Managing Your Ignite System

Ignite Overview
LabTech Ignite™ is a set of
preconfigured, out-of-the-box
functions built into the LabTech
remote monitoring and management
(RMM) platform and designed to get
your business up and running in no
time. Developed and built by IT
managed services industry experts
and following Microsoft® best
practices, LabTech Ignite sets the
standard for simple IT services
delivery incorporating mission-critical
monitoring packs, industry defined
thresholds, auto-fix scripts, automated
patch management and much more!
LabTech Ignite allows you to turn on
and off functionality so you can decide
what level of functionality is best for
your environment.
Why Should I Onboard 1-2 Clients at a Time?
A methodical approach should be
taken when onboarding new clients
to help better manage overall ticket
creation. This allows you to adjust
monitor conditions where required,
whitelist or blacklist software, as well
as events, services and processes.
By onboarding one or two clients at a
time and taking care of these tickets
before onboarding additional clients,
it will save you time in the end.
Here’s why:
LabTech has provided you with 100+
internal monitors to provide you with
valuable information (more on this
later). When you onboard a new
client, it is likely that every machine
will generate 7-8 tickets EACH for a
variety of reasons (e.g., new
software, services, processes,
events, sensors, etc.). So, if this
client has 30 computers,
approximately 240 tickets will be
generated that need to be
remediated. Now, say you have 100
clients with 30 computers each and
you onboarded all of them, that’s a
whopping 24,000 tickets! Are you
thinking you’d rather just do it all at
once and get it over with? Well
here’s the good news, if you onboard
only one or two clients at a time and
remediate those tickets you will
drastically reduce the number of
total tickets generated. How, you
ask? With a little bit of planning!
Here’s an example:
You have just onboarded the two
clients and 60 of the tickets
indicate that new software has
been installed (e.g., Microsoft
Office Professional Plus 2010).
Add this software with the exact
name to your App Whitelist and now
you have eliminated that ticket for all
of your remaining clients (3000
tickets just eliminated).
Applications can be whitelisted or
blacklisted in the Dashboard >
Config > Configurations > App
Whitelist/App Blacklist or by rightclicking on the application in the
Software tab of the agent’s
Computer Management screen
and then selecting Software >
Add to Whitelist/Blacklist.
The same applies for services and
processes. A little preparation goes
a long way. If you know what
applications are on your clients’
computers, you can add these before
you onboard and eliminate even
more tickets!
LabTech has provided you with
1000s of whitelisted software,
services and processes; however, as
new releases of 3rd party software
come out these applications may or
may not be already in the whitelist for
you. You may have to take the few
seconds of time to add them to your
whitelist.
Success depends upon
previous preparation,
and without such
preparation there is sure
to be failure.
- Confucius
Why Should I Create Tickets for Everything?
One answer, “Information”. Creating
tickets for everything provides a fullsized stream of information about
your clients’ machines and networks
and can be used to show root causes
for some problems, predict new problems before they occur and simplify
troubleshooting for technicians.
The trick is learning to manage these
alerts and separate the more important items from the lesser important ones is critical to being able to
provide an acceptable level of client
service and satisfaction. The overall
goal is to maintain details to help in
justifying your service delivery
(remember, show your worth so the
checks keep coming), as well as to
help a technician pinpoint trouble in
an efficient and quick manner.
“Doing the best at this
moment puts you in
the best place for the
next moment.” ~
Oprah Winfrey
Top 10 Highest Ticket Producers
The following table represents the ten highest ticket producers from LabTech.
On the following pages, we will explain why these monitors are important, where
they come from and how to better manage them to provide valid information
versus ‘noise’ in your PSA system. While this list is not all-inclusive, it was
generated from support requests into the LabTech Help Desk.
Monitor or Type
What it Does
LT-No Agent Checking in (30 Days)
This alert notifies you of any machine that has not checked into the LabTech
server for 30 days.
Change Management Tickets
Upon onboarding and each day, servers are checked for roles and or changes to roles and tickets are generated with the details.
LabTech Onboarding/Patching
The monitors alert you to issues that should have been addressed within LabTech during location on-boarding by a technician.
Performance Monitors
These monitor specific performance variables on workstations and servers,
as well as by server roles.
