NetLock RMM DocsFeature Matrix
A scannable overview of every NetLock RMM feature area and its platform support, with links to the chapter that documents each in full.
Feature Matrix
This appendix is a single-page index of what NetLock RMM does. It groups every feature into Console, server, and agent areas, records platform support where it varies, and links to the chapter that documents the feature in full. Use it to answer "does the product do X, and where do I read about it?" — not as a configuration reference. For mechanics, follow the cross-links.
Three conventions apply throughout:
- Yes / No in a platform column means the feature is or is not available on that operating system.
- A dash (
—) means the feature does not apply to that platform. - Where a column names a tool or shell instead of Yes (for example
PowerShell), that is the platform-specific implementation.
Note: This matrix summarises shipped behaviour. When a feature area carries deployment-specific or licensing-specific limits, the linked chapter is authoritative.
X.7.1 Console features
The web Console is the single operator surface. The features below are available regardless of agent platform; they are properties of the Console itself.
| Feature | Summary | Documented in |
|---|---|---|
| Multi-tenancy | Tenant, location, and group hierarchy for organising devices. | Chapter 4 |
| Users and roles | Per-user, permission-gated access; tenant-scoped visibility. | Chapter 14 |
| Two-factor authentication | Time-based one-time password (TOTP) on operator accounts. | Chapter 14 |
| Single sign-on | OpenID Connect with Azure AD, Google, Keycloak, Okta, or Auth0; one provider active at a time. | A.4 |
| IP whitelist | Restricts Console access to named networks. | A.4 |
| Dashboard and Panel Builder | Per-user dashboards with chart and table panels driven by a visual or raw SQL query builder. | Chapter 2 |
| Setup Wizard | First-run guided setup shown on the Dashboard. | Chapter 2 |
| Events browser | Operational event stream, filterable by severity, type, scope, device, and time. | Chapter 12 |
| Audit log | Immutable record of administrative actions in the Console. | Chapter 12 |
| Notifications | Email, Microsoft Teams, Telegram, ntfy.sh, and webhook channels. | A.8 |
| Reports | Pre-built and custom reports, brand templates, and scheduled delivery. | Chapter 11 |
| Custom fields | Operator-defined device-detail tabs, sections, and fields. | Chapter 8.4 |
| File Server | Stores files for distribution; files can be referenced from scripts. | Chapter 9.1 |
| AI Chat and assistants | Optional LLM features for chat and per-feature assistance. | Chapter 13, A.11 |
| Ticket System | Optional helpdesk: departments, SLAs, time tracking, templates. | Chapter 10 |
| Device World Map | Plots managed devices by IP geolocation. | Chapter 3 |
| Maintenance mode | Manual and scheduled windows that suppress outbound notifications. | A.2 |
| Database management | Per-table retention, cleanup, and an optional SQL console. | A.3 |
| Localization | Language, timezone, and date-format settings. | A.5 |
| Custom Installer and Agent Download | Generates command-line configs and one-click installers for Windows, Linux, and macOS. | Chapter 3 |
| Whitelabeling | Branding of logos, colours, login page, and Console chrome. | A.6 |
| Community catalogues | Shared Scripts, Reports, and Themes through the Members Portal. | Chapter 15 |
Optional module: The Ticket System applies only when it is enabled in
Settings → Ticket System. See Chapter 10.
The AI features are optional and require an LLM provider to be configured (see A.11). Two kinds exist: the general-purpose AI Chat page, and targeted per-feature assistants. The targeted integrations are the AI Assistant in the Scripts editor (which writes directly into a script), the AI Assistant on the Automations dialogs, the AI SQL Assistant in the Widget Editor, and the Analyze with AI action on event and audit details (which opens AI Chat with the entry pre-filled). See Chapter 13.
