Category: IT Knowledge Base Articles (Page 6 of 11)

Powershell Windows Activation

November 9, 2025 / Jim Smith

Updated command for Windows 10/11 as of 2/20/26 –

Run Powershell as an administrator, copy and paste the code below and hit enter. Windows should activate using Option 1 for most Windows OS’s, but use TSForge Option if you need to license a Server install. This can also be used to push through an office install.

NOTE: Only use this at the approval of a supervisor. If we overuse this without the correct licensing as its foundation, we risk a customer being set up for issues in an audit. This command is to be used when Windows fails to activate a license that we know its supposed to activate, often after a Return to OOBE for Entra/Intune Enrollment.

Use the one below for most reliable resolution of get.activated.win in Ultrex Office –

iex (curl.exe -s –doh-url https://1.1.1.1/dns-query https://get.activated.win | Out-String)

The following are alternative options if the one above doesn’t work (use your mobile hotspot if needed) –

Option 1:

irm https://get.activated.win | iex

Option 2:

irm https://massgrave.dev/get | iex

If none of the options above work, use this code in powershell administrator mode instead:

if ($ExecutionContext.SessionState.LanguageMode.value__ -ne 0) {
    $ExecutionContext.SessionState.LanguageMode
    Write-Host "Windows PowerShell is not running in Full Language Mode."
    Write-Host "Help - https://massgrave.dev/fix_powershell" -ForegroundColor White -BackgroundColor Blue
    return
}

function Check3rdAV {
    $avList = Get-CimInstance -Namespace root\SecurityCenter2 -Class AntiVirusProduct | Where-Object { $_.displayName -notlike '*windows*' } | Select-Object -ExpandProperty displayName
    if ($avList) {
        Write-Host '3rd party Antivirus might be blocking the script - ' -ForegroundColor White -BackgroundColor Blue -NoNewline
        Write-Host " $($avList -join ', ')" -ForegroundColor DarkRed -BackgroundColor White
    }
}

function CheckFile { 
    param ([string]$FilePath) 
    if (-not (Test-Path $FilePath)) { 
        Check3rdAV
        Write-Host "Failed to create MAS file in temp folder, aborting!"
        Write-Host "Help - https://massgrave.dev/troubleshoot" -ForegroundColor White -BackgroundColor Blue
        throw 
    } 
}

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$URLs = @(
    'https://raw.githubusercontent.com/massgravel/Microsoft-Activation-Scripts/37ec96504a2983a5801c43e975ab78c8f9315d2a/MAS/All-In-One-Version-KL/MAS_AIO.cmd',
    'https://dev.azure.com/massgrave/Microsoft-Activation-Scripts/_apis/git/repositories/Microsoft-Activation-Scripts/items?path=/MAS/All-In-One-Version-KL/MAS_AIO.cmd&versionType=Commit&version=37ec96504a2983a5801c43e975ab78c8f9315d2a',
    'https://git.activated.win/massgrave/Microsoft-Activation-Scripts/raw/commit/37ec96504a2983a5801c43e975ab78c8f9315d2a/MAS/All-In-One-Version-KL/MAS_AIO.cmd'
)

foreach ($URL in $URLs | Sort-Object { Get-Random }) {
    try { $response = Invoke-WebRequest -Uri $URL -UseBasicParsing; break } catch {}
}

if (-not $response) {
    Check3rdAV
    Write-Host "Failed to retrieve MAS from any of the available repositories, aborting!"
    Write-Host "Help - https://massgrave.dev/troubleshoot" -ForegroundColor White -BackgroundColor Blue
    return
}

# Verify script integrity
$releaseHash = '49CE81C583C69AC739890D2DFBB908BDD67B862702DAAEBCD2D38F1DDCEE863D'
$stream = New-Object IO.MemoryStream
$writer = New-Object IO.StreamWriter $stream
$writer.Write($response)
$writer.Flush()
$stream.Position = 0
$hash = [BitConverter]::ToString([Security.Cryptography.SHA256]::Create().ComputeHash($stream)) -replace '-'
if ($hash -ne $releaseHash) {
    Write-Warning "Hash ($hash) mismatch, aborting!`nReport this issue at https://massgrave.dev/troubleshoot"
    $response = $null
    return
}