Sensor Monitors
These monitors monitor specific motherboard sensors for conditions that are
excessive.
EV – Blacklisted Events
Currently three monitors monitor the blacklist event table for alerts that match
entries within the table. They are Critical and Warning Events, Exchange
Events and Informational Events that all match the list.
SW-Uninstalled
This monitor looks for applications that have been removed from computers
but excludes common apps such as Java, Adobe, etc. that frequently do a
removal when they are updated.
SW – Installed New
This monitor looks for applications that have been added to computers, but
excludes common apps such as Java, Adobe, etc. that are common and updated often.
SW—Unclassified Apps
This monitor looks for applications that have been installed at some point on
the various machines and lets you either whitelist or blacklist the application
as either known good or bad.
SVC-Auto Services Stopped
This monitor runs each hour looking for services that are reported stopped,
but set to an automatic start state.
Why Should I Care if an Agent hasn’t Checked In?
The LabTech—No Agent Checking In
(30 Days) monitor will alert you to
notify you of any machine that has not
checked into the server for 30 days.
Why is this important? The
assumption is that you are
providing a monthly service
to your clients and if a
machine has not reported in
within the month, you were
not able to perform what is
required of you to deliver
your service. Less work for you, right?
Well, let’s look at it from another point
of view. Let’s assume that every
quarter you meet with your client and
the client’s patch health score is not
up to par. Those computers that are
offline and not checking in are
affecting the reporting. Now, you have
to explain to your client why the patch
health score is low, why this computer
hasn’t been patched, etc. Of course,
you could tell the client
that you couldn’t patch
the computer because it
has been turned off for
more than 30 days. Oh,
but wait, the client is
paying you to deliver a
service. Do you see
where we are going here? Again,
being proactive will always score you
more brownie points than being
reactive. When a machine has been
off for more than 30 days, contact the
client and tell them that there is a
machine that has been off for several
days and you are unable to patch,
backup or run antivirus against it. This
will be another step to validating your
worth with your client.
If it is a computer that is turned off for
a reason, you can exclude it at the
monitor level so the machine will be
ignored.
From the Monitors screen, click on the
Internal Monitors tab. Find the ‘LTAgents No Checkin for More than 30
days*’ monitor and double-click to
open. Click on the Exclusions tab.
Right-click in the Disabled Computers
section and select the computer you
want to exclude from this check.
Server Roles Changing, Who Cares?
During Onboarding and each day
servers are checked for roles and/or
changes to roles. Tickets are
generated with the details. This
process was designed to keep you upto-date on any changes you may not
be aware of and to use as validation
for changes that may have been
requested.
The best solution to manage these
tickets is to utilize your PSA to
maintain the history. With the
ConnectWise 6.0 plugin, ticket
management can be used to close
these tickets automatically after a
specified number of days if they have
not been reviewed.
Servers are configured to perform a
number of roles and the applications
that are running on the server specify
the particular server’s role. What
happens if an application or service
that is installed to perform its specific
role has been accidentally removed?
If you are not monitoring the
changes, you may start
getting inundated with Help
Desk tickets because the
role that this server is
responsible for is no longer
performing this role. By
monitoring any changes,
you can be proactive and
contact your client to
indicate that the server role
has changed and determine
if the change was intended.
Likewise, if a client has installed
additional roles on an existing server
that may conflict and now you are
receiving Help Desk tickets because
the server is crashing. Without these
monitors notifying you of changes, it
may take a considerable amount of
time to locate the problem.
Additionally, if the client asks you to
remove applications that allow the
server to perform certain functions,
you can keep a history of the change
for validation purposes if at some
point the client comes back to you and
says ‘my server is not functioning’.
The golden rule for every
business man is this: Put
yourself in your
customer’s place.
~ Orison Swett Marden
Onboarding/Patching—What Are These Alerts??
The Onboarding and Patching
monitors will alert you to
configuration issues that should
have been addressed during
your initial configuration.
To remediate these types of alerts,
The purpose of these monitors is to
configuration needs to be completed at
notify you of important steps that were
the location level.
missed to get the desired outcome from
LabTech. By ignoring these alerts,
At the location level, assign Administrator Access on the Deployment &
patching will not take place after you
Defaults tab. On the Ignite tab, replace the ‘Not Selected’ service plan
have approved patches, agents will not
value to something that is appropriate and on then click over to the
get deployed nor will agents be assigned
Patching sub-tab, and select the desired patching days for servers,
to the appropriate service plan groups for
monitoring.
