NinjaOne Field Guide for Windows End-User Support
A practical reference for day-to-day work on Windows desktops and laptops. Covers remote support, MDVA Infrastructure automations, application installs, and common troubleshooting tools.
Console |
us2.ninjarmm.com |
Remote tool |
NinjaOne Remote |
Script category |
MDVA Infrastructure |
Primary OS scope |
Windows Desktop/Laptop |
1. Quick Reference — The 10 Most Common Tasks
Start here. Everything below is explained in more detail in later sections.
I need to… |
Where to go |
Notes |
Find a device |
Left nav → Devices → search by hostname or user |
Search also matches serial number and logged-in user |
Remote into a user's screen |
Device Overview → NinjaOne Remote icon (top right) |
User sees the session. Use when you need to show them something. |
Fix something without disturbing the user |
Device Overview → arrow next to NinjaOne Remote → Connect in Background Mode |
Silent. Separate SYSTEM desktop. MFA prompt required. |
Run a PowerShell command quickly |
Device Overview → Run (▶) → pick script, or use Background Mode terminal |
See Section 4 for the MDVA script library |
Install Chrome / ACO / ExacqVision |
Device Overview → Run → Install application → pick installer |
These are pre-packaged in the library |
Clear temp files / fix sluggish PC |
Run script: Delete Temp Files |
Safe; runs as SYSTEM |
Repair broken Office install |
Run script: Office 365 - Repair |
Uses Office's native Quick Repair |
Check why a device is offline |
Device Overview → Activities tab + last contact timestamp |
If > 7 days, escalate — probably decommissioned or off-network |
Reboot a device remotely |
Device Overview → Reboot (device action buttons) |
Choose Normal reboot unless user confirmed |
See what patches are missing |
Device → OS Patches tab |
Pending / Failed / Approved filter |
2. Finding and Orienting to a Device
Find it fast
- Left navigation → Devices → use the search bar at the top.
- Search works on: hostname, serial number, last logged-in user, IP, and custom fields.
- If a user doesn't know their hostname, ask for their username — the search will match against last logged-in user.
- Filter by location if the user tells you which site they're at.
What to read first on the Overview tab
Widget |
Why it matters |
Online status / Last contact |
If offline, this tells you whether it's a live issue or a stale record. Anything more than 7 days offline → likely retired or off-network. |
Active alerts |
Current monitoring issues on this device. Check before you start — the user's complaint may already be detected. |
OS Patches summary |
Quick view of pending / failed patches. Many sluggishness and reliability complaints trace back here. |
Logged-in user |
Confirms you're on the right device and helps with account-specific issues. |
Hardware summary |
RAM, CPU, serial, model — needed for warranty and replacement decisions. |
Activities feed |
Recent events: reboots, script runs, remote sessions, logon/off. Good for reconstructing 'what happened'. |
|
Activity log noise is expected The Activities feed contains a lot of network adapter and logon/logoff events. This is a NinjaOne platform characteristic and cannot be suppressed at the device level. Filter by event type when you're looking for something specific. |
3. Remote Support — NinjaOne Remote and Background Mode
Two ways to connect to a Windows device. Pick the right one for the situation.
|
NinjaOne Remote (standard) |
Background Mode |
When to use |
The user needs to see what you're doing, or you need to walk them through something. |
Silent fixes during business hours. Maintenance, scripts, file/registry work. |
User experience |
Full screen share. User can see your cursor and actions. |
User sees nothing. They keep working uninterrupted. |
How to start |
Device Overview → click the NinjaOne Remote icon (top right). |
Device Overview → click the ▾ arrow next to the NinjaOne Remote icon → Connect in Background Mode. |
Auth required |
Standard session auth. |
MFA prompt every session. |
Runs as |
The logged-in user's session. |
Windows SYSTEM on a separate, minimal desktop. |
Available tools |
Full user desktop — everything they see. |
File Explorer, Registry Editor, Event Viewer, Service Manager, Disk Manager, PowerShell, CMD. |
Avoid |
— |
Reboots, user app restarts, stopping critical services while user is active. These will disrupt them even in Background Mode. |
|
Default to Background Mode for maintenance If you don't need the user to see you, use Background Mode. It's faster to start, won't steal focus, and leaves no trace to the user. The session recording is still captured for audit. |
Inside a Background Mode session
- The desktop you see is black and mostly empty. This is expected — you're on the SYSTEM session, not the user's.