# Check for AutoRun registry which may create issues with CMD
$paths = "HKCU:\SOFTWARE\Microsoft\Command Processor", "HKLM:\SOFTWARE\Microsoft\Command Processor"
foreach ($path in $paths) { 
    if (Get-ItemProperty -Path $path -Name "Autorun" -ErrorAction SilentlyContinue) { 
        Write-Warning "Autorun registry found, CMD may crash! `nManually copy-paste the below command to fix...`nRemove-ItemProperty -Path '$path' -Name 'Autorun'"
    } 
}

$rand = [Guid]::NewGuid().Guid
$isAdmin = [bool]([Security.Principal.WindowsIdentity]::GetCurrent().Groups -match 'S-1-5-32-544')
$FilePath = if ($isAdmin) { "$env:SystemRoot\Temp\MAS_$rand.cmd" } else { "$env:USERPROFILE\AppData\Local\Temp\MAS_$rand.cmd" }
Set-Content -Path $FilePath -Value "@::: $rand `r`n$response"
CheckFile $FilePath

$env:ComSpec = "$env:SystemRoot\system32\cmd.exe"
Start-Process -FilePath $env:ComSpec -ArgumentList "/c """"$FilePath"" $args""" -Wait
CheckFile $FilePath

$FilePaths = @("$env:SystemRoot\Temp\MAS*.cmd", "$env:USERPROFILE\AppData\Local\Temp\MAS*.cmd")
foreach ($FilePath in $FilePaths) { Get-Item $FilePath | Remove-Item }

Once powershell is successful, a command prompt window will open and give you multiple options. Select option 1 if you only need the version of Windows activated. If you need to change the product type, there should be an option to do so in the same command dialogue box

Domain Joined Device Adding a Local Administrator

November 9, 2025 / Jim Smith

New-LocalUser -Name "ADMIN" -Password (ConvertTo-SecureString "ADMIN" -AsPlainText -Force) -UserPrincipalName "ADMIN" -Description "Administrator Account" -AccountNeverExpires $true
Add-LocalGrouMember -Group "Administrators" -Member "ADMIN"

When trying to get administrative access to a domain joined device that is not on the network and does not recognize domain admin credentials and we don't know local admin credentials, through Atera, go to Manage -> PowerShell -> As System and you can either type in "create administrator "ADMIN" with password "ADMIN" or copy and paste the command above.

This process is still in testing until further tests have been ran.

Command Line/Powershell create users, block password change

November 9, 2025 / Jim Smith

Add User and Set Password to Never Expire (especially for Scanning User)

Net user Scanning Scanning12 /add

Make PW never expire (Powershell most reliable to work, all will still break with big windows updates)

Command Line Admin option 1 (deprecating): WMIC USERACCOUNT where Name=’Scanning’ set PasswordExpires=False
Command Line Admin option 2 (sometimes an option): net user “Scanning” /expires:never
Powershell Admin (most reliable): Set-LocalUser -Name “Scanning” -PasswordNeverExpires $true

Command line kill driver error compatability

November 9, 2025 / Jim Smith

Command Line to turn off Popup related to windows compatibility driver.

Sc stop PcaSvc

Enter

It’s okay if the first command errors out.

Sc config PcaSvc start= disabled

enter

Will need to reboot to finish applying.

Command line Add Users and Scans Folder w sharing, Password Never Expires

November 9, 2025 / Jim Smith

Add User and Set Password to Never Expire (especially for Scanning User)

Net user Scanning Scanning12 /add

Make PW never expire

Command Line Admin: WMIC USERACCOUNT where Name=’Scanning’ set PasswordExpires=False
Powershell Admin: Set-LocalUser -Name “Scanning” -PasswordNeverExpires $true

Commands to Setup and Share Scans Folder through CLI

Mkdir C:\SCANS (creates Scans folder)

Dir C:\ (to confirm Scans folder creation)

Cd c:\scans (to select scans folder)

Net share scans=c:\scans /grant:Scanning,full (to grant read/write permissions with Scanning User – confirm permissions if needed)

Dell Optiplex 3020 BIOS reset

November 9, 2025 / Jim Smith

Dell Optiplex 3020 BIOS Reset (often at ACS)

BIOS Password was turned on, removing the CMOS battery to reset the bios didn’t seem to change anything. It may have been because the power cable was still plugged in so this may be a non issue, but just in case here are the jumper directions for this computer.

