Triage Documentation

Documentation

Step-by-step guides for getting Triage up and running — whether you're fixing one machine or rolling it out across your whole business.

Getting started

What is Triage?

Triage is a Windows health tool for IT professionals and small businesses. It scans any Windows 10 or 11 computer in under two minutes, shows you a plain-English list of every fixable problem, and lets you apply fixes one click at a time — with a safety backup created before anything is changed.

There are two ways to use Triage:

ModeWhat it isBest for
Desktop app A standalone program you open and run on whichever computer you're sitting at. Nothing is permanently installed on the machine after you close it. IT consultants, one-off repairs, visiting a client's machine
Fleet mode A small background program (the "Agent") that runs on each of your machines, sending health reports to a private web dashboard (the "Server") you control. Small businesses, MSPs, managing 5 or more machines centrally

Both modes use the same scan and repair engine. Fleet mode adds automatic monitoring, a central dashboard, and the ability to run fixes on machines remotely — without physically sitting at them.

Getting started

What do I need?

To use the desktop app

  • A Windows 10 or Windows 11 computer (64-bit)
  • Administrator access on that machine — Triage needs this to scan and fix protected system settings
  • About 90 MB of disk space
  • An internet connection is optional — only needed for AI-powered diagnostics and checking for driver updates

To use fleet mode

You'll need two things: a server to run the dashboard, and the Agent installed on each machine you want to monitor.

For the server (one machine that acts as the central hub):

  • Any computer that stays on — a Windows PC, Windows Server, or a cheap Linux virtual machine all work
  • Docker Desktop installed on that machine (free download — it's the software that runs the Triage Server)
  • The server needs to be reachable over the network from your other machines (same Wi-Fi or LAN is fine)

For each managed machine (the Agent):

  • Windows 10 or Windows 11 (64-bit)
  • Administrator access for the initial install
  • Network access to the server machine
Fleet mode is included with Team & MSP plans. You host everything yourself — none of your machine data passes through our servers.
Getting started

Install the desktop app

Easiest — recommended

Install with one command

Open PowerShell as administrator (right-click the Start button → Terminal (Admin) or Windows PowerShell (Admin)) and paste this line:

irm 'https://raw.githubusercontent.com/Kayem196/triage/main/Install-Triage.ps1' | iex

This downloads and installs everything automatically. You'll see Triage in your Start menu when it's done.

Manual install

Install by downloading the files

If you'd prefer to install by hand, there are two files to download from the latest release:

1

Install the trust certificate

Download Triage_DevCert.cer and double-click it. Click Install Certificate → choose Local Machine → click Place all certificates in the following store → Browse → select Trusted People → Finish.

This one-time step tells Windows that Triage is a trusted app. You'll need admin rights.

2

Install the app

Download Triage-x64.msix and double-click it. Windows will show a simple install dialog — click Install.

Intune / managed devices

Deploy via Microsoft Intune

When you use Intune, the certificate step is handled automatically by Intune itself — your end users don't see any certificate prompts or extra steps. They just receive the app like any other.

  1. Certificate (one-time, IT admin only): In the Intune portal, go to Devices → Configuration profiles → + Create → Trusted certificate. Upload Triage_DevCert.cer, set the destination store to Computer certificate store — Trusted People, and assign it to your target device group. Intune deploys this silently in the background.
  2. App: Go to Apps → Windows → + Add → Line-of-business app, upload Triage-x64.msix, and assign it to the same group. Triage installs automatically on those devices — no action needed from users.
Deploy the certificate profile before the app — it needs to land first so Windows trusts the MSIX when it arrives.

Running from a USB drive

Triage can also run directly from a USB drive with no installation required — useful when you're visiting a client's machine and don't want to leave anything behind. Copy Triage.exe to a USB drive and run it. Administrator access is still required on the machine.

First launch

Find Triage in the Start menu. Windows will ask for administrator permission — click Yes. This is expected: Triage needs this access to scan and repair system settings.

Getting started

Running your first scan

Once Triage is open, a full scan takes less than two minutes. Nothing is changed during the scan itself — it's purely a read-only inspection.

1

Click "New scan"

Triage checks services, startup programs, temp files, network settings, drivers, and Office app health. It finishes in under two minutes.

2

Review the findings

Each issue is labelled HIGH, MED, or LOW. Click any finding to see a plain-English explanation of what's wrong, what the fix does, and whether it can be undone — before you commit to anything.

3

Choose your fixes

Click Add to fix queue on the findings you want to address. You can add or remove items any time before applying.

