Topic
This article discusses software management in NinjaOne.
Environment
NinjaOne Endpoint Management
Description
This guide provides an overview of the software management functionality available in NinjaOne and the methods to install and uninstall applications and enforce software compliance.
Index
- Introduction
- Creating a software inventory
- Automating software installation with NinjaOne
- Enforcing software requirements with NinjaOne
- Using credentials to improve software install rates
- Install Automation
Introduction
For security-conscious businesses, end users rarely have application management permissions and must rely on technicians to install, uninstall, and patch their applications.
From enterprise-wide software deployments to ad hoc application requests from end users, software management can generate a significant number of tickets that divert technicians from more strategic tasks.
NinjaOne helps improve security and compliance across Windows, Mac, and Linux endpoints while saving technicians time by providing robust ad-hoc, automated, and mass software management capabilities.
Creating a Software Inventory
NinjaOne automatically collects a complete software inventory for all managed devices. You get a comprehensive list of all software installed in your environment, including which devices it is installed on and critical software details, including version numbers and installation dates.
Software Deployment Methods in NinjaOne
Built-in Packages
Natively deploy and patch 40+ third-party applications from publishers, including Google and Microsoft.
Native Deployment Workflow
Easily host and deploy any Microsoft installer or extension application package through NinjaOne.
Custom Scripts
Create custom application deployment scripts for Windows, macOS, and Linux.
Remote Control
Take 1:1 control of endpoints for complex application deployments and install applications directly.
Uninstalling Software with NinjaOne
Software Inventory
Any application that supports silent uninstall can be uninstalled at the click of a button via NinjaOne's
built-in software inventory.
Custom Scripts
NinjaOne allows you to create custom application uninstallation scripts for Windows, Mac, and Linux.
Remote Control
Take 1:1 control of endpoints and uninstall applications directly for complex application removal.
Automating Software Installation with NinjaOne
Mass Deploying and Patching Built-in Software Packages
NinjaOne includes 40+ application packages that can be automatically deployed to Windows endpoints via policies and over 100 that can be automatically patched. These applications will deploy silently in the background without end-user intervention.
Deploying built-in third-party applications via policies:
- Navigate to a policy and select the Software tab.
Enable software management and choose your scan, update, and reboot options.
Scanning only identifies available patches. Updating installs the application (if missing) and applies patches.- Select the Products tab.
Click Add products and select all the applications you want to install or patch.
By default, applications will not automatically install.- Click Save.
- Select all applications you wish to install and automatically set the Install field to Yes.
Deploying Software Through Installer Scripts
NinjaOne's built-in Application Installation script allows you to install a Microsoft installer or extension application on Windows servers, workstations, and laptops. The installer must allow silent installation to be deployed using this method. The Application Installation script can be run ad hoc, as a policy-scheduled automation, or as a scheduled task.
Mass Deploying Software Through Scheduled Automations (Custom Script)
NinjaOne allows you to create custom scripts in PowerShell, ShellScript, Batch, VBScript, and JavaScript that you can use to deploy almost any application to Windows, Mac, or Linux endpoints at a time and date.
Deploying built-in third-party applications via policies:
- Write your custom application deployment script and add it to your saved scripts.
- Navigate to a policy and select the Scheduled Automations tab.
- Click Add a Scheduled Automation and fill in the name and description fields.
Click Add in the Automations section of the modal.
You can deploy multiple applications with a single scheduled script. Applications will deploy simultaneously in the order listed in the script.- Choose the custom script you've created.
- Select which user should be used to install the application.
- Click Apply.
Schedule your deployment.
Software installations should generally use the Run Once or Run Once Immediately schedule options. Run Once allows you to deploy an application at a future date and time. It runs exactly once. Run Once immediately runs as soon as the policy is saved and will run against all endpoints added to the policy at a future date.
Mass Deploying Software with Scheduled Tasks
Scheduled tasks can be used alongside the Native Deployment Workflow or Custom Scripts to mass-deploy applications as one-off tasks or across device roles.
- Navigate to Administration and then to Tasks.
- Click New Task.
Give the task a name and description, and set the schedule.
To run a software deployment task only once, set the Ends field to After and Occurrences to 1.- Click Add Automation and select the application script you want to run.
- Navigate to the Targets tab.
- Click Add.
Select the organizations, devices, or groups you want to target.
You can create a dynamic group of endpoints without software installed by using the Search and Groups functions in NinjaOne and applying the scheduled task to this group.- Click Apply.
- Click Save.
Enforcing Software Requirements
NinjaOne allows you to enforce the requirement for a specific software on an endpoint by using conditional monitoring. This process checks for the absence of software continuously and installs the application whenever it is not detected. Whether the software was never installed or uninstalled by the end user, this process ensures endpoints comply with software requirements.
- Navigate to a policy and select the Conditions tab.
- Click Add a condition.
- Click Select a condition.
- Select the "Software" condition from the drop-down menu.
- Set Presence to "Doesn't exist."
Type the application name in the Name field and then click Apply.
The name field exactly matches the application name. Wildcard characters (*chrome*) can improve match rates.Add a display name, reset interval, and set your notifications and ticketing preferences.
The reset interval should be at least 20 minutes to avoid the condition triggering frequently and attempting to install the application via script while the script is still installing.- Click Add in the Automations section of the modal.
- Select your application installation script.
- Click Add.
Blocklist Software
You can use NinjaOne to either send notifications of unapproved software installations or detect unapproved software and attempt to install it.
Creating an alert for prohibited software:
- Navigate to a policy and select the Conditions tab.
- Click Add a condition.
- Click Select a condition.
- Select the "Software" condition.
- Set Presence to "Exists."
Add the name of the application you want to blocklist to the Names field.
The name field exactly matches the application name. You can use wildcard characters (*chrome*) to improve match rates.- Click Apply.
- Set the Notifications field to "Send notifications."
- Click Add.
Automatically uninstalling prohibited software:
- Create a custom script to uninstall the prohibited software.
- Follow the steps above.
- Click Add Automation.
- Select your uninstall script.
- Click Apply.
- Click Add.
Using Credentials to Improve Software Install Rates
By default, NinjaOne automations run with system-level privileges or as the logged-in user, and so they do not have access to domain or administrative resources. If an endpoint has been locked down, installing software may require administrative credentials, which are stored at the organization level.
Adding credentials
- Navigate to the organization at which you want to add a credential.
- Click the Credentials tab.
- Click Add Credential.
- Give the credential a name, domain (if applicable), username, and password.
- Click Add.
Automatically injecting credentials
- From the Credentials tab, click the Defaults tab.
- Set the Mac Script, Linux Script, Windows Script Local Admin, Windows Script Domain Admin, and Windows 3rd Party Patching Preferred Credentials to your preferred credentials.
Using ad hoc credentials
When setting up a software installation script (native or custom), set the Run As field to your preferred credentials.
Install Automation
When a file upload or URL ending in .msi is provided in the software install automation, an infobox will appear: "NinjaOne has detected this is an MSI file; it will be executed with <default switches> automatically."
If you add a file upload URL that is not .msi, including where there is no extension in a URL, the following message callout will display: "If you intend to run this installer silently, you may need to enter the appropriate command-line arguments." Neither of these callboxes will appear until a URL or file is added. You can install files over 1 GB in size by using the URL method in the software repository.
You can use URLs in the software that do not end in .exe or. mxi or .pkg or .dmg, and can instead use vanity URLs or redirections to the latest version (when using the app automation installation component)
After submitting the installer, the dialog box reads that we are "malware screening" the installer when we are not. We are changing this message to "Automation processing: Your file has been submitted for processing."