Category: Windows (Page 4 of 4)

How to Install Applications for clients using Atera (like office)

October 27, 2025 /

Overview / Purpose

This article explains how to install software—such as Microsoft 365 Apps, Adobe Reader, or other common programs—on client computers using the App Installer feature within Atera RMM.

This process allows Ultrex technicians to remotely deploy software without needing to manually connect to the device or log into the user’s session. It’s especially useful when onboarding new systems, setting up replacements, or resolving missing software issues.

When to Use This

Use this process when:

  • A client needs Microsoft 365 or another standard software package installed remotely.
  • You are preparing new or reimaged machines.
  • You are missing software on a workstation and want to reinstall it silently through Atera.

Do not use this for:

  • Complex or custom software that requires license keys or user interaction during installation (these should be handled manually or via a custom script).

Steps to Install Software from Atera’s App Installer

1. Log into Atera

  • Go to https://app.atera.com and sign in with your Ultrex admin credentials.
  • From the left-hand sidebar, navigate to Devices.

2. Select the Client and Device

  • Find the correct Customer in the device list.
  • Click on the specific device you want to install software on.
  • Verify that the agent is online before proceeding.

3. Open the App Installer

  • In the device view, click the “Manage” tab (or the “Actions” dropdown depending on the view).
  • Select App Installer from the available options.

4. Choose the Software to Install

  • Browse the list of available apps. Atera maintains a catalog of common programs including:
    • Microsoft 365 Apps (Office)
    • Google Chrome
    • Adobe Acrobat Reader DC
    • Zoom
    • 7-Zip
    • VLC Media Player
  • Click Install next to the application you want.

Tip: You can install multiple applications by queueing them up one after another.

5. Monitor the Installation

  • Once triggered, the installation begins automatically in the background on the client device.
  • You can view progress or check logs under the Activity Log or Agent Console Output in Atera.

6. Confirm the Installation

  • After a few minutes, verify that the software appears in the device’s Installed Applications list within Atera.
  • Optionally, connect via Splashtop or remote session to visually confirm the program is installed and functional.

Notes and Best Practices

  • The App Installer works best on Windows devices with the Atera Agent online and administrative privileges enabled.
  • If an install fails, review the Atera event logs or attempt a manual install using PowerShell or a deployment script.
  • For Microsoft 365 installations, ensure the user has a valid license assigned in Microsoft 365 Admin Center before installation.

Wrap-Up / Recap

Using the App Installer in Atera streamlines software deployment—saving time and avoiding unnecessary remote sessions. This tool should be your first stop for installing standard apps like Office, Chrome, or Reader.

If the installer fails or the application is not listed, escalate to a manual installation or package deployment script as needed. Always confirm completion by checking the installed software list.

Windows Protected Print Mode: Disable to Fix Print Drivers not Installing by TCP/IP

October 27, 2025 /

Microsoft has made an update in Windows 11 in an update. Windows 11 version 24H2.

Windows Protected Print Mode (WPP) is a driver‑free, security‑focused printing mode in Windows that relies solely on the modern IPP (Internet Printing Protocol) stack and Mopria‑certified printers—eliminating third‑party drivers.

This eliminates the ability to use print drivers that don’t use IPP and makes TCP/IP unavailable completely. 

Microsoft as started to enable this by default on some newer PC’s.

If you have any print drivers that fail to install check here

Settings>Bluetooth and Devices>Printers and Scanners. Make sure it’s off.

Changing network connection profile to private vs public by powershell in 2 commands

October 26, 2025 /

Get-NetConnectionProfile

Set-NetConnectionProfile -InterfaceIndex <InterfaceIndex> -NetworkCategory Private

Set-NetConnectionProfile -InterfaceIndex 16 -NetworkCategory Private

Get-NetConnectionProfile

To change a network from Public to Private you can use several methods. Since the graphical interface in Server editions doesn’t always provide this option, PowerShell is often the most straightforward approach.