Performance Monitors
All performance monitors that are set
to trigger are based on Microsoft’s
published best practices, so if
something is alerting, it is exceeding
the published threshold and should be
investigated. Each of these alerts that
do not auto reset once the threshold is
lowered should be investigated and
remediated. If any alerts that show a
pattern of reoccurring, even if they
reset, should also be investigated as
both situations represent an issue
based on performance.
coming in, your client is
complaining that his server is
running too slow. You have
turned off the performance
monitors, so you no longer have
a history of the CPU usage. Is it
happening at peak times? All the
time?
Now, you have a client that is
complaining about slowness and
wants it fixed NOW. If you would have
been using the performance monitors,
it is likely that you would have
These performance monitors allow you received alerts that this particular
to monitor your clients’ servers and
machine was exceeding the
workstations to identify potential
Microsoft’s published threshold
problems such as malware spiking the allowing you to determine the cause
CPU usage or excessive usage that
long before your client submitted a
the hardware can’t support.
Help Desk ticket. If it is an overAdditionally, if a server or workstation utilized machine, you could have
continually exceeds the thresholds it
contacted the client and made him
gives you the opportunity to upsell
aware that the computer was
your client to upgrade their systems.
consistently exceeding industry
standard thresholds and made a sale
Imagine for a moment that you have
to upgrade the computer.
turned off the performance monitors
because you think they are ‘noisy’ and Performance monitors, when used
you have ignored all alerts about CPU with other monitors (e.g., sensor
usage spiking on a client’s server.
monitors), can help you diagnose the
Days later, Help Desk tickets are
problem much quicker. For example,
the CPU usage performance monitor
has been sending alerts that CPU
usage has exceeded 90% and the
CPU Temperature has exceeded its
threshold, this could be indicative of
improper cooling. By being proactive,
you can quickly identify the problem
and correct it before disaster strikes!
Did You Know? CPU spikes can
be caused by excessive and
continual usage, inadequate power
supplies, improper cooling, running
many programs at once and viruses
resulting in system instability and
spikes. A CPU spike can cause
temporary or permanent damage to
the CPU and motherboard.
Why Should I Care About Sensor Monitors?
Sensor monitors were designed to
help you see potential issues before
they render a machine critical, such
as elevated temperatures due to a
clogged or failing fan. These items
will go unnoticed by way of routine
monitoring, such as with event logs.
They are set to alert after the 3rd
failure and will auto-close if a
condition clears. If a machine has
been found to be causing alerts on a
consistent basis with no concrete
indication that there is a problem, the
monitor can be overridden at the
machine level.
Failing machines can cost you and
your client valuable time and money.
A computer that overheats can cause
costly damage and force you to
abandon the computer and buy a new
one or incur expensive repairs to fix it
and this doesn’t include the possible
financial loss your client faces if a key
computer goes down.
not cleared will remain and can be
investigated.
These hardware based sensors vary
from manufacturer to manufacturer
and report hardware information
such as:





CPU Temperature
Drive Temperature
CPU voltage
Power Supply Voltage
Battery Voltage on Laptops
 Fan Speeds
Let’s assume that you are receiving
alerts that the CPU temperature has
exceeded the allotted threshold on
one of your client’s computers. What
do you do?
and very little ventilation. Clean the
computer and move it to a better
location where it gets more air. No
more alerts. Ta Da! Problem fixed!
Now, let’s assume you turned off the
sensor monitors and now you get a
call to the Help Desk that the
computer is not operable and only
after you spend a couple of hours
troubleshooting, you come to the
conclusion that the motherboard and
By default, on new installations only
CPU have been rendered useless
servers will have sensor monitors.
because of overheating. Now, you
Investigate and determine if there is in
Don’t fret, within a short while, the
have to restore data from backup for
fact a problem. You find that the
tickets will begin to auto-close and
the client because they lost valuable
computer is clogged with dust and dirt
only the remaining issues that have
data and you have to stage another
computer. Remember, it is always
If sensor monitors are desired on desktops/laptops, you can set the followbest to be proactive and not reactive.
ing properties: _sysMonSensorDisableDesktop and
Would you ignore your car if it was
_sysMonSensorDisableLaptop properties to ‘0’ (Dashboard > Config >
overheating?
