MPA Tools Support

Installation steps

MPA Tools is a simple-to-use application that does not require any special installation steps.

There is no need for additional infrastructure components, such as servers or databases. However, MPA Tools can be hosted on a server and can have its own database.

MPA Tools does not require clients on remote computers.

Please see the installation guide here

MPA Tools Installation Guide

Settings and configurations

MPA Tools has a built-in intelligent layer that discovers its environment and automatically configures itself so that the user can start using the application in no time.

For example, MPA Tools checks if a device it is installed on has an SCCM client. It will test the connections to the management point and automatically configure all necessary settings if it does. If it doesn’t, it will check Active Directory to see if SCCM configurations are present.

The same goes for co-management configurations, Azure AD, and Intune. 

However, all settings are available to the user to configure and adjust.

Firewall configurations for trial or license activation

MPA Tools use Cryptlex for secure licensing.

To activate and verify a license or a trial, outbound communication is required between MPA Tools and Cryptlex servers.

If you have an outbound Firewall rule in place, you need to whitelist the Cryptlex API

Firewall whitelisting

Whitelist the IP addresses below.


Alternatively, you can also whitelist the Cryptlex Web API URL:



MPA Tools automatically detects the proxy settings of the machine. In some cases, you may need to configure the proxy setting manually.

Following are some examples of valid proxy strings



To configure Proxy settings, go to the MPA Tools Settings menu and add your proxy configurations as per example above.

Managing domain joined devices

With MPA Tools, you can remotely manage one or multiple domain computers. Below we listed everything you need to configure your environment.

1. Access

  • Read access to Active Directory to read AD attributes of a computer object, such as OS, when a computer was created, etc. (in most cases, all users have read access to computer object attributes in AD,  and usually no specific access configurations are needed)
  • Optional: Delegated permissions to computer objects in AD if you want to use MPA Tools to delete, move or update computer objects in AD
  • Local Administrator permissions on a remote computer

2. Firewall

When you start managing computers in MPA Tools, the first action you take is to PING or DISPLAY computer(s).

  • DISPLAY computer uses LDAP/Graph API query(if AAD settings are configured) to query device information such as Operating System, etc. For the LDAP queries to work, you want to ensure you have allowed LDAP ports for querying from a computer with MPA Tools installed.
  • PING as DISPLAY option uses LDAP plus, but additionally, it sends Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waits for a reply. For PING to work, you need to allow ICMP inbound traffic through Firewall on remote computers (This is optional if you are not planning to Ping computers)

When accessing the domain joined remote computer, the MPA Tools uses WMI to access computer information remotely.

For that, you need to open Inbound RPC port 135, and additionally, you may need to open a dynamic RPC port range (49152-65535)

Configure the above Firewall settings with GPO.

Group Policy Remote Administration FW Settings

3. Main Configurations

MPA Tools has excellent flexibility regarding configurations and tuning the application to your liking.

1. “Load AD device stats on Main page” – Enable/Disable loading AD device stats. MPA Tools purely uses LDAP to collect the information. Data is loading on a background on a separate thread and does not prevent the user from taking any actions within the application.             

2. “Load AAD device stats on Main page” – Enable/Disable loading Azure AD device stats. Must have Tenant configurations in place for this option to be available. This workload, as the above AD device collection workload, runs in the background and uses MS Graph API to collect the data

3. “Load MECM device stats on Main page” – Enable/Disable loading MECM/SCCM device/SCCM client stats. Background workload that connects directly to the SMS Provider to get the data. For this configuration to work, all SCCM configurations, such as Site Server name, etc., must be in place.

4. “Always Display Computers, don’t Ping then” – Enabled by default, allows user to select whether to Ping computers by default or Display

4.1 “Automatically open Computer Properties with pinging or Displaying [number] or less Computer(s)” – By default, the setting is set to 1, meaning when Pingin or Displaying one computer Computer Properties tab is opened, data will start loading. Set to 0(Zero) if you do not want to open Computer Properties; you can always open Computer Properties later by double-clicking on a computer object. Setting the setting to 3, for example, will open Computer Properties on all three computers at the same time.

