115 docs tagged with "Auditing"

Retrieves detailed Hyper-V VHD/VHDX information and stores it as an HTML table in a NinjaRMM Custom Field. "cPVAL Hyper-V Vhdx Details".

Group of machines where BitLocker is disabled.

Group of machines where BitLocker is enabled.

The solution outlines the process of backing up BitLocker recovery keys to Active Directory or Azure Active Directory using CW RMM.

Group of machines where "BitLocker Key Backup" is enabled.

Group of machines where BitLocker Key Backup Failed.

This custom field display the most recent result after pushing the BitLocker recovery keys into AD/AzureAD.

Group of machines where BitLocker Key Backup Successful.

Group of machines where BitLocker Key was not found.

This script verifies whether the device is joined to a domain or Azure AD. For eligible devices, it attempts to back up BitLocker recovery keys to Azure AD or Local AD, depending on the join type. For each drive, it checks for RecoveryPassword protectors and tries to back up the key using the appropriate cmdlet. The output summarizes any failures, including drive letter, key substring, and platform. If all keys are backed up successfully, it reports success. If the device is not domain or Azure AD joined, or the BitLocker module is unavailable, it returns a relevant message. The output is formatted for saving into the CW RMM custom field "BitLocker Key Backup Status".

Stores BitLocker status and key information for all volumes on the device.

The solution outlines the process of auditing BitLocker encryption status and recovery keys using CW RMM with daily scheduled tasks.

This script collects BitLocker encryption details for each drive on the system using the Get-BitLockerVolume cmdlet. It summarizes the protection status, key protector types, encryption percentage, and recovery password (if available). The output is formatted as a single string suitable for saving into the Endpoint-Level custom field "BitLocker Status and Key".

Group of machines where the "BitLocker Status Audit" is enabled.

Group of machines where BitLocker is suspended.

This task is used to run the script to update the Autopilot hash under the Custom Filed.

This compound condition is used to facilitate the automated execution of the script to update the custom field on Windows servers. It ensures the custom field is updated only on eligible systems.

This compound condition is used to facilitate the automated execution of the script to update the custom field on Windows workstations. It ensures the custom field is updated only on eligible systems.

Detects whether the installed Windows OS is a Home edition and updates the NinjaOne custom field with the result.

This field stores the Windows Autopilot hardware hash value.

This group shows machines where Autopilot Hash is not updated.

Controls script execution logic for Network Adapter validation.

Displays whether DHCP is enabled or disabled on the active network adapter.

Displays the DNS server address configured on the active network adapter.

Enable this checkbox to activate weak credential monitoring for the client's domain. The script will run against the client's primary domain controller.

Stores an HTML-formatted inventory of Hyper-V Virtual Hard Disks (VHD/VHDX). Data is populated via the "Audit Hyper-V VHDX" automation script and includes disk paths, allocation types (Dynamic/Fixed), current file size, and fragmentation percentage.

Displays the DNS server address configured on the active network adapter.

Displays all custom fields related to the network adapter, including DHCP status, IP type, and DNS server addresses.

This custom filed is used to show the installed remote applications on the machine

This custom field shows whether Secure Boot is enabled on the device.

Devices with Secure Boot disabled for compliance and security monitoring.

This task checks and records the SecureBoot status on devices, including SecureBoot certificates.

SentinelOne Installation token.

If the S1 Management URL on the endpoint matches the value stored in the NinjaOne custom field, or if there is any discrepancy between the two.

SentinelOne Management Server Url fetched from the Endpoint

This custom field is used show available video output ports on the system (HDMI, DisplayPort, VGA, DVI, etc.). Detect which ports are actively used by connected monitors.

Stores details of weak and duplicate password credentials identified by the "Test Weak Password [Domain]" automation. This field helps track accounts that require password updates to maintain security compliance.

This custom field shows the status of the Windows Secure Boot Database (DB) certificate.

This custom field checks the OS Caption value to determine whether the installed Windows operating system is a home edition. It displays True if the OS name contains Home otherwise it displays False.

This custom field displays the status of the Windows Key Exchange Key (KEK) certificate.

This custom field indicates the current telemetry (diagnostic data) level on Windows. Shows whether Windows telemetry is enabled and its level (Basic, Enhanced, Full)

This Script validate the full version of the OS and compares it with Microsofts database of Windows Cumulative Updates to identify which cumulative update the device has. The data is then formatted and stored in the UDF.

