Executive reporting is more than system uptime and ticket counts. For MSPs (Managed Service Providers), it means delivering clear, business-focused insights that help clients understand the value of their service. A quality MSP report translates technical data into easily digestible data that supports executive decision-making.
This guide outlines collecting, formatting, and automating RMM (Remote Monitoring and Management) reports, highlighting critical IT metrics. These include patching, security posture, backup status, system uptime, compliance alignment, and asset lifecycle trends. You’ll learn how to gather this data from various endpoints, including Windows, macOS, and Linux. We will also cover ways to use scripting to enrich data and present IT reports in a clear and intuitive way.
How to build executive-level RMM reports
MSPs need more than generic dashboards and tables to deliver easy-to-consume data that their clients want. Executive-level reports need to combine technical data with clear and relevant insights.
📌 Prerequisites:
- Your RMM platform needs to support data export, scripting, dashboards, and report generation (e.g., NinjaOne).
- Scripting capability via PowerShell, CMD, and Bash for endpoint data collection
- You will need access to performance logs, event logs, update status, BitLocker status, and AV configuration.
- For this task to go seamlessly, you will need to be familiar with compliance or SLA (Service Level Agreement) reporting requirements.
- Optional: You’ll need access to registry or GPO settings for deep compliance visibility.
Method 1: Using PowerShell to collect reporting metrics from Windows
PowerShell gives you full access to system metrics that matter, making it an invaluable tool for creating MSP reports. These include uptime status, security status, and patching history. You can run these scripts directly from your RMM platform, export the data to CSV, and schedule regular runs for consistent reporting.
📌 Use Cases:
- Best for collecting Windows-specific metrics like encryption status, AV health, and patch levels
- Useful for scheduled RMM scripts that generate regular (monthly or quarterly) executive reports
- This will help MSPs prove SLA adherence or regulatory compliance.
📌 Prerequisites:
- An RMM platform that supports script scheduling, file collection, or centralized exports
- Windows endpoints should be running PowerShell 5.1 or later.
- Admin permissions are required to run system-level queries and export a file.
Here are sample PowerShell commands and what they do:
1. System uptime
This command returns the number of hours the system has been running since its last boot. You can use this to track uptime and identify machines that are rarely rebooted.
((Get-Date) - (Get-CimInstance Win32_OperatingSystem).LastBootUpTime).TotalHours
2. Antivirus and firewall status
This command will pull the current status of Windows Defender, including whether the antivirus, real-time protection, and anti-spyware capabilities are up and running.
Get-MpComputerStatus | Select-Object AMServiceEnabled, RealTimeProtectionEnabled, AntispywareEnabled
3. BitLocker encryption
This command checks if drives are encrypted using BitLocker and shows the status of protection per volume. This comes in handy in compliance and data security reports.
Get-BitLockerVolume | Select-Object MountPoint, ProtectionStatus
4. Patch status
This command lists the five most recent patches installed, sorted by date. This will show patch compliance and the number of recent endpoint updates.
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5
5. CSV report
After you’ve collected the metrics, you can then export the data to a CSV file using this PowerShell command:
Export-Csv -Path "C:\Reports\SystemSummary.csv" -NoTypeInformation
This file can then be pulled into a centralized report, formatted, and sent to your stakeholders.
💡 Note: It would be best to use your RMM software to schedule these scripts on a regular basis, like weekly or monthly. You can then store and aggregate the data into MSP reports using programs like Excel, Google Sheets, or whichever tool your organization uses.
Method 2: Utilizing CMD scripts for quick metric capture on Windows
In environments where PowerShell is unavailable, Command Prompt scripts offer an alternative to gathering system information. These can give you metrics like uptime, disk usage, and system specifications.