5. “Start with continuous ping if number of computers is less than or equals [number]” – By default, the setting is set to 1, meaning when you PING computers, if the amount of computers you are pinging is 1, then the ping will be continuous by default. For example, changing the setting value to 4 will PING 4 or fewer computers every time you PING 4 computers.

5.1 “Default Ping period [number] seconds” – How often to ping computer(s) if computers are being pinged continuously. The default value is 10 seconds

5.2 “Prefer IPv4” – When pinging remote computers, always prefer IPv4. The default setting is IPv4. If IPv4 is selected, IPv6 IP addresses will be ignored entirely (This does not apply to data collected from SCCM or Intune).

5.3 “Reverse DNS IP lookup” – When pinging a computer by computer name, the IP address is resolved from DNS; however, reverse IP lookup could preset different results and help surface DNS issues. This setting is enabled by default. Consider turning off this setting to improve performance when working simultaneously with more than thirty computers.

4. Computer Properties Configurations

MPA Tools Computer Properties relies on a “line-of-sight” connection between Computer where MPA Tools is installed and the remote computer(s) the administrator is planning to manage. In the majority of cases, Computer Properties will be displayed for Domain, Hybrid AD, or WORKGROUP joined computers. If a remote computer is, for example, Azure AD joined, Computers Properties will not be displayed; instead, Intune Computer Properties will be opened.

1. “Domain Name” – Detected on the first run of MPA Tools. You can change this setting to a different Domain name, but make sure that you run MPA Tools as a user that has all the necessary access to that domain.

2. “Timeout when connecting to remote computer [60] seconds” – When connecting to a remote computer, how long to wait until abandoning the connection. In some cases, with remote computers that have very high latency, consider increasing this setting.

3. “Data Collection Timeout [60] seconds” – How long to wait before interrupting data collection. This setting applies to the Computer Properties page data, such as the Last Restart time or Reboot pending. Increase if you have a longer time connecting to a remote device.

4. “Properties Refresh every [60] seconds” – How often to refresh data on the Computer Properties page. One thing to note is that some configurations, such as “Applied GPOs” or “Load Installed Apps” do not respect this setting and, once loaded, have to be refreshed manually. 

5. “Properties Refresh count [200] times” – How many times to refresh the Computer Properties page before pausing. For example, the Computer Properties page refreshes every minute and will take 200 minutes before the last refresh. After that, a single manual refresh will restart the count. This is done to prevent unnecessary data collection from a remote computer when the administrator “walked away.”

6. “Options when Property Page loads” – Allows a user to configure which components to load when the Computer Properties page is loaded. Once unselected, the property will not be visible on the Computer Property page.

Azure AD / Intune configurations

MPA Tools lets you quickly connect to Microsoft Graph and manage Azure AD and Intune devices.

MPA Tools Azure AD settings

Note: MPA Tools has its own Microsoft-verified Azure Enterprise application that allows you to connect to Graph API and access the requested resources; however, you can use other existing Azure apps, such as Intune Powershell app, or configure your own.

1. Access

Intune Administrator role is sufficient for an Administrator to perform all the Intune actions in MPA Tools.

Some actions or information on the Intune Properties page may not be available or enabled if you use custom roles.

2. Configurations

When you launch an application for the first time, MPA Tools will check if a device is running on Azure Ad or Hybrid AD joined, and based on that, will configure the Tenant ID. Tenant ID can always be changed later if needed.

If Tenant ID is configured, the application will ask for the MPA Tools enterprise application consent so that you can access the required resources.

You can Grant consent for an organization or a single user.

If configured to “Automatically connect to Azure AD when application starts, “ MPA Tools will default to use the account it is running under and try to sign in to Azure AD with that account. Sometimes you may need to use another Azure AD admin account just for using Azure/Intune components of MPA Tools; in that case, you can select “Always ask to select account” so that every time the application starts, you will be prompted to select an account.


AAD device properties refresh time setting configures how often to refresh the Intune Properties page. In other words, how often to query Graph API for computer properties, such as device operating system, hardware properties, etc.