Configurations > Properties) .
Sensors tab on the
agent (Devices >
Sensors) shows all
sensors that have
been detected on this
machine.
Well, there are various reasons why
the temperature is exceeding the
manufacturer’s specifications: poor
ventilation, a bad fan, defective fan,
clogged with dust and dirt, the
computer running at a higher than
normal capacity, etc.
What Can Blacklisted Events Do For Me?
Events can indicate a potential
security risk or critical system failure.
By default, there are three monitors
that monitor blacklisted events:
Exchange Server, Critical and
Warning Events and Informational
Events. These are important because
these events are listed within the
blacklist by specific ID and/or
message and indicate true issues.
These issues should be investigated
and resolved.
Events can be removed from the
blacklist if you feel they are not
necessary. By doing so, alerts will no
longer be generated for that event.
You can also add application specific
events to alert you when a potential
issue may arise.
For example, you could create a
monitor that monitors an event ID or
message that indicates a backup did
not occur. You could always go
directly to the backup
software and check but
you can eliminate this
step and have a monitor
alert you via a ticket if a
backup did not occur.
Let’s assume you were
not verifying backups
and something
happened and required
you to restore from
backup. What are you going say to
your client when you have to tell them
that the last successful backup you
have is a week ago and all of their
data is lost?
Guarantee it’s not going to be a
pleasant experience! It doesn’t need
to be backup jobs you are monitoring,
it could be other applications that your
client absolutely has to have to keep
their business running.
Managing these alerts is simple as
fixing the issue and the alert will stop.
To add or remove events from the Event Blacklist: To add: Go to the
Dashboard > Config > Configurations > Event Blacklist and enter the Event
ID, Source, Message, Event Log Name, Event Type and the Category. To
remove: Simply right-click on the event and select Delete.
Software was Uninstalled...so?
The ‘SW—Uninstalled’ monitor looks
for applications that have been
removed from computers but it does
exclude common apps such as Java,
Adobe, etc. that are typically removed
when updates are performed.
There are a few reasons why you
should want to be alerted when
software is uninstalled. Let’s assume
Ollie at Client XYZ has uninstalled an
application that is a key business app
for your client. You start getting
flooded with Help Desk tickets
because all of the users are getting
errors trying to access the app. Your
client calls up angry because he
thinks the update you did yesterday
broke something even though you
know it is unrelated. Now, you spend
a few minutes to a few hours finding
the issue and trying to convince the
client that it was not your update that
caused the problem. So, let’s change
the scenario and turn that monitor
back on. Ollie uninstalls the software
and your monitor alerts you that
software has been uninstalled. You
contact your client (before he contacts
you) and indicate that you have been
alerted that their key business app
has been uninstalled. The client asks
you to reinstall the software and that
they will look into the incident on their
end. He then thanks you for being
proactive because it is a key business
app and without it, it would cause
financial implications for his business.
Let’s look at it from another angle. If
a client has requested an application
be uninstalled, the monitor will create
ticket that you can use to validate that
the request was completed.
This monitor
consolidates
tickets for each
machine so you
are not notified
via more than one ticket per machine
if any applications are removed. If
specific machines need to be
excluded, you can add them to the
exclusions list on the monitor.
From the Monitors screen, click on the
Internal Monitors tab. Find the ‘SWUninstalled’ monitor and double-click
to open. Click on the Exclusions tab.
Right-click in the Disabled Computers
section and select the computer you
want to exclude from this check.
Applications—Good or Bad?
In a perfect world, you wouldn’t have to
classify applications good or bad.
Unfortunately, in the real world you do.
Users can unintentionally install
potential harmful applications that
threaten your network security or your
client’s network security.
The ‘SW-Unclassified Apps’ monitor
looks for applications that have not
been whitelisted or blacklisted and
allows you to classify them good or
bad. You can then alert on the bad
ones. This monitor consolidates
tickets for each machine so you are
only notified with one ticket per
machine if any unclassified
applications are found.