4

Apply

Click Apply fixes. Before making any change, Triage automatically creates a Windows restore point — a snapshot of the machine's current state. If anything doesn't go as expected, you can roll back from Windows System Restore.

5

Export a report (optional)

After the fixes run, you can export a before-and-after report as a PDF or text file — useful for client handoff or keeping a record of what was done.

The health score goes from 0 to 100. Triage shows you the current score and what it would reach after your queued fixes — so you can see the improvement before doing anything.
Reference

What Triage can fix

Triage includes over 40 automated fixes, organised by category. Every fix shows a risk rating before you run it.

SAFE — applies instantly, no reboot needed.   CAUTION — may need a reboot, or causes a brief interruption like a network drop. Triage warns you before these run.

System files

SFC Scan
Checks Windows system files for corruption and repairs them from a built-in backup — takes 5–15 min
CAUTION
DISM Scan
Read-only check of the Windows component store — ~5 min
SAFE
DISM Repair
Downloads missing or corrupted files from Windows Update — 15–30 min
CAUTION

Windows Update

Clear update cache
Deletes partially-downloaded updates that can block new ones from installing
SAFE
Reset update components
Restarts all Windows Update services and clears stuck state — fixes machines that have stopped updating
CAUTION
Reset Microsoft Store
Clears the Store app cache — fixes app install failures and Store errors
SAFE

Disk & storage

Clear update download cache
Removes old update files Windows kept for peer sharing — often frees 1–5 GB
SAFE
Rebuild thumbnail cache
Fixes blank or generic icons in File Explorer — Explorer restarts briefly
SAFE
Disk Cleanup
Removes temp files, old Windows files, and system junk
SAFE
Empty Recycle Bin
Permanently deletes all trashed files
CAUTION

Shell & display

Rebuild icon cache
Fixes missing or wrong icons in File Explorer and on the desktop
SAFE
Restart Explorer
Refreshes the Windows taskbar and desktop without needing a reboot
SAFE
Clear print queue
Removes stuck print jobs that are blocking the printer
SAFE

Network

Flush DNS cache
Clears outdated website address lookups — fixes "site not found" errors on known-good sites
SAFE
Re-register DNS
Re-announces this machine to the company network — domain-joined machines only
SAFE
Release & renew IP address
Fixes machines that picked up a bad or duplicate IP address
SAFE
Reset TCP/IP stack
Resets the core networking layer to factory defaults — requires a reboot
CAUTION
Reset Winsock
Fixes software that has hijacked network connections — requires a reboot
CAUTION
Disable adapter power saving
Stops Windows cutting the Wi-Fi when the machine is idle
SAFE
Reset network adapters
Disables and re-enables all network adapters — brief connectivity drop
CAUTION
Clear proxy settings
Removes proxy configuration that may be blocking normal internet access
SAFE
Reset Windows Firewall
Restores default firewall rules — removes any custom rules that were added
CAUTION
Forget all Wi-Fi networks
Removes all saved wireless networks — machine won't auto-connect to any network
CAUTION

Microsoft 365

Clear Outlook cache
Forces Outlook to rebuild its local email cache — fixes sync failures, missing emails, and slow search (~800 MB freed)
SAFE
Clear Outlook roaming data
Removes profile data that causes search and autocomplete issues
SAFE
Clear Outlook temp files
Removes attachment scratch files that accumulate over time
SAFE
Clear Teams cache
Removes Teams cached data causing slow performance (~500 MB freed)
SAFE
Clear Teams GPU cache
Fixes Teams rendering glitches and high GPU usage
SAFE
Clear OneDrive sync logs
Removes sync diagnostic files that can grow to hundreds of MB
SAFE
Clear Word template cache
Fixes slow document open times by clearing stale templates
SAFE
Fleet management

How fleet management works

Fleet mode lets you monitor and fix all your Windows machines from a single web page — without sitting at each one. Here's how it fits together:

PartWhat it is (in plain English)
The Agent A small background program that runs automatically on each of your machines. Once installed, it quietly checks the machine's health every hour and reports back to your dashboard. Staff don't see it or interact with it.
The Server The central hub — a private web page (like an internal website) that you host on one machine in your office or on a server. It collects health reports from all your machines and shows you the full picture in one place.
The Dashboard What you see when you open the Server in a browser. It shows every machine's current health, lets you drill down into individual problems, and lets you push fixes to any machine remotely.