5 to 15 min is the recommended setting.


Do Not Connect to Azure Intune to Collect Property values when Opening Computer Properties” – This setting allows an administrator to connect to Azure AD on the app start but will not automatically connect and query to Graph API when opening up Computer Properties.

Do Not Collect Properties from Azure AD and Intune on Server OS’s” – MPA Tools will completely ignore any information from Azure AD, Defender 365, or Intune on server OS’s if this setting is selected.


Following settings allows an administrator to control what gets loaded on the Intune Properties page when accessed.


SCCM configurations

MPA Tools dramatically helps System Administrators to manage, support, and troubleshoot SCCM clients. It offers all the necessary information and tools to quickly find computer issues, maintain good client health, and create automated tasks to rapidly run and solve repetitive problems.

1. Access

MPA Tools honors the SCCM access administrator has; for example, if a user has only a Read-only Analyst role, then the user will be able to view SCCM Computer properties but will be restricted from running specific client actions or notifications. However, suppose the same user has local administrator access to a device. In that case, a user can perform actions such as Cycle SCCM Service, reset the SCCM client, uninstall the SCCM client, etc.

2. Configurations

During the installation, MPA Tools will automatically discover the SCCM site to connect to. The following priority is honored during the discovery:

  • SCCM client installed and connected to a site code where MPA Tools is installed
  • The first site found in the “System Management” container in Active Directory

Site Configurations can be changed manually, and you can configure the SCCM site you want to work with. Keep in mind when your configurations are saved, you do not need to configure them again on the next app start.

Do Not Connect to SCCM to Collect Property values when Opening Computer Properties” – This setting allows an administrator to disable automatic SCCM connection when connecting to a remote computer. Note, if you Enable this setting, every time you connect to a remote computer, information about a computer will not be collected from SCCM and will not be intelligently “merged.” For example, if you connect to a remote workstation or a server and it is offline, SCCM computer information will not be collected and displayed on the Computer Properties page, otherwise, if a remote device is down, SCCM hardware inventory is used to populate computer properties such as hardware information, disk, and lots more.

MPA Tools can also be configured as right-click extension in SCCM Console

Note: Make sure that you are running MPA Tools as Administrator before configuring the extensions.

The usual path to Microsoft.ConfigurationManagement.exe is

“C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin”.

When configured, make sure to restart the SCCM Console after the extension configurations are completed.

After that, you can easily right-click on a collection or a device to view it in MPA Tools.

Right-Click extensions make it easy to quickly manage computers from SCCM and MPA Tools at the same time.

You can work with computers from SCCM Collections directly from the SCCM Console or in MPA Tools.

With all the tools in one place, MPA Tools makes it very easy for IT Pros to manage their computers in multiple environments at the same time!


Working in "Workgroup"

Administering computers in Workgroup with MPA Tools is a very straightforward process.

A few simple steps are required to be configured manually on remote computers.

1. Common Workgroup name – make sure that all computers are in the workgroup with the same name (example: WORKGROUP)

2. Same local administrator account exists on all computers. For example, if you are running MPA Tools as a user called “Admin,” make sure that “Admin” exists on all remote computers and has local administrator rights (member of the Local Administrators group).

3. Make sure that the “Private network” firewall on All remote computers allows remote administration traffic as well as ICMP (Ping) traffic.

Note that you can configure remote administration by Local Policy or the registry.

Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings
Value NameEnabled
Enabled Value1


After all, the steps are completed, you can start managing devices.

One quick way to understand what is on your network is to Ping devices on your subnet.



