Support

MPA ToolsInstallation Steps

MPA Tools offers a user-friendly experience with a straightforward installation process that eliminates the need for complex steps or additional infrastructure components like servers and databases. Despite its simplicity, the application can be hosted on a server and even integrated with its own dedicated database if desired.

Notably, MPA Tools operates efficiently without the necessity for client software on remote computers, streamlining remote management tasks and reducing system overhead. This makes it a convenient and flexible solution for managing your networked devices.

Please see the installation guide here

MPA Tools Installation Guide

MPA Tools Configurations

MPA Tools features an intuitive, self-configuring layer that swiftly adapts to its operating environment, enabling users to get up and running with the application in minimal time.

For instance, upon installation, MPA Tools automatically detects whether the host device has an SCCM client. It then tests connectivity to the management point and configures essential settings accordingly. If an SCCM client is not present, the tool scans Active Directory for relevant SCCM configurations.

This intelligent adaptability extends to co-management setups, Azure AD, and Intune as well.

Notably, while MPA Tools automates initial configurations, it also provides users with the flexibility to manually adjust and fine-tune settings as needed.

Firewall configurations for trial or license activation

MPA Tools use Cryptlex for secure licensing.

To activate and verify a license or a trial, outbound communication is required between MPA Tools and Cryptlex servers.

If you have an outbound Firewall rule in place, you need to whitelist the Cryptlex API

Firewall whitelisting

Whitelist the IP addresses below.

  • 52.223.22.71
  • 35.71.188.31

Alternatively, you can also whitelist the Cryptlex Web API URL:

https://api.cryptlex.com:443

 

Proxy

MPA Tools automatically detects the proxy settings of the machine. In some cases, you may need to configure the proxy setting manually.

Following are some examples of valid proxy strings

http://127.0.0.1:8000/

http://user:pass@127.0.0.1:8000/

socks5://127.0.0.1:8000/

To configure Proxy settings, go to the MPA Tools Settings menu and add your proxy configurations as per example above.

Managing domain joined devices

With MPA Tools, you can remotely manage one or multiple domain computers. Below we listed everything you need to configure your environment.

1. Access

  • Read access to Active Directory to read AD attributes of a computer object, such as OS, when a computer was created, etc. (in most cases, all users have read access to computer object attributes in AD,  and usually no specific access configurations are needed)
  • Optional: Delegated permissions to computer objects in AD if you want to use MPA Tools to delete, move or update computer objects in AD
  • Local Administrator permissions on a remote computer

2. Firewall

When you start managing computers in MPA Tools, the first action you take is to PING or DISPLAY computer(s).

  • DISPLAY computer uses LDAP/Graph API query(if AAD settings are configured) to query device information such as Operating System, etc. For the LDAP queries to work, you want to ensure you have allowed LDAP ports for querying from a computer with MPA Tools installed.
  • PING as DISPLAY option uses LDAP plus, but additionally, it sends Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waits for a reply. For PING to work, you need to allow ICMP inbound traffic through Firewall on remote computers (This is optional if you are not planning to Ping computers)

When accessing the domain joined remote computer, the MPA Tools uses WMI to access computer information remotely.

For that, you need to open Inbound RPC port 135, and additionally, you may need to open a dynamic RPC port range (49152-65535)

Configure the above Firewall settings with GPO.

Group Policy Remote Administration FW Settings

3. Main Configurations

MPA Tools has excellent flexibility regarding configurations and tuning the application to your liking.

1. “Load AD device stats on Main page” – Enable/Disable loading AD device stats. MPA Tools purely uses LDAP to collect the information. Data is loading on a background on a separate thread and does not prevent the user from taking any actions within the application.             

2. “Load AAD device stats on Main page” – Enable/Disable loading Azure AD device stats. Must have Tenant configurations in place for this option to be available. This workload, as the above AD device collection workload, runs in the background and uses MS Graph API to collect the data

3. “Load MECM device stats on Main page” – Enable/Disable loading MECM/SCCM device/SCCM client stats. Background workload that connects directly to the SMS Provider to get the data. For this configuration to work, all SCCM configurations, such as Site Server name, etc., must be in place.

4. “Always Display Computers, don’t Ping then” – Enabled by default, allows user to select whether to Ping computers by default or Display

4.1 “Automatically open Computer Properties with pinging or Displaying [number] or less Computer(s)” – By default, the setting is set to 1, meaning when Pingin or Displaying one computer Computer Properties tab is opened, data will start loading. Set to 0(Zero) if you do not want to open Computer Properties; you can always open Computer Properties later by double-clicking on a computer object. Setting the setting to 3, for example, will open Computer Properties on all three computers at the same time.

5. “Start with continuous ping if number of computers is less than or equals [number]” – By default, the setting is set to 1, meaning when you PING computers, if the amount of computers you are pinging is 1, then the ping will be continuous by default. For example, changing the setting value to 4 will PING 4 or fewer computers every time you PING 4 computers.

