting the Organizational Unit to which to automatically attach the re-imaged host

    You can check :guilabel:`Do not use current user` if your current user can not or must not join a computer to the domain.
    If checked, you have to give manually **Domain**, **Host OU**, **User** (just the sAMAccountName, not the UPN nor the DOMAIN\user) and **password**.

    You can check :guilabel:`Overwrite the existing machine` in order to join anew a computer.

    * The :file:`Djoin` file is ready to be used to join the host as a member to the Active Directory domain.

How the Djoin data is used by Windows
-------------------------------------

The ``djoin`` mechanism allows a machine to join an Active Directory domain offline, using provisioning information injected into the XML answer file.

In the XML configuration used for ``djoin``, the following block is used:

.. code-block:: xml

  <component name="Microsoft-Windows-UnattendedJoin"
             processorArchitecture="{{architecture}}"
             publicKeyToken="31bf3856ad364e35"
             language="neutral"
             versionScope="nonSxS"
             xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <OfflineIdentification>
          <Provisioning>
              <AccountData>{{djoin}}</AccountData>
          </Provisioning>
      </OfflineIdentification>
  </component>

The ``{{djoin}}`` variable is replaced with the machine-specific ``djoin`` value when the XML answer file is written.

This value contains the information required to provision the machine offline in the domain.
During Windows installation, the ``Microsoft-Windows-UnattendedJoin`` component reads the information from the ``OfflineIdentification`` block and uses it to join the machine to the domain without requiring manual input.

Microsoft documentation for this component is available here:

https://learn.microsoft.com/fr-fr/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-offlineidentification

.. note::

  WAPT/WADS does not directly join the machine to the domain at this step.
  It injects the ``djoin`` data into the XML answer file, then Windows uses this information during installation to perform the offline domain join.

Adding drivers
==============

The next step is to add driver bundles that will be used during the deployment of the Windows Operating System.

.. figure:: wapt-resources/wapt_wads_drivers_container-window.png
  :scale: 50%
  :align: center
  :alt: Drivers section of the WADS Console

  Drivers section of the WADS Console

* In the :guilabel:`Drivers` section click on the :kbd:`+` button to add a driver pack to the WADS Server.

This window allows you to upload the driver bundles to associate to the Windows deployment.

.. figure:: wapt-resources/wapt_wads_drivers-select_container-window.png
  :scale: 75%
  :align: center
  :alt: Window for creating the driver bundles in the WADS Console

  Window for creating the driver bundles in the WADS Console

.. list-table:: Options for the driver bundles in the WADS Console
  :header-rows: 1
  :widths: auto

  * - Options
    - Description
  * - :guilabel:`Choose Dir` 
    - Defines the path to the folder containing the driver bundles.
  * - :guilabel:`Name`
    - Defines the name of the driver bundle.

* Click on the :guilabel:`Save` button, the uploading of the driver bundles starts.

.. figure:: wapt-resources/wapt_wads_drivers-uploading_dialog-box.png
  :scale: 75%
  :align: center
  :alt: Dialog box informing the uploading progression of the driver bundles in the WAPT Console

  Dialog box informing the uploading progression of the driver bundles in the WAPT Console

* When uploaded, the drivers pack appears in the :guilabel:`Drivers` section of the WADS Console.

.. figure:: wapt-resources/wapt_wads_drivers-uploaded_screen-item.png
  :align: center
  :alt: The drivers pack has been uploaded to the WADS Server

  The drivers pack has been uploaded to the WADS Server

It is possible to create several driver packs for different versions of Windows and for different use cases.

How Windows finds drivers during installation
---------------------------------------------

During Windows installation, drivers can be provided through the XML answer file used by WAPT/WADS.

The default XML configuration provided by WAPT contains the following block:

.. code-block:: xml

  <settings pass="offlineServicing">
      <component name="Microsoft-Windows-PnpCustomizationsNonWinPE"
                 processorArchitecture="{{architecture}}"
                 publicKeyToken="31bf3856ad364e35"
                 language="neutral"
                 versionScope="nonSxS"
                 xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <DriverPaths>
              <PathAndCredentials wcm:keyValue="1" wcm:action="add">
                  <Path>c:\installdir\drivers</Path>
              </PathAndCredentials>
          </DriverPaths>
      </component>
  </settings>

When you declare a driver bundle in WAPT, WADS recreates the provided driver folder in the following directory:

.. code-block:: text

  c:\installdir\drivers

The bundle content is copied as-is into this directory.