MPA Tools EULA and Privacy Policy

End User License Agreement                          Privacy Policy

What’s new:

  1. Added “Remove user profile”; you can now remotely remove a user profile as you would by going through Advanced computer settings

What’s fixed

  1. Improved Azure AD duplicate device handling
  2. Improved OS version detection for Windows 10 22H2

What’s new:

  1. Added “State view” to view the count and state of devices and clients in AD, SCCM, Azure AD/Intune
  2. Intune Computer Properties Page:
    1. Improved detection of Hybrid AD joined computers that were deployed with Autopilot.
    2. Fully redesigned Applied configurations and detection methods for “conflicts”
    3. Added Device Security
    4. Added Device Performance
    5. Improved Device Compliance
    6. Added Windows Update;  configurations, when last updated, etc.
    7. Added ability to add multiple computers (list of computers to security group).
    8. Added Computer AAD group membership.
    9. Added Autopilot enrollment configurations and history
  3. Computer Properties Page:
    1. Added Active Directory group membership
    2. Added Computer Certificates
    3. Added Applied GPOs
    4. Added Services
    5. Improved tree size
    6. Improved App uninstallation

What’s fixed

  1. Overall improvements when Pinging multiple devices
  2. Improvements when working on multiple Azure AD joined devices
  3. Lots of improvements when working with SCCM Client
  4. Visual improvments

What’s new:

  1. Improved Reboot History, added history of shutting down and not fully rebooting from hibernate state
  2. The pending reboot will now show what caused the state to change (tooltip over Pending reboot status)
  3. Improved Uninstall of applications for better output visibility
  4. Improved SCCM Connector performance
  5. Improved SCCM Connector UI for better visibility
  6. Added ‘Download Computer Policy’ Action to a context menu on collections in SCCM tree

What’s fixed

  1. Overall improvements when working on multiple devices
  2. Some minor UI adjustments in the application

What’s new:

  1. You can now add to the action sequence and save custom SCCM Hardware Inventory reports

What’s fixed

  1. Fixed reporting issues in the Actions tab
  2. Fixed reporting issues caused by DLP agent
  3. Some minor layout adjustments

What’s new:

  1. Added SCCM Baseline Configurations check. (DCM Check)
  2. Added SCCM “what’s in the client cache” you can now view what packages are in the client’s cache.

What’s fixed

  1. Azure AD Connection sometimes does not connect automatically if workstation, where MPA Tools are installed, are not Azure AD joined or Hybrid
  2. Reboot History may not load all the events for a selected period of time
  3. UI Performace issues
  4. Icons for NetApp Objects in AD did not display correctly

What’s new:

  1. Added ability to search for computer in Personal Trees, AAD tree, Intune Tree
  2. Added Setting to control how many computers can execute a task at the same time. Default 25
  3. in SCCM tree you can now Add/Remove computers to collections
  4. in SCCM tree you can now Refresh collection and Update membership

What’s fixed

  1. Some Sorting Issues in Task Window
  2. UI Improvements and fixes

Now MPA Tools is the only software that will let you manage remote computers from AD, Azure AD, Intune, SCCM, and even WORKGROUP

What’s new:

  1. Now you can create and use SQL Database with MPA Tools
    1. You can use a single Database for yourself (your app instance) or Share a database on a shared Instance.
    2. The database is NOT required for MPA Tools to run, however, having a database behind the MPA Tools gives an administrator multiple benefits such as:
      1. When the remote computer is offline, all computer properties will still be available for reporting, including general computer properties, Installed Apps and Update, User Profiles, etc.
      2. When you have a Database configured you can also perform a Discovery of your managed computers in the environment and then generate all kinds of reports. GO to ACTIONS -> COMPUTER PROPERTIES -> Discover Computer Properties.
    3. Installing and Connecting to a Database is a very easy process
      1. For single-use, you can use SQL Express installation ( or a SQL Developer Edition (
      2. For shared-use, you can use an existing SQL Server instance or create a new one.
  • SQL Server requirements are: 4 GB of RAM and at least 1 GB for Database files
  1. Connecting to a DB is very easy. For example to connect to local SQL Server Express installation, just specify (.\SQLEXPRESS). To connect to Remote installation Servername\Instancename.
  2. When Connection to the Instance is successful, the app will automatically detect the presence of a database and if the database is not detected then you can create a new one.
  1. User Profile Detection and Usage Improved Dramatically, specifically for Windows 10
  2. You Can now collect Folder Size on remote computers (Actions->Folder)
  3. You can now query if Registry Key exists on devices(Actions->Registry)
  4. Using MPA Tools with SCCM is now even better
    1. When managing a remote device that is offline, MPA tools will load all the Computer Properties data from SCCM
    2. Now you can trigger Client Notification on computers that are not in the “line of sight” or Internet thru MP/CMG
    3. SCCM Remote Control Button Added to SCCM Property Page
    4. DDR, HW Inventory will highlight if missing
  5. Azure AD and Intune Management
    1. Intune Tree is added to the MPA Tools, you can now see Intune Managed Devices and AzureAD devices
    2. Now all Device Configurations, Baselines, etc listed in one place and you can easily compare settings and find duplicates for example.
    3. Applied PowerShell Scripts as added as well
    4. Added Warning if a device has a duplicate Name in AAD or Intune
    5. Improved Load times
  6. Now you can manage computers in a Workgroup with all the tools that MPA Tools has to offer
    1. To make MPA Tools work in a WORKGROUP make sure that all Computers in the WORKGROUP set :
      1. All network adapters should be set to “Private”. Easily check by (Get-NetConnectionProfile | Select InterfaceAlias,NetworkCategory)
      2. Run Enable-PSRemoting –force on all computers in the WORKGROUP