- Open maintenance tools from the small toolbar: File Explorer, Registry Editor, Services, Event Viewer, PowerShell, CMD.
- Anything tied to the user's profile (their documents, their Outlook, their AppData) will not be present in this session. Switch back to standard NinjaOne Remote if you need to see the user's environment.
- File transfers and clipboard sync work the same as in a standard session.
4. Running Automations — The MDVA Infrastructure Library
All our internal scripts and packaged installers are tagged with the MDVA Infrastructure category. When you're on a device, click Run and filter by that category to see only our own tooling.
How to run a script on a device
- Open the device's dashboard.
- Click the Run button (play icon) near the top of the page.
- Filter by Category = MDVA Infrastructure to narrow the list.
- Select the script, confirm parameters if prompted, and run.
- Watch the Activities tab for completion status and output.
Scripts — what we have and when to use each
Script |
When to use |
Delete Temp Files |
User reports slow PC, disk filling up, or before deploying large installs. Cleans Windows temp, user temp, browser caches. |
DISM - Windows Image Repair |
Windows feels broken — SFC failing, Windows Update stuck, component store corruption suspected. |
Office 365 - Repair |
Outlook, Word, or Teams misbehaving. Runs the ODT-based Quick Repair. Faster than reinstall. |
Manage Dell Command Update |
Dell firmware/driver updates needed. Scans and applies via DCU. |
System Performance Check |
User complains about performance and you want a quick CPU, memory, disk, and network snapshot before deep-diving. |
Time Sync - Sync Now |
Kerberos errors, certificate warnings, or logon issues caused by clock drift. Forces time sync. |
Stale Profiles - Audit |
Shared workstations with lots of old user profiles. Reports what WOULD be deleted without removing anything. |
Stale Profiles - Cleanup |
ONLY after Audit has been reviewed. Actually removes the stale profiles. |
Get-Mapped_Drives |
User reports a missing network drive. Reports all currently-mapped drives for the logged-in user. |
Add Network Printer |
Install a shared network printer for all user profiles on the device. |
Rename Computer |
Renaming domain-joined or workgroup PCs. Requires a reboot to take effect. |
AD - Join Computer to a Domain |
Fresh deployments or post-rebuild. Needs domain creds. |
AD - Remove Computer from the Domain |
Decommissioning or moving to a different domain. Needs local admin creds for post-removal logon. |
Bitlocker Escrow |
Ensure a device's BitLocker recovery key is escrowed to AD/Entra. Run after new deployments or when in doubt. |
Audit Autopilot Hardware ID |
Collects the hardware hash for Autopilot enrollment. Writes to a custom field for later harvest. |
AS/400: Copy IBM iAccess files and install Java |
AS/400 client setup — copies iAccess files and installs IBM Semeru Java. Batch script, Windows only. |
Application installs
Packaged installers show up under Run → filter Type: Install application. These deploy silently and don't need the user logged in.
Installer |
What it deploys |
ACO |
Avaya Cloud Office softphone client. |
Chrome Browser (Enterprise) |
Google Chrome, Enterprise MSI package. |
ExacqVision |
ExacqVision camera software for facility video. |
|
Need something that isn't in the library? Don't upload a one-off script to a device. If you need something recurring, submit it to the Tier 2 engineer who owns automation and it'll be reviewed, tagged MDVA Infrastructure, and added to the library for everyone. For a true one-off — a Winget install or a quick PowerShell line — use the ad-hoc PowerShell runner on the device, not a saved script. |
5. Troubleshooting Tools on the Device
Most of the time, you won't need to remote in at all — the device dashboard and quick actions cover 80% of support work.