What the day-to-day looks like

  1. You set up the Server once on a machine that stays on (15–20 minutes).
  2. You install the Agent on each machine you want to monitor — takes about 30 seconds per machine, or you can push it to all machines at once via Intune or a script.
  3. From that point, everything is automatic. The Agent runs health scans every hour and sends the results to your dashboard.
  4. You open the dashboard whenever you like, see which machines need attention, and apply fixes — without leaving your desk.
  5. Both the Server and the Agent update themselves automatically when a new version is released. There's nothing to manually maintain.
If you push a fix from the dashboard, the Agent picks it up within 5 minutes (its next check-in) and reports the result back. You don't need remote desktop or VPN to the individual machine.
Fleet management

Set up the server

The Triage Server runs as a Docker container — Docker is free software that packages the server into a self-contained unit that's easy to start, stop, and update. You install Docker once, then Triage handles the rest.

1

Install Docker on your server machine

Go to docs.docker.com/get-docker and download Docker Desktop for your operating system (Windows or Linux). Install it and make sure Docker is running before continuing.

2

Run the setup script

Open PowerShell as administrator on the server machine and run:

irm 'https://raw.githubusercontent.com/Kayem196/triage/main/Setup-TriageServer.ps1' | iex

The script will ask you to choose a dashboard password and optionally set an enrollment key (a password that machines need to join your fleet). Everything else — security tokens, configuration files — is generated automatically.

When it finishes, it prints your server's web address and the exact command to run on other machines to install the Agent.

3

Open the dashboard

In any browser, open the address the setup script printed (something like http://192.168.1.10:8080). Log in with username admin and the password you chose.

Automatic updates

The server keeps itself up to date automatically. A companion program called Watchtower checks for a new version every hour and updates the server in the background. When an update happens, any open browser sessions will briefly show a "Server update in progress" notice, then reconnect automatically.

After your first release, go to github.com → your profile → Packages → triage → Package settings and set the package visibility to Public. This allows the auto-update system to pull new versions without needing a password.

Backing up your data

All machine data is stored in a single database file on the server. You can back it up from Settings → Backup in the dashboard, or copy the triage_data Docker volume manually. Keep regular backups if your machine data is important to you.

Fleet management

Put Triage on every machine

Once your server is running, you need to install the Triage Agent on each machine you want to monitor. There are a few ways to do this — pick the one that fits how you manage your machines.

Easiest

Run the one-liner from the Setup page

In the dashboard, go to the Setup page. You'll see a one-line command that has your server address and settings already filled in. Copy it and run it on any Windows machine as administrator:

irm 'http://your-server:8080/install.ps1' | iex

The machine will appear in your fleet dashboard within a minute.

What this does: downloads the Agent, installs it as a background program that starts with Windows, and registers the machine with your server. Nothing is shown to the person using the machine.

For Intune-managed businesses

Push via Microsoft Intune

The Setup page in the dashboard also shows a ready-to-use Intune script — your server address and enrollment key are already embedded. Deploy it as a PowerShell script in Intune:

  1. Go to Devices → Scripts → Add → Windows PowerShell
  2. Paste the script from the Setup page (or upload it as a .ps1 file)
  3. Set "Run this script using the logged on credentials" to No
  4. Set "Run script in 64-bit PowerShell host" to Yes
  5. Assign to your target device group

Intune deploys the Agent silently to all assigned machines. Staff don't see any prompts.

After the Agent is installed

The machine registers with your server within a few seconds and sends its first health report within a minute. You'll see it appear in the dashboard with its current health score. From that point:

  • The Agent runs a full health check every hour automatically
  • It checks in with the server every 5 minutes and picks up any remote fix commands you've sent
  • It updates itself automatically when a new version is available
  • Staff using the machine see nothing — the Agent runs silently in the background
Fleet management

Using the fleet dashboard

What the colours mean

ColourWhat it means
● GreenMachine is healthy (score 80 or above, no serious issues)
● AmberSome issues found — worth a look, but nothing urgent
● RedOne or more serious issues — needs attention soon
● GreyMachine hasn't checked in for over 15 minutes — possibly offline or powered down

Pages in the dashboard

PageWhat you'll find there
FleetYour main view — all machines in a board or list. Switch between "board" (grouped by status) and "table" (sortable list). You can select multiple machines and push the same fix to all of them at once.
Machine detailClick any machine to see its full findings, scan history, what fixes have been run, and the Agent version it's running.
ReportsHealth reports for individual machines or the whole fleet.
Audit LogA record of every action taken from the dashboard — who ran what fix, on which machine, and what the result was.
SetupYour getting-started guide, the Agent install command, and your Intune script — all with your settings already filled in.
SettingsEmail alerts, change your password, deactivate machines that have been retired, and download backups.

