Five Things You Might Not Know About N‑central

As the saying goes, “You don’t know what you don’t know”. So, in this blog, I’m going to look at five things in N‑central  that you might not know exactly how they work—or you might not know about them at all.

1. Patch management maintenance windows

Based on the numerous calls I’ve had over the years with N‑able partners and prospects evaluating N‑central, of all the settings in N‑central, patch management maintenance windows have to be the most misunderstood.  

• Some people think that if a maintenance window lasts for 60 minutes, it will stop when that time elapses.  
• Some of the people that know the maintenance windows will run for as long as is needed think that if you set the maintenance window to 60 minutes, the start time will be randomised within that period. 

In fact, the correct answer is that maintenance windows will almost always trigger at their set start time if the device being updated is online. N‑central agents check in all the time and as soon as they see they are in a maintenance window, it’s triggered. It’s important to note a device will only trigger the maintenance window once. If a device starts updating for maintenance, gets interrupted (say with a reboot), and then comes back up during the maintenance, it won’t re-trigger.

The main benefit to extending how long the maintenance windows should last for is evident if you have numerous devices come online over a set period of time as it allows for updates to be completed without being curtailed. Also, if you force users to reboot in the maintenance window, having longer windows will give the user more flexibility as to when the reboot happens.

2. You can modify the Patch Status v2 service to only monitor the categories of patches you choose to install

In some cases, your service level agreements will only require you to install critical and security updates from Microsoft. For some partners that do that today, they still see a lot of Patch Status v2 warnings or failures; often this can be as a result of not editing the Patch Status v2 service to reflect what categories of patches you are installing. If you only install selected categories but have the monitoring service report on everything, you won’t get an accurate picture as to how patching is performing in your environment. You will need to edit the Patch Status v2 service in your service templates so that you only report on the Patch Classifications you install and set the Patch Priority for any classifications you don’t install to ‘Not Monitored’.

3. Using the probe as a cache for third-party software/file transfers

I think it’s safe to say that most N‑central users know the probe acts as a caching location for patches, but did you know it can also cache file transfers and third-party software deployments? It doesn’t happen by default though, so if you have a file that you need to transfer to multiple devices or an application you need to deploy, when creating the task in N‑central, click on the Task Handler tab and choose Use Probe Only. N‑central will then transfer the file or installer to the probe first then distribute from the probe to the devices that you have targeted. This can save time and bandwidth particularly when you are transferring larger files or installing applications with larger installers. The cache location on the probe is separate to the patch cache repository and can’t be changed, you’ll find it located at C:\Program Files (x86)\N‑able Technologies\Windows Software Probe\cache  

4. AV Defender’s Scan Vaccine Tool

Next on our list is the AV Defender Scan Vaccine tool. This is an item that was added to N‑central a few years ago. For newer N‑central users you’ll be happy to know that this feature is enabled by default in all default AV Defender profiles, but if you’ve been using N‑central for a while you might want to check to ensure it’s enabled in the AV Defender profiles you use.

The tool itself is an anti-ransomware vaccine that protects against known and possible future versions of crypto ransomware families such as CTB-Locker, Locky, and TeslaCrypt. The vaccine tool works by exploiting flaws in how the ransomware spreads.

To ensure it’s enabled in your AV Defender profiles, open each of the profiles you use, then in the General Settings section, click on View Settings, then Advanced and ensure the Enable Scan Vaccine option is selected.

5. Changing your N‑central users password complexity (self-hosted only)

The last item on the list, for today at least, is just for N‑central partners that host their own instance of N‑central. Security is so critical in this day and age, and having complex password polices in place will strengthen access to your N‑central server. If you want to edit the user account password requirements in N‑central, log into N‑central at the System level, go to Administration>User Management and click on Password Settings—there you can adjust the complexity rules that you require for your users that access your N‑central server.

These are just some examples of areas within N‑central of which partners and prospects are not fully aware. If you are reading this and have questions about anything here, why not join me on the N‑central office hours at www.n-able.com/events or reach out to me directly at [email protected].

Paul Kelly is the Head Nerd at N‑able. You can follow him on Twitter at @HeadNerdPaul, LinkedIn and Reddit at u/Paul _Kelly