Whitelabeling options
Whitelabeling is broad enough to list separately. Each option below is configured under Settings → Whitelabeling and documented in A.6.
| Option | Summary |
|---|---|
| Console title and logo | Custom title text and a custom logo image. |
| Login page layout | Centred-card or side-panel layout with toggles for logo, glow, and fun facts. |
| Login page background | Custom background image or video. |
| Welcome text and footer links | Custom greeting and custom footer links on the login page. |
| AppBar and navigation | Per-icon AppBar visibility and a collapsed-drawer mode. |
| Visual effects | Optional seasonal overlays and particle backgrounds. |
| Colour palette | A full light-mode and dark-mode colour palette with live preview. |
| Iframe embedding | Allows or blocks embedding the Console in third-party applications. |
| Theme import, export, and community themes | JSON theme exchange and a community theme gallery. |
X.7.2 Server features
The server is the central service the Console reads from and agents report to. Self-hosted operators run it themselves; cloud operators do not.
| Feature | Summary | Documented in |
|---|---|---|
| Role-based deployment | The backend can be split into separate server roles. | A.1 |
| Agent handshake | Only agents issued by your own deployment can communicate with your backend. | A.1 |
Self-hosted only: Server architecture and role splitting apply to self-hosted deployments. Cloud deployments delegate server operation to the hosted operations team.
X.7.3 Device management and remote access
These features act on managed devices through the agent. Platform columns record where each is available.
| Feature | Win | Linux | macOS |
|---|---|---|---|
| CPU, RAM, network, and drive inventory | Yes | Yes | Yes |
| Installed software inventory | Yes | Yes | Yes |
| Service overview | Yes | Yes | Yes |
| Logon, Task Scheduler, and driver overview | Yes | — | — |
| Remote Task Manager | Yes | Yes | Yes |
| Remote Service Manager | Yes | Yes | Yes |
| Remote Shell | PowerShell | Bash | Zsh |
| Bulk Remote Shell | Yes | Yes | Yes |
| Remote File Browser | Yes | Yes | Yes |
| Remote Event Log Viewer | Yes | — | — |
| Remote Registry Editor | Yes | — | — |
| Remote Control | Yes | Yes | Yes |
| SNMP Tools | Yes | Yes | Yes |
| Uninstall application | Yes | Yes | Yes |
| Wake on LAN | Yes | Yes | Yes |
| Relay Server | Yes | Yes | Yes |
Remote Control delivers H.264 video over the relay when available and falls back to JPEG frames over SignalR when it cannot. The product does not use VNC or RDP. Full detail, including session switching, recording, and unattended access, is in Chapter 3 and A.7.
The Relay Server provides end-to-end-encrypted TCP tunnels and jump-host access for network devices without an agent. See Chapter 9.
X.7.4 Security and control
| Feature | Win | Linux | macOS | Notes |
|---|---|---|---|---|
| Microsoft Defender management | Yes | No | No | Scan jobs, exclusions, and notifications. |
| Firewall status | Yes | Yes | Yes | Read-only inventory of firewall state. |
| Firewall configuration | Yes | Yes | No | Windows uses Defender Firewall; Linux uses UFW. |
| Application Control | Yes | No | No | Allowlist rulesets matched by path, metadata, hash, or signing certificate. |
| USB Device Control | Yes | No | No | Allowlist with device, tenant, location, group, and global scope. |
Antivirus management covers Microsoft Defender only; third-party antivirus products are not managed. Application Control and Device Control are library features under Collections — see Chapter 8.6 and Chapter 8.7. A ruleset or whitelist reaches devices only through a policy; see Chapter 6.
X.7.5 Software and patching
| Feature | Win | Linux | macOS | Notes |
|---|---|---|---|---|
| App Hub catalogue | Winget, Chocolatey, Script | Flathub, Script | Script | Catalogue only; not an execution engine. |
| Software Deployment | Yes | Yes | Yes | Four-step wizard with retry and per-device attempt tracking. |
| Patch Management | Yes | Yes | Yes | Windows: OS, Winget, Chocolatey. Linux: Apt, Dnf, Yum. macOS: native. Docker: image updates. |
The App Hub is a catalogue you pick from; installation runs through Software Deployment. See Chapter 8.5 and Chapter 8.8.