Pushing a fix to a machine

Click any machine card or open the machine detail page. You'll see a Push scan button (run a health check right now, outside the hourly schedule) and a Fix button to send a specific repair. The machine picks up the command within 5 minutes and reports back the result.

Help

Your data & privacy

Where your data goes

All machine data stays on your server — it never goes anywhere else. Triage has no cloud backend and no central data collection. Everything the Agent reports goes directly to the Triage Server you're running, stored in a database file on that machine.

The only exception is AI diagnostics: if you choose to enable the AI-powered analysis feature (which requires you to configure an Anthropic API key in settings), Triage will send finding descriptions to the Anthropic API. No personal information about your staff or their files is included.

What the Agent collects

The Agent collects technical health indicators — nothing personal:

  • Computer name and Windows version
  • Whether key background services are running or stopped
  • Startup programs and whether they're enabled
  • How much space temp files are taking up (not the files themselves)
  • Network settings (DNS addresses, proxy configuration)
  • Driver version numbers for key hardware
  • Microsoft 365 app health indicators (cache sizes, sync error flags)

The Agent never collects file contents, browser history, passwords, emails, documents, or any information that identifies individual people.

Keeping your server secure

  • Use a strong dashboard password and don't share it broadly
  • If your machines connect to the server over the internet (not just your local network), put Triage behind a reverse proxy with HTTPS — your IT team or hosting provider can help with this
  • Use an enrollment key so only your machines can join your fleet — set this during server setup
  • The server updates itself automatically, so it stays patched without manual effort
Help

Removing Triage

Remove from a Windows machine

One script removes everything — the desktop app, the background Agent, all Triage files, and any related scheduled tasks. Run it as administrator in PowerShell:

irm 'https://raw.githubusercontent.com/Kayem196/triage/main/Uninstall-Triage.ps1' | iex

You'll be asked to confirm before anything is deleted. To skip the confirmation (for example, when deploying via Intune), add -Force to the command.

Removing the Agent from a machine doesn't remove it from the dashboard — it will just show as offline. To fully remove it from your fleet, deactivate it in Settings → Machines.

Remove the server

On the machine running the server, open a terminal in the folder where you ran the setup script (where docker-compose.yml lives) and run:

# Shut down the server, but keep all your machine data
docker compose down

# Shut down the server AND delete all stored data
docker compose down -v

To also remove the Docker images from your machine: docker compose down --rmi all

docker compose down -v permanently deletes all your machine data. Make sure you've downloaded a backup from Settings → Backup first if you want to keep the history.
Help

Troubleshooting

Triage says "You need administrator rights"

Triage requires administrator access to run scans and apply fixes. Close Triage, right-click the Triage icon in the Start menu, and choose Run as administrator. If you don't have administrator rights on that machine, ask your IT admin to run it.

The MSIX install fails or says "app not trusted"

This means the developer certificate wasn't installed first — or was installed to the wrong place. The certificate must go to Local Machine → Trusted People (not "Current User"). Use the one-line install command instead, which handles this automatically, or re-run the certificate install with admin rights and double-check you selected Local Machine on the first screen.

A machine isn't showing up in the dashboard

Check these things in order:

  1. Is the Agent installed? Open Services on the machine (press Win+R, type services.msc) and look for Triage Agent. If it's not there, run the install command again.
  2. Is the service running? If it shows Stopped, right-click it and choose Start.
  3. Can the machine reach the server? In PowerShell on the machine, run: Test-NetConnection -ComputerName your-server -Port 8080. If it shows "TcpTestSucceeded: False", there's a network or firewall issue between the machine and the server.

The Agent is running but keeps going offline

This usually means the machine can reach the server on the network, but something is blocking the connection. Check that port 8080 (or whichever port you configured) is allowed through any firewalls on both the machine and the server host. Also check that the server is actually running: open the dashboard address in a browser from a different machine — if it loads, the server is fine.

The server auto-update isn't working (machine stays on old version)

The auto-update system (Watchtower) needs to be able to pull the new server image from the internet. If you set up the server from a private GitHub repository, go to github.com → your profile → Packages → triage → Package settings and change the visibility to Public. Without this, Watchtower can't download updates.

The dashboard keeps logging me out

Sessions last 8 hours and then expire — this is expected. If you're being logged out more frequently, it usually means the server was restarted recently and generated new security tokens. This is normal after a server update. Just log in again; the issue won't recur until the next update.

Still stuck?

Email us at hello@triage-tool.app and we'll help. Include the machine name, a description of what you were trying to do, and any error messages you saw.