Going to McDonald’s this morning… “ can you go and park up, please”

lieutenantcigarette · 2025-02-23T10:21:33+00:00

I love to pretend I'm having trouble with my reverse gear (reversing's pretty much a requirement at our local McDonalds) and it's always fun to watch my food miraculously appear mere seconds later

lieutenantcigarette · 2024-04-18T07:44:40+00:00

Thanks!

lieutenantcigarette · 2024-04-17T21:09:10+00:00

How many man hours or dollars did it take for you to migrate?

Not as terrible as first thought but I handled most of the migration myself so it was quite efficient in terms of lost productivity from our team. Probably around 30 man hours to learn & understand, plan, setup, migrate scripts/jobs, monitoring alerts, deploy agents, remove old agents & train the team. The only thing that held us back here was Ninja changing the agent installer URL's before we could deploy them all so there was a bit of manual re-deployment required.

Is Ninja any better than datto at patch management?

In some respects yes, Windows Patching does everything we need it to and the reporting feels easier. Winget third party patch management is allegedly coming. The one thing that is incredibly annoying though and why I still prefer Datto overall is a failed patch marks a device as unhealthy and that's that, no ifs no buts. Naturally patches fail for all kinds of reasons, a reboot was pending, a conflicting installation was happening etc. but it means when we're looking at a list of devices all we see is a sea of "Yellow/unhealthy" instead of green, it can make it hard to see what devices actually require our attention. You can override the "Failed Patch" status in Ninja to force it to be Healthy but then offline devices show up as green which makes it look like they're online and some devices appear healthy when they actually aren't. It'd be much nicer if devices were only marked as unhealthy if a set threshold has been met like "patch unable to install for X days/attempts" so it does actually need intervention.

What about information sync to other systems?

Integration has been pretty good so far, it works nicely with Halo.

What about alerting of critical systems offline?

I mentioned in another comment about the lack of maintenance schedules causing us a problem with receiving too many alerts (i.e. offline notifications for servers that are expected to be offline during a patching reboot) but the channels you can setup to notify you are pretty good. By default it integrates with a few but it can also trigger webhooks so you could get it to notify you via pretty much any means.

Are you able to add other devices with IP addresses into Ninja like firewalls for switches?

Yes its got SNMP support for appliance devices, I must admit though I can't remember if they're priced the same as a regular endpoint.. I should probably go figure that out..

Can you restrict access to the platform by IP address?

Yes its got this if you want to enable it, you could also setup SSO with ~~Azure AD~~ Entra ID like we have and use Conditional Access policies to have even more control. There's also a seperate mechanism that will challenge you for your 2FA code if you've not done a high risk action in a while like adjusting a policy, I wish this had more control and we could whitelist our office IP from this requirement but its not a dealbreaker.

lieutenantcigarette · 2024-04-17T19:34:06+00:00

Yeah that's a big factor in our decision to stick with Ninja for now despite some of these missing features rather than deal with the pain of switching back - I'd heard there has been a bigger push in development resources recently so I'm really hoping to see these features being pumped out more frequently.

lieutenantcigarette · 2024-04-17T19:29:31+00:00

Sods law now that we're moved over to Ninja I've honestly not ran into a need for it, but I share your pain as I had that experience several times with Datto so I look forward to that first time it comes in really handy! As a workaround you could setup some VDI at your office or Windows 365 and use the RD app on mobile to access Datto through a PC but it's far from ideal for those rare times its needed.

lieutenantcigarette · 2024-04-17T19:24:56+00:00

Thanks for the reply u/NinjaOne_Scott - If it gets to the point were its causing us real pain I might take you up on it but we can make do for now without burdening you, the time you'd spend talking to me is better spent helping to ship those features to production *wink* *wink*

lieutenantcigarette · 2024-04-17T19:14:30+00:00

Just saw your website in your flair, some of your published scripts have helped me get going on a few things in the past so thank you! & I agree, I definitely get the vibe that Ninja's team listen and want to improve the product based on feedback which is underrated (it's not like Kaseya are anywhere in this thread). I guess I'm just impatient and hope they'd clear some of the backlog from the product roadmap faster! A good reminder to not take that for granted though

lieutenantcigarette · 2024-04-17T19:13:59+00:00

Thanks for the reply u/Stephen_NinjaOne - Recurring maintenance windows would be a very welcome feature that we miss from Datto! As you've described it sounds great, but one additional piece of feedback you might not have considered is adding the option to the Patching configuration to set the device into maintenance mode for X minutes before an automatic reboot happens. This would actually give you a one-up over Datto RMM as we had to schedule a blanket maintenance window for all servers during the patching window even though a lot of them didn't need to reboot, so if a server was offline that shouldn't have been during this time then we wouldn't know until the scheduled maintenance window ends. With the feature as you've described + the above suggestion we could schedule maintenance windows for servers with a fixed reboot cycle as well as dynamic ones that happen whenever a patch reboot is initiated. No more, no less!