🔧 Using PowerShell

  1. Open PowerShell as Administrator:
    • Right-click the Start button and select Windows PowerShell (Admin).
  2. Identify the Network Interface:
Get-NetConnectionProfile
  1. This command lists all network interfaces and their current profiles.
  2. Change the Network Category:Replace <InterfaceIndex> with the actual index number of your network adapter.
Set-NetConnectionProfile -InterfaceIndex <InterfaceIndex> -NetworkCategory Private
  1. For example, if your interface index is 8:
Set-NetConnectionProfile -InterfaceIndex 8 -NetworkCategory Private
  2. Verify the Change:
Get-NetConnectionProfile
  1. Ensure that the NetworkCategory is now set to Private.

How to Configure RDP when Remotely Connecting to an Entra‑Enrolled Device (Windows 10/11)

October 26, 2025 /

How to Configure RDP when Remotely Connecting to an Entra‑Enrolled Device (Windows 10/11)

📌 Overview

These steps describe how to configure Remote Desktop (RDP) to successfully connect to a Microsoft Entra ID (Azure AD) joined device over VPN or office network. This includes editing the .rdp connection file and optionally editing the Windows hosts file on the VPN client to resolve NetBIOS or FQDN names more reliably.

Heavily based on these three articles and built from ticket #2571

Especially useful for Santiam Water Control District staff.

https://learn.microsoft.com/en-us/windows/client-management/client-tools/connect-to-remote-aadj-pc

https://rublon.com/blog/how-to-rdp-into-azure-ad-joined-vm

https://www.howtogeek.com/27350/beginner-geek-how-to-edit-your-hosts-file

✅ Requirements & Prerequisites

  • Remote device: Windows 10 version 1809 or later, or Windows 11 (with Oct‑2022 cumulative update or newer) joined to Microsoft Entra ID. (Microsoft LearnMicrosoft Learn)
  • Local client device: Running Windows 10 or 11. It can be Entra joined, hybrid joined, registered, or even part of a different AD domain. (Microsoft Learn)
  • Ensure the remote device (host) is configured to allow RDP: under Settings → System → Remote Desktop, “Allow Remote Desktop connections” is enabled. (Microsoft Learn)
  • If enabling Azure AD authentication, the remote device doesn’t need Network Level Authentication enforced; indeed disabling NLA may be required for this use case. (Microsoft Learn)

🛠 Step 1 – Edit the .rdp file

  1. On your local client, launch Remote Desktop Connection (mstsc.exe), enter the hostname (NOT the IP Address, often fails in this setup) of the remote device, expand Show Options, and click Save As… to store a .rdp file locally. (Stack Overflow)
  2. Open the saved .rdp file using a text editor like Notepad.
  3. Update the full address:s: field to use the NetBIOS hostname or FQDN, not the IP address. Example:full address:s:Desktop‑Manager (Replaces earlier s: \\192.168.1.119 usage.) (ronamosa.io)
    Your internal ticket notes confirm that Azure AD–joined devices cannot be reached by IP if using Azure AD authentication—they require name resolution.
    enablecredsspsupport:i:0 authentication level:i:2 This disables CredSSP and sets a proper authentication level for Azure AD RDP login. (Stack Overflow)
  4. Additionally, to enable Microsoft Entra (Azure AD) authentication prompt via RDP, add (or change) the following:enablerdsaadauth:i:1 This flag ensures the client uses the web-account sign‑in flow. Without it, authentication via Azure AD may fail. (Microsoft Learn)
  5. Save the file and double-click it to initiate RDP.
  6. At credential prompt, enter your username in full UPN format:username@domain.comYou will be prompted to fully sign in through a popup Microsoft login window and approve this new host; accept it. (RublonMicrosoft Learn)

🧪 Step 2 – (Optional) Add the Azure AD user to the Remote Desktop Users group

If you are not already part of the Remote Desktop Users group on the remote device, you may need to add your account or Azure AD group to it via local admin or MDM policy:

  • Using Command Prompt (as administrator):net localgroup "Remote Desktop Users" /add "AzureAD\username@domain.onmicrosoft.com"
  • Or using PowerShell:Add-LocalGroupMember -Group "Remote Desktop Users" -Member "AzureAD\username@domain.com" (Prajwal Desai)

🧭 Step 3 – (Optional) Edit the hosts file for name resolution over VPN

When your client cannot resolve NetBIOS names over a VPN Connection or Wi‑Fi, you can manually define them:

  1. On the remote client machine, open the hosts file in an elevated editor. Search for Notepad and Run as Administrator > File > Open to the following path:C:\Windows\System32\drivers\etc\hosts
  2. Add entries mapping internal device names to their IP addresses:192.168.1.119 Desktop‑Manager
  3. Save the file. This allows the host name used in your .rdp file to resolve correctly even if DNS or NetBIOS resolution fails.

🧩 Troubleshooting Scenarios & Notes

  • VPN client cannot ping or resolve NetBIOS name: may stem from missing NetBIOS over TCP/IP setting, wireless isolation, subnet differences, or routing rules. Ensure NetBIOS over TCP/IP is enabled in adapter IPv4 → Advanced → WINS tab, and review network isolation settings.
  • RDP fails using IP address: Azure AD joined devices require name (hostname or FQDN). IP‑only connections do not support the Azure AD authentication flow; using a host‑mapped name is required. (Microsoft LearnMicrosoft Learn)
  • NLA required: if NLA is enforced, Azure AD authentication may fail; ensure the remote device has NLA disabled if running into connection issues. (Microsoft Learnniallbrady.comMicrosoft Learn)

✅ Example .rdp snippet

Note: some of these are already added in, so only copy and paste the missing ones and change the relevant entries.

full address:s:Desktop‑Manager
enablecredsspsupport:i:0
authentication level:i:2
enablerdsaadauth:i:1

ℹ️ Why these settings matter

  • enablerdsaadauth:i:1 toggles the web‑account Azure AD login experience, prompting or allowing authentication through Entra ID. Without it, RDP will not negotiate Azure AD credentials correctly. (Microsoft Learn)
  • enablecredsspsupport:i:0 avoids CredSSP pitfalls that block Azure AD authentication, especially when Network Level Authentication isn’t compatible with Entra‑based tokens. (Stack Overflow)
  • authentication level:i:2 is the required setting for secure fallback when CredSSP is disabled. (Stack Overflow)

📌 Final Notes

  • Always ensure both client and remote satisfy Windows update and version prerequisites for Azure AD RDP support. (Microsoft Learn)
  • Use FQDN or hostname resolution rather than IP when targeting Entra‑joined devices, especially in VPN environments.
  • The hosts file edit can be a reliable workaround when DNS or NetBIOS resolution fails.

Fixing Edge Webview2 Errors for Windows ARM Devices

October 26, 2025 /

QUICK Command prompt registry delete command:

REG DELETE “HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}” /f

Make sure to run evergreen installer after deletion!

=======

batch file you can run! You’ll just need to download the installer first. and save it like the steps below. Keep this on pcs where the issue keeps coming back.
Download the WebView2 Runtime installer from Microsoft. You can get it from this link:
https://developer.microsoft.com/en-us/microsoft-edge/webview2/

Look for the “Evergreen Standalone Installer” and download it.

Once it’s downloaded, move the file to this folder on your computer:
C:\WebView2Fix\

Make sure the file is named exactly like this:
MicrosoftEdgeWebview2Setup.exe

@echo off
echo ============================================
echo WebView2 Fix Script – Run as Admin Only
echo ============================================
echo.