What’s fixed

  1. Windows 10 2004 Resolves correctly
  2. UI Improvements and fixes

Fixed issue where Antivirus would display Windows Defender and not currently active AV

Fixed issue where generating a report in Actions would hang in some cases

Added Hardware Hash (hardware id).

You can not quickly generate a list for Autopilot Hardware ID uploads on multiple computers, similar to Get-WindowsAutoPilotInfo

Some minor adjustments n GUI

Fixed issue where App silently exists if LDAP service is unavailable

Fixed issue where DIsk with capacity lower 1 GB would highlight red in Computer Properties

Fixed RDP issue, where the admin wants to shadow remote user session but not control

Fixed DNS reverse lookup displaying for IP address

Redesigned MPA Tools now faster and lighter.

More Flexible with a larger array of settings to tune data collection time

MPA Tools are now a 64-bit application

You can now Manage SCCM, Azure AD, and Intune Devices

A greater array of tools now allows creating even better workflows

Added Bit-Locker Key if Key is stored in AD 

Drive Encryption status

Anti-Virus Status

Power Plan

OS Licensing

Added Devices to Computer Properties

RDP Remote session is tuned 

AD Site resolution is more intuitive

Added HW Type

Tuned Treeview for faster folder collection

Lots more
  • You now can choose if you want to Ping or just List the computers you work on.
    • Great for environments where Ping is disabled by FireWall
    • If you would like just a get a simple report of computers and OS’s for example
  • OS build type is displayed in with OS now. Example “Windows 10 Enterprise 1809”
  • Added Refresh timeout to Computer Properties Page.
    • Now you can adjust the timeout and refresh settings
    • Refresh Button was also added to the Properties Page
  • User OU was added to user description view
  • Some core components were improved for better performance
  • Lenovo model type displays correctly now
  • Some small UI adjustments
  • Improvements on how tabs are operating, now tab items are grouped and less confusing
  • Now you can use a wild card “*” when pinging single computer to find and ping computers in AD that contain the string
  • SCCM Connector button will be added automatically if SCCM client is installed
  • Improved RDP connection time
  • Added hundreds of WIN32 classes to MPA WMI explorer 
  • LAPS Password will be displayed if LAPS is configured in the environment
  • Improved reboot history
  • Fixed issue for Logon history where records would duplicate on a re-run
  • Fixed GPResult issue, getting the result just for the user would fail
  • Remove “Remote Assistance”
  • Improved Licensing activation
  • UI Improvements
  • Fixed crash bug on the application startup
  • Fixed ‘File Tree’ issue where file properties would not display
  • Fixed Triggering Updates to install(SCCM update source)
  • Fixed GPResult issue, where results would default to a logged-in user
  • Fixed Random bug, when moving computer object to or from OU, where OU name contains ‘#’ character

Initial Release

Contact support

Let’s connect if you have technical questions about MPA Tools!