5.1 “Default Ping period [number] seconds” – How often to ping computer(s) if computers are being pinged continuously. The default value is 10 seconds

5.2 “Prefer IPv4” – When pinging remote computers, always prefer IPv4. The default setting is IPv4. If IPv4 is selected, IPv6 IP addresses will be ignored entirely (This does not apply to data collected from SCCM or Intune).

5.3 “Reverse DNS IP lookup” – When pinging a computer by computer name, the IP address is resolved from DNS; however, reverse IP lookup could preset different results and help surface DNS issues. This setting is enabled by default. Consider turning off this setting to improve performance when working simultaneously with more than thirty computers.

4. Computer Properties Configurations

MPA Tools Computer Properties relies on a “line-of-sight” connection between Computer where MPA Tools is installed and the remote computer(s) the administrator is planning to manage. In the majority of cases, Computer Properties will be displayed for Domain, Hybrid AD, or WORKGROUP joined computers. If a remote computer is, for example, Azure AD joined, Computers Properties will not be displayed; instead, Intune Computer Properties will be opened.

1. “Domain Name” – Detected on the first run of MPA Tools. You can change this setting to a different Domain name, but make sure that you run MPA Tools as a user that has all the necessary access to that domain.

2. “Timeout when connecting to remote computer [60] seconds” – When connecting to a remote computer, how long to wait until abandoning the connection. In some cases, with remote computers that have very high latency, consider increasing this setting.

3. “Data Collection Timeout [60] seconds” – How long to wait before interrupting data collection. This setting applies to the Computer Properties page data, such as the Last Restart time or Reboot pending. Increase if you have a longer time connecting to a remote device.

4. “Properties Refresh every [60] seconds” – How often to refresh data on the Computer Properties page. One thing to note is that some configurations, such as “Applied GPOs” or “Load Installed Apps” do not respect this setting and, once loaded, have to be refreshed manually. 

5. “Properties Refresh count [200] times” – How many times to refresh the Computer Properties page before pausing. For example, the Computer Properties page refreshes every minute and will take 200 minutes before the last refresh. After that, a single manual refresh will restart the count. This is done to prevent unnecessary data collection from a remote computer when the administrator “walked away.”

6. “Options when Property Page loads” – Allows a user to configure which components to load when the Computer Properties page is loaded. Once unselected, the property will not be visible on the Computer Property page.

Azure AD / Intune configurations

MPA Tools lets you quickly connect to Microsoft Graph and manage Azure AD and Intune devices.

MPA Tools Azure AD settings

Note: MPA Tools has its own Microsoft-verified Azure Enterprise application that allows you to connect to Graph API and access the requested resources; however, you can use other existing Azure apps, such as Intune Powershell app, or configure your own.

1. Access

Intune Administrator role is sufficient for an Administrator to perform all the Intune actions in MPA Tools.

Some actions or information on the Intune Properties page may not be available or enabled if you use custom roles.

2. Configurations

When you launch an application for the first time, MPA Tools will check if a device is running on Azure Ad or Hybrid AD joined, and based on that, will configure the Tenant ID. Tenant ID can always be changed later if needed.

If Tenant ID is configured, the application will ask for the MPA Tools enterprise application consent so that you can access the required resources.

You can Grant consent for an organization or a single user.

If configured to “Automatically connect to Azure AD when application starts, “ MPA Tools will default to use the account it is running under and try to sign in to Azure AD with that account. Sometimes you may need to use another Azure AD admin account just for using Azure/Intune components of MPA Tools; in that case, you can select “Always ask to select account” so that every time the application starts, you will be prompted to select an account.

 

AAD device properties refresh time setting configures how often to refresh the Intune Properties page. In other words, how often to query Graph API for computer properties, such as device operating system, hardware properties, etc.

5 to 15 min is the recommended setting.

 

Do Not Connect to Azure Intune to Collect Property values when Opening Computer Properties” – This setting allows an administrator to connect to Azure AD on the app start but will not automatically connect and query to Graph API when opening up Computer Properties.

Do Not Collect Properties from Azure AD and Intune on Server OS’s” – MPA Tools will completely ignore any information from Azure AD, Defender 365, or Intune on server OS’s if this setting is selected.

 

Following settings allows an administrator to control what gets loaded on the Intune Properties page when accessed.

 

SCCM configurations

MPA Tools dramatically helps System Administrators to manage, support, and troubleshoot SCCM clients. It offers all the necessary information and tools to quickly find computer issues, maintain good client health, and create automated tasks to rapidly run and solve repetitive problems.

1. Access

MPA Tools honors the SCCM access administrator has; for example, if a user has only a Read-only Analyst role, then the user will be able to view SCCM Computer properties but will be restricted from running specific client actions or notifications. However, suppose the same user has local administrator access to a device. In that case, a user can perform actions such as Cycle SCCM Service, reset the SCCM client, uninstall the SCCM client, etc.