NET SESSION >nul 2>&1
IF %ERRORLEVEL% NEQ 0 (
echo This script must be run as Administrator.
pause
exit /b
)

echo Deleting WebView2 EdgeUpdate registry key…
REG DELETE “HKLM\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}” /f

IF %ERRORLEVEL% EQU 0 (
echo Registry key deleted successfully.
) ELSE (
echo Failed to delete registry key or it does not exist.
)

set “WebView2InstallerPath=C:\WebView2Fix\MicrosoftEdgeWebview2Setup.exe”
IF EXIST “%WebView2InstallerPath%” (
echo Installing WebView2 Runtime…
“%WebView2InstallerPath%” /silent /install
echo Installation initiated.
) ELSE (
echo WebView2 installer not found at:
echo %WebView2InstallerPath%
)

pause

===============================================================

Windows on ARM will often get errors with Outlook or Office programs in general with an error similar to this:

Notes found in search GPT about this issue:

I’m sorry to hear you’re encountering issues with installing the Microsoft Edge WebView2 Runtime for Outlook. This problem can arise due to various factors, but the following steps have proven effective for many users:
Repair or Reinstall Microsoft Edge WebView2 Runtime:
Repair:
Press Win + R, type appwiz.cpl, and press Enter to open the Programs and Features window.
Locate “Microsoft Edge WebView2 Runtime” in the list.
Right-click on it and select “Change,” then choose the “Repair” option.
Reinstall:
If the repair doesn’t resolve the issue, uninstall “Microsoft Edge WebView2 Runtime” from the same Programs and Features window.
Download the latest version from the official Microsoft Edge WebView2 page:
Install it and restart your computer.
Modify the Windows Registry:
Note: Some users have reported that the registry path might differ slightly, such as HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients. Ensure you navigate to the correct path on your system.
answers.microsoft.com

Getting a WebView2 error when trying to use New Outlook
Having consistant issues with New Outlook on a Surface laptop. When trying to open the program it gives the error:Installation failed. The Microsoft Edge WebView2 Runtime is already installed for the
answers.microsoft.com
Caution: Editing the registry can have significant implications. Ensure you back up the registry before making any changes.
Press Win + R, type regedit, and press Enter to open the Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients.
Look for a key named {F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}.
Right-click on this key and select “Delete.”
Close the Registry Editor.
Reinstall the WebView2 Runtime using the installer you downloaded earlier.
Check for Windows Updates:
Ensure your system is up-to-date. Go to “Settings” > “Update & Security” > “Windows Update” and install any pending updates.
Run the Installer as Administrator:
Right-click on the WebView2 installer and select “Run as administrator” to ensure it has the necessary permissions to install correctly.

If all else fails, might be time to prep a script using this as the template, making sure to update the installer name in the script to match the installer for ARM devices.

https://github.com/JohnVSeals/WebView2_Repair_Tool

===========================================================================================================================

Level 2: Hard Mode – Manual WebView2 Removal & Rebuild (ARM)
If repair, uninstall, and registry fixes fail — and C:\Program Files (x86)\Microsoft\EdgeWebView is locked — follow this process to fully remove and rebuild WebView2 on Windows ARM devices (e.g., Surface laptops):

  1. Clean EdgeUpdate from the Registry
    powershell

Remove-Item “HKLM:\SOFTWARE\Microsoft\EdgeUpdate” -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item “HKLM:\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate” -Recurse -Force -ErrorAction SilentlyContinue

  1. Take Ownership of the Locked Folder
    powershell

$lockedPath = “C:\Program Files (x86)\Microsoft\EdgeWebView”
$tempPath = “C:\EdgeWebView-To-Delete”

cmd /c “takeown /f "$lockedPath” /r /d y”
cmd /c “icacls "$lockedPath” /grant administrators:F /t”

  1. Move the Folder Out of Program Files
    powershell

Move-Item -Path $lockedPath -Destination $tempPath -Force -ErrorAction SilentlyContinue

  1. Schedule Folder Deletion on Reboot
    powershell

schtasks /create /tn “DeleteEdgeWebView” /tr “cmd /c rd /s /q "C:\EdgeWebView-To-Delete“” /sc onstart /ru SYSTEM