By monitoring applications that have
been installed and are not classified
you can reduce the risk of any
harmful applications threatening your
network or your client’s network.
tickets. Additionally, if there are
Applications should be whitelisted/
machines that should be excluded,
blacklisted during Onboarding as much they should be excluded at the monitor
as possible to eliminate many future
level on the Exclusions tab.
Applications can be whitelisted and blacklisted in the Dashboard >
Config > Configurations and then selecting the appropriate blacklist or
whitelist tab. You can also add to the whitelist/blacklist by right-clicking
on the application in the Software tab of the agent’s Computer
Management screen and then selecting Software > Add to Blacklist.
Why Should I Care if Auto Services Have Stopped?
The ‘SVC-Auto Services Stopped’
monitor reports on services that have
stopped but are set to an automatic
start state. If they are automatic start,
should I really care about them?
service that needs to be running.
What it does, is run a script to restart
the stopped service and does multiple
passes and then reports on success.
application is launched, these can be
excluded by adding them to the
Services Blacklist. Additionally, if
there are machines that should be
excluded, they should be excluded at
the monitor levels on the Exclusions
tab.
Now, for services that are set to
The answer is Yes and here’s why.
automatic start by the application
Many business applications are
installer but really only start once the
service driven. If these services are
Services can be blacklisted in the Dashboard > Config >
not restarted, you will start receiving
Configurations > Service Blacklist or by right-clicking on the service in
Help Desk tickets because the
the Service tab of the agent’s Computer Management screen and
application is not working. The beauty
then selecting Software > Add to Blacklist.
of this monitor is it keeps you from
having to identify each and every
It is easier to do a job
right than to explain why
you didn’t.
~ Martin Van Buren
Why Do I Want to Monitor Software Installations?
Software may contain viruses,
spyware, key loggers or other things
that can compromise security, which
can cause a loss of valuable data as
well as considerable financial loss.
Additionally, unlicensed software can
be installed without your or your
client’s knowledge which could
potentially cost your client thousands
of dollars in copyright infringement
fines. So why do you want to monitor
software installations?
Let’s assume for a moment that Ollie
Operator that works for your client
just installed this “cool” add-on for
Microsoft Word. LabTech has
detected the change as newly
installed software and reported it via
an automatically generated ticket. A
few days later, your client calls your
Help Desk about Word crashing
repeatedly. Within minutes, your
technician has tracked it down to this
“cool” add-on because a ticket had
been generated for it just days prior
Applications can be blacklisted in
the Dashboard > Config >
Configurations > App Blacklist or by
right-clicking on the application in
the Software tab of the agent’s
Computer Management screen and
then selecting Software > Add to
Blacklist.
and is in the history. The add-on can
be quickly removed using LabTech
and the application blacklisted so you
are alerted in the future if it has been
installed again.
What if you weren’t monitoring
software installations and the same
event occurs? How long do you think
it would take to locate the problem?
Could be hours, could be days or
maybe not at all.
Now, let’s say the same client has
100 agents and Ollie Operator is
doing his own thing again. He just
installed the newest version of
Microsoft Office Professional on all of
the agents. At this point, you do not
know if it is legal software or if it is
pirated. If it is pirated, this could cost
your client thousands of dollars in
copyright infringement fines should
the software company ever find out,
say through a disgruntled employee
(it’s happened before). This gives
you the chance to show your ‘worth’
to your client. Send your client a
letter that you have detected that
You can keep track of the licensing
information on the License
Management tab of the client.
ABC Software has been installed on
all of his agents. Ask the client to
please provide licensing information
so in the event of a failure, recovery
is accelerated by having the licensing
information immediately available.
Include information about piracy and
that companies are subject to
significant fines for copyright
infringement if software is found on
computers that is not licensed. By
communicating with your client, you
are showing that you are looking out
for their best interests. It makes for
happy clients. Happy clients send
checks.
This is all about being proactive, the
more proactive you are the less Help
Desk tickets you will receive and the
more time you have to build your
business or to improve your
business.
Not so Fun Facts: Did you know
that dealing with viruses, spyware,
PC theft and other computer related
crimes costs U.S. businesses a
staggering $67.2 billion a year
(according to the FBI in 2006).
The successful man is the one
that finds out what is the
matter with his business
before his competitors do.
~ Roy L. Smith