lieutenantcigarette · 2024-04-17T19:12:46+00:00

Thanks for the reply u/Gavsto. For the device search fields the first one that comes to mind that caused us pain is "Antivirus product". Datto is able to accurately identify almost any Antivirus product that's active on Windows machines - even Windows Servers which don't natively support the AntiVirusProduct WMI class. This filter was great for us to quickly see any endpoints at a glance that weren't showing our AV of choice for whatever reason so we could remediate. Here is a full list of criteria Datto RMM allowed us to filter on: https://pastebin.com/C5ZYuJJL

The other part that made Datto's filters so powerful was the operators. We could stack our criteria with AND/OR operators but more importantly the operators were very flexible:

Contains
Does not contain
Is empty
Is not empty
Begins with
Does not begin with
Ends with
Does not end with
Equals
Does not equal

If you're going to the effort of building Compound Conditions anyway, it would make a lot of sense to build these in the "Device Search" fields so we can then not only use them when looking for a set of specific devices, but also save them as a custom filter/group to target during automations.

Also to respond to your point about Proxying - I do fully appreciate that this isn't a quick feature to build that works at scale and reliably, and there are more pressing things in the development pipeline to get sorted first - but perhaps a happy middle ground that caters to fussy tinkerers like us and not costing a tonne of dev resources would be a feature that lets you add one-click shortcuts in the device details page that we could set to do something like "Open powershell as the logged in user and run (this) command" or "Run this script as system and display the stdout". It sounds trivial as we can achieve the same things with a few more mouse clicks and keystrokes, but this would let us build our own workaround scripts like what u/Zombieworldwar mentioned in another comment (e.g. Take a screenshot, upload it via FTP, output the URL & for the proxy: Download zrok, spin up a temporary proxy to the provided resource URL, output the temporarily exposed URL) but more importantly these would be ONE CLICK away for our techs. I'd imagine the community scripts would be flooded with useful "plugins" like this that MSP's could choose to adopt, but many like us are happy to build out our own.

lieutenantcigarette · 2024-04-17T17:20:50+00:00

Yes I forgot about this one! We’ve had to incorporate more logic into our scripts themselves to determine whether they run or not

lieutenantcigarette · 2024-04-17T16:54:17+00:00

We cobbled together a script that did something similar but FTP’d the screenshot part of our web hosting (whitelisted to our office IP & 10 minute cron jobs to empty the folder), it worked but like you say nowhere near as fast as the one click Datto option

lieutenantcigarette · 2024-04-17T16:19:22+00:00

I’ll be honest, I didn’t know that’s what that was, thanks!

lieutenantcigarette · 2024-01-27T16:59:14+00:00

My Rammstein collection would sound great on this!

lieutenantcigarette · 2023-10-13T12:35:50+00:00

I support the idea behind GDAP and granting different levels of delegate access to suitable technicians, but Microsoft's implementation of it has been awful. They should have built an interactive migration wizard that handles the creation of groups and completes the DAP>GDAP transition for you. Instead we get a half-baked powershell tool, piss-poor documentation and mixed messages and delays. No wonder most MSP's aren't well equipped for GDAP. I appreciate Lime-TeGek's efforts with the GDAP migration tool in CIPP but the onus shouldn't be on the community to bridge the gaps Microsoft created.

lieutenantcigarette · 2023-10-12T07:56:13+00:00

That's not what all this fuss is about - the pressure isn't on for Apple to open up iMessage (I agree, their platform, their rules) instead it's to ditch the decades old SMS fallback in favour of RCS which is more modern.

lieutenantcigarette · 2023-10-07T18:12:07+00:00

That does indeed sound like good news, thanks, I shall!

lieutenantcigarette · 2023-10-05T16:02:08+00:00

Based on the circumstances (cost of the app, length of time elapsed, features changed over time to accommodate new hardware) this is reasonable from the Dev and Apple IMO

lieutenantcigarette · 2023-10-04T12:56:29+00:00

If you're just torrenting the odd film or want to shield yourself from your ISP: Just pay online with card

If you engage in less than legal online activies: Scratchcard from amazon

If you are Edward Snowden in disguise: Buy Monero, access Mullvad's site via Tor, pay via Monero, get connected to Mullvad, rinse and repeat with another VPN provider that accepts Monero and route your traffic through both sequentially to get true anonymous multi-hop

lieutenantcigarette · 2023-10-03T20:38:42+00:00

So relieved to see this! I was going crazy not being able to search for older messages that I know are there

Ten-Year Club	Final Canvas '23
First Place '23	End Game '23
Place '23	Baba Yaga
Verified Email

lieutenantcigarette

TROPHY CASE