2. Configurations

During the installation, MPA Tools will automatically discover the SCCM site to connect to. The following priority is honored during the discovery:

  • SCCM client installed and connected to a site code where MPA Tools is installed
  • The first site found in the “System Management” container in Active Directory

Site Configurations can be changed manually, and you can configure the SCCM site you want to work with. Keep in mind when your configurations are saved, you do not need to configure them again on the next app start.

Do Not Connect to SCCM to Collect Property values when Opening Computer Properties” – This setting allows an administrator to disable automatic SCCM connection when connecting to a remote computer. Note, if you Enable this setting, every time you connect to a remote computer, information about a computer will not be collected from SCCM and will not be intelligently “merged.” For example, if you connect to a remote workstation or a server and it is offline, SCCM computer information will not be collected and displayed on the Computer Properties page, otherwise, if a remote device is down, SCCM hardware inventory is used to populate computer properties such as hardware information, disk, and lots more.

MPA Tools can also be configured as right-click extension in SCCM Console

Note: Make sure that you are running MPA Tools as Administrator before configuring the extensions.

The usual path to Microsoft.ConfigurationManagement.exe is

“C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin”.

When configured, make sure to restart the SCCM Console after the extension configurations are completed.

After that, you can easily right-click on a collection or a device to view it in MPA Tools.

Right-Click extensions make it easy to quickly manage computers from SCCM and MPA Tools at the same time.

You can work with computers from SCCM Collections directly from the SCCM Console or in MPA Tools.

With all the tools in one place, MPA Tools makes it very easy for IT Pros to manage their computers in multiple environments at the same time!

 

Working in "Workgroup"

Administering computers in Workgroup with MPA Tools is a very straightforward process.

A few simple steps are required to be configured manually on remote computers.

1. Common Workgroup name – make sure that all computers are in the workgroup with the same name (example: WORKGROUP)

2. Same local administrator account exists on all computers. For example, if you are running MPA Tools as a user called “Admin,” make sure that “Admin” exists on all remote computers and has local administrator rights (member of the Local Administrators group).

3. Make sure that the “Private network” firewall on All remote computers allows remote administration traffic as well as ICMP (Ping) traffic.

Note that you can configure remote administration by Local Policy or the registry.

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings
Value NameEnabled
Value TypeREG_DWORD
Enabled Value1

 

After all, the steps are completed, you can start managing devices.

One quick way to understand what is on your network is to Ping devices on your subnet.

 

 

Configuring Database for MPA Tools

You can easily configure MPA Tools to work with its own database. Even though it is not a hard requirement and MPA Tools functions without a database on its own. Sometimes it is great to have an additional source of data when an endpoint is not online, for example, or information about a device is missing from other databases, such as Active Directory or SCCM. If you are using MPA Tools to support just WORKGROUP computers, you most likely need MPA Tools to have its own database attached.

How does it work? 

Pretty simple: When MPA Tools connects to a remote computer, it pulls data about the computer from multiple sources.

For example, it pulls data from the SCCM database, Active Directory, Intune, Azure AD, and of course, directly from the remote computer.

Depending on which source of data for a specific item is newer, that data is displayed and, at the same time, saved to the MPA Tools DB.

Computer Properties Last Refresh Time

It all starts with Computer Properties Refresh time; it does not only represent the last time the data was collected from a remote computer but also shows when the BD record was updated.

Let’s take, for example, OS Patch numbers. Imagine a scenario where you connect to a remote server, and it is offline.

Operating System patch numbers

MPA Tools pulls information about this server from multiple services, for example, the SCCM database.

If the MPA Tools record is newer than the record in the SCCM Inventory, the MPA Tools record will be displayed on the Computer Properties page.

However, you can still query SCCM Device properties and see what SCCM is reporting about the OS Patch numbers. The same goes for the directories, Such as AD, AAD, and Intune.

 

How to configure it?

MPA Tools database can be on the local computer, and every administrator can have their own copy or the database can be centralized and hosted on an SQL server with its own instance.

1. Configure a SQL Express locally, or if you have an instance already configured, you can use it too.

 

SQL Server Express Login Screen

2. Get a Connection string, in my case, it is COMPUTERNAME\SQLEXPRESS (Fully qualified instance name)

Note: If you connecting to an existing Database, you just need to provide the SQL Connection string and Click the “Connect to Instance” button.

MPA Tools SQL Server Configurations

3. For the new MPA Tools database. Select File locations, which can be shared or network paths.

MPA Tools SQL Server Files

Click on the “Create Database” button

MPA Tools SQL Server Settings Create DB Confirmation

Confirm the locations of the files, and click Yes

SQL Server Settings Complete

MPA Tools will configure all the necessary components and will connect to the Database automatically

 

MPA Tools EULA and Privacy Policy

End User License Agreement                          Privacy Policy

Full Computer Properties
E
Q
Full Computer Properties
E
Q

Pin It on Pinterest

Share This