  1. Reboot the Device
    The folder will be deleted automatically at startup under the SYSTEM context.
  2. Reinstall Microsoft Edge (ARM64)
    Download from https://www.microsoft.com/edge, run as administrator, and reboot once complete. This restores WebView2, EdgeUpdate, and auto-update functionality.
  3. Remove the Scheduled Task
    powershell

schtasks /delete /tn “DeleteEdgeWebView” /f

Level 3: Expert Mode – Manual Edge Removal & Rebuild (ARM)
Often best for repairing the Edge for ARM Error of “Can’t download – virus scan failed)

🧰 Advanced Method: Force Uninstall Microsoft Edge on Windows 11 ARM
Step 1: Remove EdgeUpdate Registry Entries
Open PowerShell as Administrator and execute:
Windows OS Hub
+8
UMA Technology
+8
Into Windows
+8

powershell
Copy
Edit
Remove-Item “HKLM:\SOFTWARE\Microsoft\EdgeUpdate” -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item “HKLM:\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate” -Recurse -Force -ErrorAction SilentlyContinue
This removes the EdgeUpdate entries that can prevent uninstallation.

Step 2: Take Ownership of the Edge Installation Folder
In the same PowerShell session, run:
Microsoft Answers
+7
UMA Technology
+7
PowerShell FAQs
+7

powershell
Copy
Edit
$edgePath = “C:\Program Files (x86)\Microsoft\Edge”
$tempPath = “C:\Edge-To-Delete”

cmd /c “takeown /f "$edgePath” /r /d y”
cmd /c “icacls "$edgePath” /grant administrators:F /t”
This grants you the necessary permissions to modify the Edge installation directory.

Step 3: Move the Edge Folder
Still in PowerShell, execute:
Solve Your Tech
+1
UMA Technology
+1

powershell
Copy
Edit
Move-Item -Path $edgePath -Destination $tempPath -Force -ErrorAction SilentlyContinue
This moves the Edge folder to a temporary location, preparing it for deletion.

Step 4: Schedule Folder Deletion on Reboot
To ensure complete removal, schedule the deletion of the temporary folder upon next startup:

powershell
Copy
Edit
schtasks /create /tn “DeleteEdge” /tr “cmd /c rd /s /q "C:\Edge-To-Delete“” /sc onstart /ru SYSTEM
This sets up a task that will delete the Edge folder when the system restarts.

Step 5: Reboot Your Device
Restart your computer to allow the scheduled task to execute and remove the Edge files.

Step 6: Reinstall Microsoft Edge (ARM64 Version)
After rebooting, download the ARM64 version of Microsoft Edge from the official Microsoft Edge website. Run the installer as Administrator to reinstall Edge.

Step 7: Remove the Scheduled Task
Once Edge is reinstalled, clean up by deleting the scheduled task:

powershell
Copy
Edit
schtasks /delete /tn “DeleteEdge” /f
⚠️ Important Considerations
System Stability: Microsoft Edge is integrated into Windows 11, and removing it might affect certain system functionalities. Proceed with caution.

Windows Updates: Future Windows updates may reinstall Microsoft Edge automatically.

Alternative Browsers: Ensure you have another browser installed and set as default before removing Edge.
Solve Your Tech

If you need assistance with setting a different browser as your default or have further questions, feel free to ask!

Turn Off Auto Device Encryption in Windows 11

October 26, 2025 /

Turn Off Auto Device Encryption in Windows 11

For windows 24H2 Installs

https://www.windowslatest.com/2024/05/08/microsoft-confirms-windows-11-24h2-turns-on-device-encryption-by-default

During installation, you can disable Device Encryption using a Registry hack:

  1. Press Shift + F10 to open the Command Prompt window. Type regedit and press Enter to launch Registry Editor.
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker subkey.
  3. Right-click the empty side and select the New > Dword (32-bit) Value option from the context menu.
  4. Name the value “PreventDeviceEncryption”.
  5. Set the value date to 1 and click on the OK button.
  6. Close the Registry Editor.
Newer posts »

© 2026 Ultrex Staff

Theme by Anders NorenUp ↑