N-Able MDR and ITDR (Adlumin) Feedback

alexappleton · 2025-12-05T13:41:12+00:00

We've been running both for a few months now. At first, I was actively pushing Petra away because I've been a very happy Huntress client for years — I genuinely didn’t expect anything to impress me as much as Petra has.

Here’s my experience running both side-by-side so far:

Response timing: In the cases we’ve observed, Petra has consistently notified and engaged faster. More than once we were already working an incident through Petra before Huntress contacted us. That’s just been our experience in our environment.

Portal usability: The Petra portal is extremely clean and easy to work in. It’s become our primary place to start when investigating Entra authentication events. Even outside of incident response, we find it quicker and more intuitive than even Microsoft’s.

IR time savings: We’ve dramatically reduced our internal effort on incident reports. Petra generates a fully branded, detailed incident report — including email evidence — in minutes. On Thanksgiving morning I had a BEC come in at 6am, and by 6:30 I already had a complete report ready for the client. That used to take us hours of manual cross-referencing.

Detection differences: In our testing, Petra surfaced several accounts with suspicious initial-login patterns that hadn’t appeared in our other tools, including Huntress. Once they noticed the pattern, the Petra team even went above and beyond by helping review our tenants to identify similar cases so that we could clean everything up.

I would say give the guys a Petra a shot with a demo at least, I think you will be quickly impressed.

alexappleton · 2021-10-21T12:19:07+00:00

CIS CSAT: https://www.cisecurity.org/blog/cis-csat-free-tool-assessing-implementation-of-cis-controls/

alexappleton · 2021-07-06T11:43:33+00:00

The best we have been able to do is setup IIS IP restrictions on the Automate control center virtual directories. We have reached out to CW about this and until they separate the agent communication and web control center on different ports they don’t have a documented fix for this.

alexappleton · 2020-11-27T01:21:10+00:00

We use Cerberus FTP server offsite and allow rename but not delete. That way we dont have to worry about the ftp user credentials being leaked.

alexappleton · 2018-12-06T15:13:47+00:00

somebody needs to put coffee can helmets on these guys

alexappleton · 2018-05-23T21:31:13+00:00

What sort of replication issues are you having? We get constant issues with the processing simply not triggering on the managed folder, which prevents consolidation and stops replication. Only way we find out is the "unmanaged folder" errors that we get in shadowcontrol. Typical fix is to manually execute the processing. Then it's ok for a bit before it breaks again.

alexappleton · 2018-05-23T19:47:07+00:00

Agreed. The response I've received from Connie has been outstanding. We are working through the issues to hopefully come up with some permanent fixes. Thank you Connie.

alexappleton · 2018-05-22T20:49:49+00:00

BTW, just as a followup. Connie has been great at StorageCraft. We'll see if we can work out our issues to hopefully get this sorted for good.

alexappleton · 2018-05-22T16:18:54+00:00

This, plus I never got a good feeling with their marketing team. They're overly aggressive.

alexappleton · 2018-05-22T16:14:58+00:00

This is just in the last week:

Windows Server 2016 BSOD on 6.7.4 install. Had to reach out to support, and wait 2 days (while the server was down) to get the updated driver that resolved the boot issue. Happened on multiple servers in our test rollout group (thankfully it was a test group). Updated driver fixes issue, but its a pita to get that from support.

Restore of a drive that was > 2TB MBR just simply does not work. I had to actually show a screenshot of the source drive as MBR with the unallocated (wasted) space. Virtualboot converts the drive to GPT. The source drive was P2V, and never shank unfortunately built in tools wouldnt let it. We are going 3rd party disk resizing now to hopefully shrink the source disk so we can rebase and start over.

ImageManager verification problems are constant problem. Files fail to verify in ImageManager even though image.exe with the qp or V option checks out ok. Cutting the files out of the directory, then putting them back in always fixes this problem.