Checks for recent DFS Replication errors or warnings within the last hour and reports the current replication state to identify potential sync or replication issues.

Triggers an alert when any errors are detected in DFS Replication on the server, indicating possible replication failures or issues requiring investigation.

Triggers an alert when any errors are detected in DFS Replication on the server, indicating possible replication failures or issues requiring investigation.

Flag this custom field to exclude the endpoint from "BitLocker Key Backup" solution.

Flag this custom field to exclude the site from "BitLocker Key Backup" solution.

Flag this custom field to exclude the endpoint from the BitLocker Status Audit solution.

Flag this custom field to exclude the site from the BitLocker Status Audit solution.

This document provides a comprehensive guide to automate the installation and update of DUO Authentication for Windows Login, including the necessary custom fields, device groups, and tasks for efficient deployment and auditing.

This document outlines the process for automating the installation and update of the DUO Authentication Security Proxy, including the necessary custom fields, dynamic groups, and tasks for effective management and auditing.

Select Operating System to Enable BitLocker Key Backup. The output of the Key Backup will be saved into the endpoint-level custom field "BitLocker Key Backup Status".

Select the Operating System to Enable BitLocker Status Audit. BitLocker status and recovery key will be stored in the device-level custom field "BitLocker Status and Key".

Select it to enable Windows Hello Audit on the client Machines.

This script performs the checks for the ESU license activation detection.

Stores the result from the ESU Audit script

Select it to exclude site/Endpoint from Windows Hello Audit

This condition ensures that the Enable or Disable Update Windows Deferral script runs on Windows Servers where the current configuration does not match the desired value. The mechanism is controlled through the cPVAL Feature Update Configuration custom field.

This condition ensures that the Enable or Disable Update Windows Deferral script runs on Windows workstations where the current configuration does not match the desired value. The mechanism is controlled through the cPVAL Feature Update Configuration custom field.

This script fetches the device Autopilot Hardware Hash using CIM/WMI from the MDM namespace. Once retrieved, it validates the hash format and updates the cPValAutopilotHash custom field with the value. Must be run with Administrator privileges.

The purpose of the soultion to update the check and update the Autopilot Hash into the Custom filed.

This script identifies remote access tools currently installed on the machine.

This component is used to update the UDF with the leneovo warranty information.

Audits and reports on new SQL-related Windows Updates since the last script run.

This script retrieves whether Windows Hello is enabled on the device and, if so, identifies which authentication method is currently in use.

This guides with creation of view in group to display custom field data or any other data as new column.

Executes "Audit Hyper-V VHDX" script once per day against Hyper-V Hosts.

Retrieves detailed Hyper-V VHD/VHDX information and stores it as an HTML table in a NinjaRMM Custom Field.

The script inventories the endpoint for a curated list of remote access utilities by inspecting uninstall keys, running processes, installed services, and known executable paths. Optional exclusions can be provided through the Datto component parameter ToolsToIgnore. When the OutputUDF parameter is supplied, the detected tool names are saved to the specified Datto UDF that is dedicated to this automation and not shared with other components. All findings are also written to the Datto activity log for auditing purposes.

Retrieves and/or applies IISCrypto current details on the system

This script is used to update the Custom filed with the leneovo warranty end date

This Custom filed is used to show the warranty expiration date of any lenovo machine

This group includes machines where the Windows Hello audit is enabled.

This document outlines the implementation of a solution to collect and display OneDrive sync status information from Windows machines, specifically for Non-SharePoint Linked Sites. It includes associated content for auditing and alerting, as well as a detailed implementation guide and FAQs regarding potential errors in data retrieval.

This solution automates the detection of new SQL-related Windows Updates on SQL servers and generates tickets in CW RMM for the updates found since the last script execution.

This solution is targeted to compute all the patch management automation together for better understanding.

Determines if Windows Server Update Services (WSUS) settings are configured in the registry and identifies if they are managed via Group Policy (GPO). The result is stored in the custom field WSUS_Status.

Determines if Windows Server Update Services (WSUS) settings are configured in the registry and identifies if they are managed via Group Policy (GPO). The result is stored in the custom field WSUS_Status

This document outlines the implementation steps and associated content for the Patching and Cumulative Update Compliance Metrics dataviews in ConnectWise Automate, focusing on Windows computers with managed patch policies and their compliance scores over the past 30 days.

This script automates the remediation of UEFI Secure Boot certificates required for Windows 2026 compliance. It ensures the system has the latest 2023 UEFI certificates (KEK and db) and configures the system for automatic Microsoft-managed UEFI certificate updates.

This solution checks the Secure Boot status and validates the associated certificates. If the system is using older Secure Boot certificates, the custom fields are updated accordingly. If the system is using updated certificates. The custom fields are updated to reflect the compliant status.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026. Microsoft is replacing legacy Secure Boot certificates with updated 2023-era certificates (KEK and DB). Devices that do not contain these updated certificates may be considered at risk once older certificates expire.

This script evaluates whether a Windows device is prepared for the upcoming Microsoft Secure Boot certificate transition scheduled for 2026.

This ticket template configures how a ConnectWise Manage ticket will be generated in response to the SentinelOne Management Console Validation condition.

The script validates whether the SentinelOne Management Server detected on the computer is different from what is set for the Client in NinjaRMM.

This ticket template configures how a ConnectWise Manage ticket will be generated in response to the SentinelOne Management Console Validation condition.

This solution validates whether the SentinelOne Management Server URL detected on endpoints matches the value configured for the client in NinjaRMM, automatically flagging discrepancies and generating remediation tickets.'

This solution monitors servers for SMB1 protocol usage. It enables SMB1 access auditing (if disabled), scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the past hour, and triggers an alert through a compound condition if SMB1 is enabled and any access attempts are detected.

Enables SMB1 access auditing if disabled and scans event logs for recent SMB1 access attempts (Event IDs 1001, 3000) within the last hour. Returns exit codes for detection or script failure.

This Compound Condition creates an alert on Servers with SMB1 Protocol enabled and if SMB1 access attempts (Event IDs 1001, 3000) is detected within the last hour

Group of SQL Servers.

This document explains how to set up and use the Systray Menu as part of your custom NinjaOne site.

NinjaRMM implementation wrapper for the agnostic Test-WeakCredentials script that performs Active Directory password auditing with intelligent alerting and platform-specific data formatting.

This dataview shows the complete detail of the TPM of the Windows machines

Controls the Windows Update deferral configuration for the device, including feature update servicing channel and deferral period. These settings determine when feature updates are made available after release.

This solution is designed to configure the automatic check and update the deferral feature update registries if any mismatch found using the NinjaOne platform.

Detect all available video output ports on the system (HDMI, DisplayPort, VGA, DVI, etc.). Detect which ports are actively used by connected monitors.

Template for creating a CW-Manage ticket from Weak Credentials Monitoring compound conditions.

Runs the "Test Weak Password [Domain]" automation daily on Primary Domain Controllers and creates a CW Manage ticket when a new weak or duplicate password is detected.

This solution monitors Active Directory domains for weak and duplicate passwords, automatically running daily audits on Primary Domain Controllers and generating ConnectWise Manage tickets when new weak credentials are detected.

This contains the list of Windows 10 devices where the ESU is activated.

This contains the list of Windows 10 22H2 machines where the auditing script has not yet executed.

This contains the list of machines where the ESU license detection script failed.

This contains the list of machines where the script detects that the ESU license was not activated.

Group of Windows 10 22H2 machines.

This script applies Extended Security Updates (ESU) license for Windows 10 22H2 systems

The purpose of this solution is to audit Windows Hello on Windows devices. It determines whether Windows Hello is enabled and identifies the authentication method currently in use.

This custom field is populated by the ‘Get Windows Hello Status’ task. It indicates whether Windows Hello is enabled on the device and specifies which Windows Hello method is being used.

Automate role to detect if a Windows agent has telemetry enabled

This document provides a comprehensive guide on how to implement and use the Windows Update Report in ConnectWise Automate for auditing and monitoring installed or available patches on local machines. It includes associated content, implementation steps, and FAQs.

Reads current Windows Update deferral registry values and compares them against Ninja Custom Field desired values. Exits with 1 if drift is detected.

This group contains the agents where the WSUS status is detected as disabled.

This group contains the agents where the WSUS status is detected as enabled.

This group contains the agents where the WSUS status is detected as not configured.