The XML block tells Windows Setup to use this directory as a driver source. Windows will therefore search for the required drivers in:

.. code-block:: text

  c:\installdir\drivers

You must provide drivers in a format compatible with Windows installation, notably with the required ``.inf`` files.

Microsoft documentation for this component is available here:

https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-pnpcustomizationsnonwinpe-driverpaths

.. note::

  WAPT/WADS does not directly select which drivers to install.
  It makes the driver folder available, then Windows selects the drivers it needs during installation.

It is possible to use the :mimetype:`.cab` files from :abbr:`OEM (Original Equipement Manufacturers)`.

It is also possibe to export the drivers from an existing well functioning host using a :program:`Powershell` command.

.. code-block:: powershell

  Export-WindowsDriver -Online -Destination D:\Drivers

.. hint::

  It is possible to create driver filters. This saves time during future deployments by specifying the manufacturer and product for which the driver is intended.

  Add driver name and filter, respecting the case of the information returned by the WAPT server.
  
  Example: For a Lenovo (manufacturer) 20HES7LV1M (product), you can create the filter LENOVO\\20H*.

  .. code-block::

    The powershell command will be : Get-WmiObject Win32_ComputerSystem | Select Model,Manufacturer

  In the image below, you can observe that the effective configuration driver is DriversVM. This is because the manufacturer and product details match one of the filters.

  .. figure:: wapt-resources/wads-example_of_filter_drivers.png
    :scale: 75%
    :alt: Example of filters drivers

    Example of filters drivers

  **Two ways to create a filter**

  1/ When adding a driver in the driver tab in the windows you can complete :guilabel:`filter`.

  2/ By selecting a machine and right-click → :guilabel:`change driver` → :guilabel:`create driver bundle`.

  **How to use automatic drivers filters**

  Select the machine → :guilabel:`auto select driver bundle` → the driver with the correct filter will appear.




Booting the host to re-image with WADS
======================================

WADS allows **2** methods boot the host to re-image:

* :ref:`Locally with a USB key <wads_usb_boot>`.

* :ref:`Via LAN with a TFTP server <wads_lan_boot>`

.. _wads_usb_boot:

Booting the host with a USB stick
---------------------------------

.. note::

  The USB key used **MUST** be FAT32 formatted and empty.

* Insert the USB stick in the WAPT adminsitration workstation and click on the :guilabel:`Create WinPE USB Key` button to start the process.

* Choose the keyboard layout.
  **This step is important because you will type in the hostname in WinPE using the keyboard layout chosen with this step**.

* Select the certificate with which to sign the USB stick files

.. figure:: wapt-resources/wapt_wads-create-winpe_dialog-box.png
    :scale: 75%
    :align: center
    :alt: Dialog box for selecting the keyboard in the WADS Console, certificates and drivers

* Click on the :guilabel:`Upload WinPE` to format the USB stick and copy the WinPE file.

* Boot to the computer's boot menu using the USB stick option and go to the :ref:`run the deployment <wads_run_deployment>` step.

.. note::

  You can :guilabel:`Export to zip` when you create a WinPE USB Key if you can not use a USB key and then burn it onto a CD / DVD instead.

  .. figure:: wapt-resources/wapt_wads-create-winpe_to-zip.png
    :align: center
    :alt: WADS button to select export to zip

    WADS button to select export to zip

.. _wads_lan_boot:

Booting the host with the network
---------------------------------

Booting from the :abbr:`LAN (Local Area Network)` requires:

* A properly working :ref:`TFTP server <tftp_server>`;

* A properly working :ref:`DHCP server <dhcp_server>`;

* Having port 69 open on the WAPT Server for inbound traffic, and having tftp conntrack enabled on intermediate firewalls if you have firewalls between the server and the client computer.

* Boot to the computer's boot menu using the LAN option and go to the :ref:`run the deployment <wads_run_deployment>` step.

.. _wads_run_deployment:

Deploying the Windows image
===========================

There are **3** choices when booting with iPXE:

.. figure:: wapt-resources/wapt_wads_ipxe-boot-menu_text-terminal-window.png
  :scale: 75%
  :align: center
  :alt: iPXE boot menu window

  iPXE boot menu window

* :guilabel:`Boot Local disk` for starting normally from local storage;

* :guilabel:`Register host (ipxe)` to register the host with the WADS Server using the :ref:`iPXE method <ipxe_boot>`;

* :guilabel:`Register host (winpe)` to register the host with the WADS Server using the :ref:`WinPE method <winpe_boot>`.

.. tabs::

  .. _ipxe_boot:

  .. tab:: iPXE boot

    * If choosing :guilabel:`Register host (ipxe)`, define a hostname.