Direct device actions (no remote session needed)
Action |
Where |
Notes |
Reboot |
Device page → Reboot button |
Normal or forced. Normal is safer — lets the OS close apps cleanly. |
Run a script |
Device page → Run (▶) |
Filter Category: MDVA Infrastructure |
Ad-hoc PowerShell / CMD |
Device page → Remote Tools → Terminal |
Runs as SYSTEM. Don't paste creds here. |
View processes |
Device page → Tools → Processes |
Can end processes remotely. |
View / start / stop services |
Device page → Tools → Services |
Cleaner than opening services.msc via remote. |
Event Viewer |
Device page → Tools → Event Log |
Query Application and System logs without an RDP session. |
File transfer (to device) |
Background Mode → File Explorer, or Remote session file transfer |
For pushing a one-off file |
Check installed apps |
Device page → Software tab |
Inventory — what's installed and version. |
Common symptoms → first thing to try
Symptom |
First move |
PC is sluggish |
Delete Temp Files script → check disk space → System Performance Check |
Office apps crashing / behaving oddly |
Office 365 - Repair |
User can't log in / Kerberos errors |
Time Sync - Sync Now |
Missing mapped drive |
Get-Mapped_Drives script → check GP drive maps in Event Log |
Windows Update failures |
DISM - Windows Image Repair → then retry patches from OS Patches tab |
BitLocker recovery key needed and can't find it |
Check AD/Entra for the key first. If missing, run Bitlocker Escrow to push it up. |
Dell firmware or driver issues |
Manage Dell Command Update |
Shared PC running out of disk / lots of users |
Stale Profiles - Audit (review output) → Stale Profiles - Cleanup |
New PC not enrolling in Autopilot |
Audit Autopilot Hardware ID → capture hash from custom field |
Device offline in console |
Check AD last-logon → ask user to reboot → if still offline after 7 days, escalate |
6. Patch Management — What to Check
- Device page → OS Patches tab shows Pending, Failed, Approved, and Installed patches.
- If a user says 'my PC keeps nagging me about updates,' check Pending and the next scheduled maintenance window from the device policy.
- Failed patches in a row on one device = usually a Windows Update component issue. Try DISM - Windows Image Repair, then re-scan.
- Failed patches across many devices at the same location = investigate network or WSUS-like upstream; escalate to Tier 2.
- Never approve a patch at the device level — that's a policy change. Escalate if a user needs an early patch.
|
Maintenance windows vary by location Patch reboots run per-location based on the OS Patching policy. If a user complains about overnight reboots, check the location's maintenance window before changing anything. |
7. Alerts, Activities, and Tickets
Alerts
- The top nav shows a global alert count. Click to see active alerts across all devices.
- Acknowledge an alert only when you've actually looked at it. Auto-acknowledging = missed incidents.
- Resolve an alert only when the underlying problem is actually fixed. If you resolve a 'disk full' alert without clearing disk, it'll fire again.
- If an alert keeps firing and you don't know why, escalate — do not silence it.
Activities feed
- Per-device audit trail — every script run, remote session, patch, and reboot is here.
- Good for reconstructing 'what happened before the issue' when a user reports something broke.
- Expect a lot of network-adapter and logon noise. Filter by event type to find what you need.
8. When to Escalate
Escalate to Tier 2 when any of these are true:
- You're about to change a policy, create a new script, or modify an automation.
- The same alert is firing on multiple devices at the same location.
- A device has been offline for more than 7 days and the user confirms it's in use.
- You need to touch something outside the MDVA Infrastructure category.
- A patch failure pattern suggests an upstream issue (WSUS substitute, network, AD).
- The issue involves N-Central parallel-run conflicts or dual-agent behavior.
- The user is asking for an exception to a baseline (patching pause, remote access outside policy, etc.).
|
What not to do at Tier 1 Don't delete devices from the console — even stale ones. That's a destructive action with license and audit implications. Don't modify device policies or automation scripts — these apply at scale. Don't share your login. Each tech has MFA-gated access for a reason (session audit). |
9. Typical End-to-End Workflow
Example: user reports 'my laptop is really slow.'
# |
Step |
Detail |
1 |
Find the device |
Search by user or hostname → open device page. |
2 |
Read the Overview |
Online? Last contact recent? Any active alerts? Check disk space widget. |
3 |
Check Activities |
Any recent failed patches or scripts? Recent reboots? |
4 |
Choose an action |
Low disk → run Delete Temp Files. Office slow → run Office 365 - Repair. General → run System Performance Check first for a snapshot. |
5 |
Watch it run |
Activities feed shows script completion and exit code. |
6 |
Verify |
Re-check the Overview. If disk is recovered or alert clears, you're done. |
7 |
Document |
Note what you did in the ticket. Script runs are already auto-logged in the device's Activities feed — reference them. |
Internal IT · NinjaOne Technician Reference · MDVA Infrastructure