📌 Use Cases:
- Good for lightweight environments or legacy systems that don’t support PowerShell
- Useful for quick endpoint assessments, especially in onboarding or asset validation
- Can be scheduled through your RMM to collect and centralize logs for monthly reports
📌 Prerequisites:
- Windows endpoints with CMD access and permission to write to local files
- A designated export path (e.g., C:\Reports) where scripts can drop log files
- RMM policy or task to run and collect logs on a schedule
Here are sample CMD commands along with the data they capture:
1. System information
This command captures data like OS version, build number, system uptime, memory, CPU, and patch level. You can use this to verify system specifications.
systeminfo > C:\Reports\sysinfo.txt
2. Disk space summary
This command lists all the logical drives with their total size and free space. This is handy for reporting on storage usage across endpoints.
wmic logicaldisk get caption,freespace,size > C:\Reports\diskspace.txt
3. Uptime check
This command will present the system uptime start date, which you can use to calculate how long the device has been online.
net statistics workstation | findstr "since"
These logs can then be parsed, uploaded, or directly attached to your executive reports. Although CMD outputs are not as structured as those on PowerShell, you can still reformat them so they can provide data to your report. To save the logs as a .txt file, use this command:
systeminfo > C:\Reports\sysinfo.txt
Method 3: Collecting data from Linux/macOS using Bash
Although macOS and Linux systems make up a tiny portion of managed environments, they still need to be part of the reports. To include them, you can use Bash scripts, which can be run using an RMM or on the Terminal.
📌 Use Cases:
- This method is best for mixed environments with Linux and macOS endpoints.
- Bash scripts are useful for reporting on device health, patching activity, and basic compliance.
- Collecting data from Unix systems will eliminate gaps in reporting, especially in environments with mostly Windows endpoints.
📌 Prerequisites:
- You will need to use an RMM platform that uses Bash script deployment on Linux/macOS.
- Your devices need to have Bash shell access and permission to run local scripts.
Here are some Bash commands and what they do:
System uptime
This command will return human-readable system uptime, which you can use to identify reboots or stability issues.
uptime -p
Last patch or update timestamp (Ubuntu/Debian only)
Use this code to see the last time a successful update check was performed. This will validate whether a device is checking in for patching or otherwise.
stat -c %y /var/lib/apt/periodic/update-success-stamp
Disk usage
This command will show the size, used, and unused space on the root partition. It will help you monitor storage health and capacity planning.
df -h /
Firewall status (Linux only)
ufw status
This command will report whether the Uncomplicated Firewall (UFW) service is active. This is a fast way to validate that basic host-level protection is in place.
Once you’ve collected all the needed data, you can redirect these outputs to .log or CSV files for later retrieval using this command:
uptime -p > /var/log/reporting/uptime.log
Method 4: Using the Windows Registry to query the configuration state for compliance
The Windows Registry can be used to confirm if your organization’s security or policy settings are being enforced. For compliance–related MSP reports, you can obtain these values using PowerShell and include them in your endpoint validation and audit output procedures.
📌 Use Cases:
- Verifying endpoint compliance with policies like screen lock timers or encryption status
- Use this method to confirm antivirus and security configurations for regulatory audits
- Supplementing RMM-collected data with deeper, OS-level configuration checks
📌 Prerequisites:
- This will require Windows endpoints with registry access and no restrictions on PowerShell execution.
- Admin permissions to read keys from HKEY_LOCAL_MACHINE/.
Here are sample registry paths you can visit to see whether they comply with your organization’s standards.
Windows Defender real-time protection
A value of 0 in this case means real-time protection is enabled. If it is set to 1, it means real-time scanning is off, which may violate security policies.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
"DisableRealtimeMonitoring"=dword:00000000
Screen lock enforcement
This value will enforce a 15-minute window before the screen locks. This is required in various security and compliance frameworks and will reduce the chances of security breaches and unauthorized access.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop
"ScreenSaveTimeout"="900"
How can I pull these values from PowerShell?