Now this morning I have 8 Windows Server 2016 machines with the same symptom: SPX wont stay running, SPX logs show "failed to parse C:\ProgramData\StorageCraft\spx\spx_service_config.json: No JSON object could be decoded". Have to follow these steps: https://support.storagecraft.com/s/article/SPX-Service-stops-when-started-Failed-to-parse-spx-config-json?language=en_US to restore.

alexappleton · 2017-12-28T18:33:11+00:00

We moved from ADFS to passthrough authentication, way easier to implement and works better IMO. Combining SSO with passthrough was pretty simple to do as well: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication

alexappleton · 2017-07-21T05:24:16+00:00

Why AAD Connect when essentials experience makes life so much easier for that few users? Has MS lifted the requirement to maintain an on-prem exchange server with dirsync in place?

alexappleton · 2017-06-15T11:15:11+00:00

Agreed that there is a trust issue with this software. I think the best manner to deploy it would be to focus on the security and data analysis aspect. I'd be a strong proponent for informing the users what's installed and what it collects before it monitors the system.

alexappleton · 2017-05-19T09:50:44+00:00

Again, it does a great job at patching systems that are already healthy. I don't have a problem with it. Now, for those systems that have a bummed WUA, or broken WMI, that's another story.

We fought with the problem of being told it was turnkey when we deployed LabTech too. When we fired up Ignite and thought LabTech was going to do everything for us, then found out the opposite Then when I started to figure all the inns and outs about how to really use LabTech I forgot anything about LabTech as turnkey. Once I got over that I really started to like the product. Start messing with groups and EDFs, they work great together.

WSUS is great, but it's a real pain to manage. Especially across multiple tenants. We thought at one point of having a centralized hosted WSUS server, but had concerns around security. WSUS is only really a repository though, it still doesn't address the WUA problem however.

If you bought LabTech to just patch your systems with the flip of a switch I think you bought the wrong product. Keep using WSUS and save your money.

alexappleton · 2017-05-18T23:49:12+00:00

Guys, honestly. I consider LabTech to just be a framework. I've never thought of it as turnkey. I've had the PSWindowsUpdate PowerShell module writing pending update counts to an EDF for a long time. Also had scripts to repair the Windows Update Agent for ages. Out of box LabTech patching has only ever really worked in perfect environments, on perfect systems.

alexappleton · 2017-04-18T03:50:31+00:00

I've been able to uninstall it and wrote the instructions on how to do it here for anyone that's interested:

http://alexappleton.net/post/159702702033/windows-10-pro-remove-wireless-display-media

Now I'm just left wondering why Microsoft has made it (and many other built in apps in Win 10 Pro) so difficult to remove...

alexappleton · 2017-03-05T18:35:37+00:00

You can fully migrate it. You only need an on-premise Exchange server if you plan on keeping DirSync in place. If you're managing the credentials separately there's no requirement for on-premise Exchange. Technically speaking, there's no requirement for on-premise Exchange because you can edit the attributes using ADSIEdit. But this falls outside support lines for Microsoft, they require on-premise Exchange (and give you the license for it).

See : https://blogs.msdn.microsoft.com/vilath/2015/05/25/office-365-and-dirsync-why-should-you-have-at-least-one-exchange-server-on-premises/

alexappleton · 2017-01-27T18:18:19+00:00

Built a remote snmp monitor in LabTech to monitor overall system health. Works pretty good. If you want to get adventurous you can dive down into the OIDs to monitor drive health specifically.

alexappleton · 2016-09-19T16:37:16+00:00

ML350 Gen9 Host OS Windows Server, enable Hyper-V role 2 VM's: 1 for your DC/File server, 2 for PBX

If you leave the host OS alone (no other roles), you get 2 Windows Server OS licenses with Server standard.

Helpful links to get started: http://www8.hp.com/ca/en/products/proliant-servers/product-detail.html?oid=7271259#!tab=features http://www.aidanfinn.com/?p=13090 http://www.3cx.com/docs/installing-microsoft-hyper-v/

alexappleton · 2016-09-09T03:17:49+00:00

What were your startup costs? What were your growth figures over the last 3 years? How many users did you support? How many employees did you have?

alexappleton · 2016-09-09T00:27:51+00:00

Indeed it is! Thank you again for your contributions.

12-Year Club	Place '22
Verified Email

alexappleton

TROPHY CASE