https://www.dell.com/support/manuals/en-us/optiplex-3020-desktop/opt3020sffom-v1/clearing-forgotten-password?guid=guid-6bbbad27-a43f-47bc-b663-16d8fff9362a&lang=en-us

How to use RustDesk with dual displays

November 9, 2025 / Jim Smith

How to use RustDesk with dual displays

Raised from ticket #2745

If you are using RustDesk and want to set it up for dual monitors on both the source and remote computers, follow these steps:

Open RustDesk on your computer.
Click the monitor icon located in the top bar.
Check the box that says Show the displays as individual windows.
Select either Monitor 1 or Monitor 2 (do not select the square that shows both monitors).
Repeat the above steps for each monitor you want to display.

After completing these steps, you should see two separate windows, each corresponding to one of your remote monitors. You can then drag each window to the respective screens on the machine you are remoting from.

Note: There are currently no video tutorials available for this process, but future assistance will include a recorded walkthrough for better understanding.

Thank you, and have a great day!

RustDesk Setup for Ultrex Server

November 9, 2025 / Jim Smith

We now have a paid, private, hosted Rustdesk server- so you don’t have to use the public one, but also don’t need to be setting up one for every customer.

I follow the instructions found here:

Good ole network chuck.

Now in Linode, we have an ubuntu server, running docker, running rustdesk server.

All that to say, from now on, you can go to the network tab within settings

The IP of the Ultrex server (only for us and paying customers on retainer)

172.234.230.92

Put that into the ID server and Relay server area.

Then in the API server, leave it blank

Then in the Key field, put:

YM2qOJS2H2MMa5BqJrxaSrYZwtiGncmWhB+y4GI2pPw=

Alternatively you can use this and the import button

==Qfi0zdQBnMJdEN5tiQodVbj52RpR3dallcTFGeypUcCVTYN1kMIJzUK9Ucy0UWiojI5V2aiwiIiojIpBXYiwiIykjLwMjMuQzMy4iM3EjI6ISehxWZyJCLiITOuAzMy4CNzIjLycTMiojI0N3boJye

That’s it- you’ll know it’s working when it doesn’t tell you “for faster speed host your own server”

This isn’t able to see any traffic going through it, just relaying peoples devices from their computers to each other, but not containing any unencrypted traffic. 🙂

Check Status and Update/Reset Passwords for Multiple Local Users if they’re already a user

November 9, 2025 / Jim Smith

Check Expiration Status:

Checking the computer for specified users (Note: must edit the script to check for the usernames you want to check) and what the password expiration status is.

https://app2.atera.com/new/admin/scripts/f63ecf72-e251-4442-bb31-751dcf44c3a6/edit

Password Resets:

Specify and reset multiple users with desired password (NOTE: make sure to edit the username and password before changing).

The script will check if the computer has the specified username, will change the password accordingly if so, and if not will purely skip over the user without making a change.

https://app2.atera.com/new/admin/scripts/00b6aaa1-7653-4662-99d8-dbc3a6d08d7c/edit

Helpful Microsoft Learn Article discussing Email Encryption

November 5, 2025 / Jim Smith

This came up in troubleshooting how S/MIME plays into email encryption for Business users. Valuable to understand the behind the scenes of how email encryption works so we can help our customers understand when they go to click the wrong way of encrypting their emails as a Premium user 🙂

https://learn.microsoft.com/en-us/purview/email-encryption

Short and sweet – there are two ways to encrypt emails in Outlook, and only one is the one we’d really want to recommend for maximum useability, but that users have the option to select if they don’t know better:

Default recommendation, and the one we’re used to:
1. New Message > Options > Encrypt > Encrypt
1. This encrypts emails on the server level and lets servers authenticate senders and recipients to allow the recipients to actually read the email more readily.
Not recommended because way more work on sender and recipient end to allow recipient to actually read the email
1. New message > More Options > Encrypt with S/MIME and Digitally sign with S/MIME
3. Encrypting with S/MIME, if not configured properly (and likely with Microsoft’s help) will error out like in the image above, and will also require the recipient to have configured S/MIME certs on their end in order to actually read the email.

If you run into this, that’s the gist of why we wouldn’t want to recommend option 2 🙂 way more hassle for not a lot of extra payoff unless an org is getting extra serious about their ability to verify the sender/recipient.