To pull these values via PowerShell, use the following commands:
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection" | Select-Object DisableRealtimeMonitoring
Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop" | Select-Object ScreenSaveTimeout
You can then export these values to a CSV or .txt file and add them to your compliance report using this command:
Get-ItemProperty "HKLM:\SOFTWARE\..." | Export-Csv "C:\Reports\compliance.csv" -NoTypeInformation
Method 5: Enforcing reporting-ready settings using Group Policy
Although Group Policy does not create reports, it ensures your endpoints are logging the right data, ensuring your scripts, tools, and RMM platform can extract it. Your reports might be incomplete without this method.
📌 Use Cases:
- This method ensures all logs and event data are available in all Windows endpoints.
- Supports reporting on patch status, Windows Defender events, BitLocker usage, and user activity
- Standardizes log retention and compliance audit across managed environments
📌 Prerequisites:
- This method requires Active Directory or an RMM with GPO deployment capability.
- You will need access to the Group Policy Management Console or local Group Policy Editor.
- You will need administrative access to modify these policies and enforce them at the domain level.
Here are the following Group Policy paths to configure and what they are for:
Windows Update logging
Track patch events for reporting on compliance and update coverage. Navigate to this path and enable:
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates
Defender logging and audit policies
Log Windows Defender actions (AV events and real-time protection) by enabling:
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Reporting
Be sure to configure the following, too:
- Turn on behavior monitoring
- Monitor file and program activity on your computer
- Enable logging for Microsoft Defender Antivirus
Enable the audit process by going to this path:
Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration > System Audit Policies > Detailed Tracking > Audit Process Creation
Double-click Audit Process Creation and check Configure the following audit events. Select Success (you can check Failure as well if you want to track failed attempts), then click Ok.
BitLocker auditing
To track BitLocker usage and ensure encryption actions are logged, travel to this path:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption
Then, enable the following:
- “Choose how BitLocker-protected operating system drives can be recovered.”
- “Configure use of passwords for operating system drives.”
Next, configure these audit policies according to your organization’s needs:
- Advanced Audit Policy Configuration > Object Access > Audit Removable Storage
- Advanced Audit Policy Configuration > Object Access > Audit File System
Event log retention and sizing
To prevent logs from being overwritten, while also ensuring historical data is available for reports, head to this GPO path:
Computer Configuration > Administrative Templates > Windows Components > Event Log Service
Next, go into each of the subfolders:
- Application
- Security
- Setup
- System
And configure these two settings:
- Specify the maximum log file size – Set it to 32 MB or more to stop important logs from being overwritten quickly. It ensures data sticks around long enough for reporting audits, or RMM collection.
- Retention method for log files – You can set it to “Overwrite events as needed” or “Archive the log when full” depending on your organization’s needs.
Method 6: Preparing data for executive presentation
Let’s say you have all the data. The final step is to normalize and format that data into a clear report for executive presentation. It’s important to remember that executives don’t need technical data – they need information presented in short summaries that show how the information gathered will impact their business.
📌 Use cases:
- Useful for generating monthly or quarterly summaries for clients
- Gathering technical metrics into a format understandable to your clients
- Give clients an idea of how valuable an MSP is through uptime, resolution speed, and compliance coverage.
📌 Prerequisites:
- All the data gathered from earlier methods
- Access to important tools like Excel, Google Sheets, and PowerPoint for presentations
- A clear yet comprehensive understanding of your client’s SLA or compliance targets
When formatting your reports, use file formats that match how you will present the data:
- CSV – Good for internal analysis or dashboard input.
- PDF – Clean and professional. Excellent option for executive review.
- HTML dashboards – Ideal for real-time access to live metrics.
- Charts – You can use Excel or Google Sheets to convert CSV data into easy-to-understand visual charts.
