Skip to main content

Installed Remote Tool Audits

Overview

This script audits a Windows endpoint for known remote access tools using multiple detection methods: uninstall registry entries, running processes, running services, and common executable paths. It supports exclusions from both script variable and a Ninja custom field. The results are compiled into an HTML table and written to a Ninja custom field for easy visibility within the NinjaOne platform.

Tool display names supported by this script:

  1. AeroAdmin
  2. Ammyy Admin
  3. AnyDesk
  4. Atera
  5. Automate (ConnectWise Automate)
  6. BeyondTrust
  7. Chrome Remote Desktop
  8. CW RMM (ConnectWise RMM)
  9. DameWare
  10. Datto RMM
  11. DWService
  12. GoToAssist
  13. GoToMyPC
  14. ITSPlatform
  15. Kaseya
  16. Kaseya VSA (VSA)
  17. LiteManager
  18. LogMeIn
  19. Malwarebytes
  20. ManageEngine
  21. N-Able N-Central
  22. N-Able N-Sight
  23. Ninja RMM
  24. NoMachine
  25. Parsec
  26. Remote Utilities
  27. RemotePC
  28. ScreenConnect / ConnectWise Control (instance-based detection)
  29. Splashtop
  30. Supremo
  31. Syncro
  32. TeamViewer
  33. TightVNC
  34. UltraVNC
  35. VNC (generic detection)
  36. VNC Connect (RealVNC)
  37. Zoho Assist

Sample Run

Play Button > Run Automation > Script
SampleRun1

  • Search for the Installed Remote Tools Audit and then click on it

Sample Run 2

  • Click Run

Sample Run 2

Dependencies

Parameters

NameExampleAccepted ValuesRequiredDefaultTypeDescription
Whitelisted Remote Access ToolsNinja RMM, Datto RMM, Automate, ScreenConnect Client (342xxxxxxxxxxxf)comma-separated listFalse-StringOptional comma-separated list of remote access tools to exclude from detection. Tools specified here will be excluded globally across all clients. Additional client/location/machine-specific exclusions can be configured using the custom field. The script will combine exclusions from both sources when determining which tools to ignore.

Automation Setup/Import

Automation Configuration

Output

  • Activity Details
  • Custom Field

Changelog

2026-06-24

  • Added more remote tools for detection and updated the powershell script to check processes, services and executable paths along with registries for remote tools.
  • Added script variable to mention whitelisted remote tools.
  • Updated script to whitelist the remote tools mentioned in the new custom field cPVAL Whitelisted Remote Access Tools
  • Updated HTML output to show more columns like installed location, executable path, if tool is currently active and script last ran date.

2026-05-21

  • Initial version of the document