    .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png
      :scale: 50%
      :align: center
      :alt: Text terminal window requesting a hostname when registering using the iPXE method

      Text terminal window requesting a hostname when registering using the iPXE method

    .. warning::

      The keybord is qwerty

    * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab.

    .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png
      :align: center
      :alt: Host waiting to be deployed

      Host waiting to be deployed

    At this time, the :guilabel:`Waiting to Deploy` status of the host is *False*.

    * Right click on the host to open the menu list.

    .. image:: wapt-resources/wapt_wads_menu-list.png
      :scale: 75%
      :align: center
      :alt: WADS menu list

    * Go to :menuselection:`Change Config` and select :ref:`a XML answer file <wads_xml_config>`.

    * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to *True*.

    .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png
      :align: center
      :alt: The host is ready to be re-imaged

    * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install.

    * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to *Done*.

  .. _winpe_boot:

  .. tab:: WinPE

    * If choosing :guilabel:`Register host (winpe)`, define a hostname:

    .. figure:: wapt-resources/wapt_wads_ipxe-set-hostname_text-terminal-window.png
      :scale: 50%
      :align: center
      :alt: Text terminal window requesting a hostname when registering using the WinPE method

      Text terminal window requesting a hostname when registering using the WinPE method

    The keybord is in the same layout as the one set during the :ref:`WinPE <add_winpe>` step of this documentation.

    * Refresh the WADS Console with :kbd:`F5`, the host appears in the :guilabel:`OS Deploy` tab.

    .. figure:: wapt-resources/wapt_wads_deploy-wait_screen-item.png
      :align: center
      :alt: Host waiting to be deployed

      Host waiting to be deployed

    At this time, the :guilabel:`Waiting to Deploy` status of the host is *False*.

    * Right click on the host to open the menu list.

    .. image:: wapt-resources/wapt_wads_menu-list.png
      :scale: 75%
      :align: center
      :alt: WADS menu list

    * Go to :menuselection:`Change Config` and select :ref:`a XML answer file <wads_xml_config>`.

    * Click on :guilabel:`Start Deploy`, the :guilabel:`Waiting to Deploy` status of the host switches to *True*.

    .. image:: wapt-resources/wapt_wads_deploy-start_screen-item.png
      :align: center
      :alt: The host is ready to be re-imaged

    * Reboot the host to the same boot option as before (USB or LAN), Windows will start to install.

    * When the installation has completed, the :guilabel:`OS Deploy` tab, the status switches to *Done*.

Format host disk
================

When your host is ready to be redeployed, if necessary, you can format its disk using the UEFI or the Legacy method.

Do not configure disk formatting in the XML answer file
-------------------------------------------------------

Disk formatting must not be configured in the XML answer file used by WADS.

The disk is already prepared by WAPT before Windows installation starts. The deployment flow is:

#. WAPT formats the machine disk.
#. WAPT downloads the ISO image associated with the configuration.
#. WAPT extracts the ISO content onto the freshly prepared partition.
#. Windows Setup then uses this existing partition to continue the installation.

The XML blocks provided by WAPT must therefore not recreate or reformat partitions. They must only tell Windows Setup which existing partition must be used for the installation.

For example, the XML answer file can reference an already existing partition:

.. code-block:: xml

  <InstallTo>
      <PartitionID>3</PartitionID>
      <DiskID>0</DiskID>
  </InstallTo>

In this example, Windows Setup installs the system on partition ``3`` of disk ``0``.

Microsoft documentation for the ``InstallTo`` directive is available here:

https://learn.microsoft.com/fr-fr/windows-hardware/customize/desktop/unattend/microsoft-windows-setup-imageinstall-dataimage-installto-partitionid

If the partitioning scheme or disk formatting must be changed, it must be done in the formatting script provided by the WAPT Console, not in the WADS XML answer file.

WAPT documentation for the disk formatting script is available here:

https://www.wapt.fr/fr/doc/wapt-wads.html#format-host-disk

.. warning::

  Do not add disk formatting instructions to the WADS XML answer file.

  The disk is prepared beforehand by WAPT. The XML answer file must only reference partitions that already exist.

To do so, right-click on host then :guilabel:`Edit Format Disk Config`.

.. image:: wapt-resources/wapt_wads_deploy-rigth-click-menu.png
    :scale: 75%
    :align: center
    :alt: Right-click menu on host

Then you can choose either the UEFI or the Legacy script and customize the disk format configuration.
Here is an example with the Legacy script:

.. image:: wapt-resources/wapt_wads_deploy-disk-part.png
  :scale: 75%
  :align: center
  :alt: Create Format Configuration for the hard disk