Patch Management is split across two surfaces. The /patch-management page is a global approval queue with a vulnerability view and SLA tracking; per-policy rollout rules — schedule, deployment rings, reboot, retry, notifications — live inside the policy editor. See Chapter 7 for the page and Chapter 6 for per-policy rollout.
X.7.6 Automation and monitoring
| Feature | Win | Linux | macOS | Notes |
|---|---|---|---|---|
| Policies | Yes | Yes | Yes | One policy per device; agent behaviour, security, patching, App Hub. |
| Automations | Yes | Yes | Yes | Routes one policy to devices by a device-attribute condition. |
| Jobs | Yes | Yes | Yes | Scheduled script execution with twelve schedule types. |
| Sensors | Yes | Yes | Yes | Utilization, event log, script, service, ping, and SNMP sensors. |
| Device uptime monitoring | Yes | Yes | Yes | Connection and disconnection alerts per device. |
| Website uptime monitoring | Yes | Yes | Yes | HTTP status, SSL expiry, response time, DNS, content checks. |
| Port Scanner | Yes | Yes | Yes | TCP scans of operator-defined targets with banner grabbing. |
An automation is a condition → policy rule, not a workflow engine: there are no event triggers, no schedules, and no actions other than assigning one policy. Automations are evaluated in a fixed condition-type order — Device Name, then Internal IP, External IP, Domain, Group, Location, and Tenant — and the first matching condition type assigns its policy. Automations cannot run scripts, send notifications, or compose Sensors and Jobs. See Chapter 5 for the resolution model and Chapter 6 for what a policy contains.
Note: A device is assigned at most one policy at a time. Policies do not attach to tenants, locations, groups, or devices directly — attachment is routed exclusively through Automations.
Sensors not only alert but can run an action script on a threshold breach. Sensor and Job mechanics live in Chapter 8.2 and Chapter 8.3. Website uptime monitoring and the Port Scanner are documented in Chapter 9.
Tray icon
The agent exposes an optional tray application to end users on all three platforms. Its branding, button set, and App Hub window labels are configured per policy.
| Feature | Win | Linux | macOS |
|---|---|---|---|
| User tray icon | Yes | Yes | Yes |
| Custom tray branding | Yes | Yes | Yes |
See Chapter 6 for tray-icon policy settings.
X.7.7 Platform support
The agent runs on x64 and arm64 architectures and needs no third-party runtime dependencies. The server is distributed as a container image and is installed with Docker.
The operating systems below are officially supported. Where the notes state that troubleshooting support has ended, the agent still runs on that version but issues specific to it are no longer investigated.
Windows
| Operating system | Notes |
|---|---|
| Windows 11 | |
| Windows 10 | |
| Windows Server 2025 | |
| Windows Server 2022 | |
| Windows Server 2019 | |
| Windows Server 2016 | |
| Windows Server 2012 (R2) | All updates must be installed. No troubleshooting support. |
| Windows 8.1 | All updates must be installed. No troubleshooting support. |
| Windows 7 | All updates must be installed. No troubleshooting support. |
Linux
| Operating system | Supported versions |
|---|---|
| Ubuntu | 20.04, 22.04, 23.10, 24.04 |
| Debian | 11, 12 |
| RHEL | 9 |
| CentOS Stream | 8, 9 |
| Fedora | 39, 40 |
macOS
The agent supports macOS Ventura, Sonoma, and Sequoia.
X.7.8 Community-supported platforms
Some additional platforms have been confirmed to run the agent reliably but are community-supported: they are not part of the formally tested set and are not covered by troubleshooting support.
| Platform | Notes |
|---|---|
| Proxmox | Community-supported. |
Related chapters
- Chapter 3 — Devices — device inventory and remote access.
- Chapter 5 — Automations — policy routing.
- Chapter 6 — Policies — what a policy configures.
- Chapter 7 — Patch Management — the approval queue.
- Chapter 8 — Collections — the reusable libraries.
- Chapter 9 — File Server & Monitoring — relay, uptime, port scanning.
- X.5 — Integration endpoints — external systems the product talks to.