We recommend including the following KPIs in your report:
- Total endpoints under management
- Percentage of devices patched in the last 30 days
- Percentage with antivirus enabled and up to date
- Percentage of devices with disk encryption enabled
- Number of open tickets and average resolution time
- Uptime SLA achievement (actual vs. target)
⚠️ Things to look out for
| Risks | Potential Consequences | Reversals |
| PowerShell scripts are not working | There will be missing or incomplete data in your report. | Test the script on one device first to make sure it works. |
| Event logs are too small or overwrite too fast | Audit data unavailable or incomplete for monthly reports | Increase log file size to 32 MB or more. |
| Report formatting is hard to understand | Stakeholders may misinterpret the data. | Use a standardized reporting template and be sure to explain key highlights in a way that is understandable to non-technical audiences. |
| Scripts run successfully, but collect no data at all | Your reports and script outputs may end up blank or may be missing sections. | Ensure that your scripts are run by an account with elevated permissions. |
Additional considerations when building custom RMM reports
Custom reports aren’t only about the data and its implications. They need to be accurate, professional-looking, and tailored to your business-oriented audience.
Time zones and site filters
Ensure relevance and clarity by breaking down data by client, location, or business unit. This will give your reports context and point out which sites are falling behind, responding slowly to problem resolution, and where further improvements are necessary.
Automate your report generation
Set up and schedule report generation on a monthly or quarterly basis using your RMM. This will make this task quicker and easier, avoiding manual work while maintaining consistency. However, be sure to constantly monitor outputs and make tweaks whenever necessary.
Branding and professionalism
Be sure to include client logos, names, and contact details in your report templates. This will polish your reports and help your clients understand the data.
Security and confidentiality
Report files should be secured both when in the clients’ hands and in your system. Incorporate protections like PDF passwords or include access permissions for those who can view or modify the data.
Compare current metrics with older data
Be sure to include comparisons to metrics in the prior months. This will highlight trends and show progress over time.
Troubleshooting issues in RMM report creation
Missing data
Be sure that scripts have the appropriate permissions and that file paths and registry keys (especially in Method 4) exist or have been created.
Formatting errors
Test your CSV or .txt exports before importing into Excel or other tools to make sure headers and delimiters are consistent.
Inconsistent OS data
Your scripts might be trying to run the wrong commands on the wrong device. For example, a Windows script will not work on Linux. Be sure to verify the device’s operating system before using the command.
Export failure
If the export fails, the script may not have permission to save the file. Fix it by ensuring the folder exists, the device can write to it, and the script is set to show errors if something goes wrong.
How NinjaOne can help build RMM reports
NinjaOne has MSP reporting tools that can help you create and manage executive-level RMM reports.
| What can NinjaOne do? | What it is | How does it help with building executive-level RMM reports? |
| Automated Reports | Schedule recurring client-ready summaries, including patching, ticketing, and system health. | This simplifies report creation by allowing MSPs to automate recurring, client-ready summaries that include key metrics. |
| Custom Scripting | You can deploy cross-platform scripts to gather metrics across Windows, Linux, and macOS. See NinjaOne’s Script Hub for sample scripts. | This will help you collect detailed, real-time metrics from any operating system to add context to executive reports with endpoint-specific data. |
| Data Aggregation | You can consolidate data from multiple endpoints and display it via a dashboard or export it to a file. | You can combine metrics from multiple endpoints into a single view for export or dashboard reporting, making it easier for you to gather and interpret the data. |
| Branding Options | You can easily customize reports with MSP and client branding for professional delivery. | This will improve presentation and reinforce professionalism. |
| Alert and SLA Metrics | NinjaOne includes incident resolution time, ticket count, and response SLA adherence in reports. | This tracks resolution time, ticket counts, and SLA data to give executives clear visibility into service delivery and response performance. |
| Export Options | You can export files using various formats, like CSV, PDF, HTML, and integrations with Professional Services Automation (PSA) systems. | Helps you create reports that can be delivered in a format your partners prefer or require. |
Deliver detailed and comprehensive executive-ready MSP reports
MSP reports are essential for demonstrating MSP performance and a great way to show clients that systems are healthy, secure, and comply with service-level agreements. They provide a clear summary of performance. You can obtain data through various means, like using scripts to gather metrics, validating settings via registry or GPO, and obtaining critical items like encryption and patching.
When built correctly and seamlessly, these reports will help you give the clients the visibility and transparency they want and see the value of your service.
Related topics:
