Nxtcfg - Collector configuration tool


Nxtcfg - Collector configuration tool


Nxtcfg is a small console application to read and modify the configuration parameters of the Collector. Ensure that you run Nxtcfg with administrator privileges.


By default, the Nxtcfg tool is installed along with the Collector when installing the Collector MSI. Once the Collector is installed, the Nxtcfg tool is located under C:\Windows\System32\nxtcfg.exe.

The Collector MSI version used determines the nxtcfg version installed (Windows 32-bit or 64-bit system).

If not required, add the option CFG_INSTALL=0 to the MSI command line, when installing the Collector.


Option Description Example
/start Start the Collector. nxtcfg.exe /start
/stop Stop the Collector. nxtcfg.exe /stop
/restart Restart the Collector. nxtcfg.exe /restart
/g Get the value of a particular configuration parameter from the Collector. nxtcfg.exe /g ip
/s Set the value of one or more configuration parameters of the Collector. nxtcfg.exe /s ip= udp_port=999
/l List all the configuration parameters of the Collector with their current values. nxtcfg.exe /l
/d Dump all the configuration parameters of the Collector and their corresponding values to a file. nxtcfg.exe /d C:\temp\collector.cfg

Configuration parameters

The modification of some of the parameters requires to restart the Collector for the change to take effect. Rebooting the device forcefully restarts all Collector components as well. For each parameter, this is specified by the values in the column Restart required of the parameters table:

  • No: No reboot or component restart required.
  • Yes: Collector restart or device reboot required.
Parameter Description Default value Range Restart required
ip IP address or DNS name of the target Appliance. - - No
udp_port Port number for UDP communication with the target Appliance. - [1 - 65535] No
tcp_port Port number for TCP communication with the target Appliance. - [1024 - 65535] Yes
tag Optional integer number to identify the installation. 0 [0 - 2147483647] No
string_tag Optional label to identify the installation. - any string (max 2048 chars) No
cgpi CrashGuard Protection Interval Value. It is the time interval since boot (in minutes) after which a dirty reboot does not increase the CrashGuard. 240 min - Yes
logmode Logging mode
  • 0 - Silent
  • 1 - Verbose
  • 2 - Debug (not recommended for production)
0 [0 - 2] No
logsize Maximum size of log file when logging is enabled. Logs are rotated after the maximum is reached. 32 MB [1 - 512] MB Yes
printing Disable or enable print monitoring function. disable [disable - enable] Yes
dsps Disable (1) or enable (0) SMB print monitoring subfunction (requires printing enabled). 1 [0 - 1] Yes
iops Enable (1) or disable (0) IOPS monitoring functionality. 0 [0 - 1] Yes
dwef When set, the Collector does not report application freezes nor hungs. 0 [0 - 1] Yes
mss Maximum size, in bytes, of the UDP packets sent from the Collector to the Engine. 1224 B [1000 - 16384] B Yes

Period, in hours, in which the Collector checks for new installed packages and updates and reports them:

  • 0 - Never report packages.
  • 1 - Report packages after Collector initializes and then every 1 hour.
  • 2-24 - Report packages 45 minutes after Collector initializes and then every 2 to 24 hours.
1 [0 - 24] Yes
wme When set, the Collector reports Web and Cloud data. 1 [0 - 1] Yes
wm_domains List of domains for which to report the URL of web requests. - Comma separated domain names. No
prefer_ipv6 When set, the Collector prefers IPv6 to communicate with the Engine when the name of the Engine resolves to both IPv6 and IPv4 addresses. 0 [0 - 1] No
custom_shells When set, enable the Collector to report user logon events and user interactions in virtualized and embedded (kiosk mode) environments. 0 [0 - 1] No
execution_policy The security policy to apply when executing scripts of remote actions. signed_trusted_or_nexthink
  • disabled
  • signed_trusted
  • signed_trusted_or_nexthink
  • unrestricted
customer_key The Customer Key of the master Appliance. - Path to text file with cryptographic key. Yes
root_ca The Root Certificate of the master Appliance. - Path to text file with root certificate. Yes
assignment_status The status of the assignment of the Collector to a particular Engine. disabled
  • disabled
    The Collector is not using the Assignment Service.
  • standby
    The Collector is waiting the assignment to an Engine.
  • assigned
    The Collector is assigned to an Engine.
No (read‑only)
use_assignment Instruct the Collector whether to use or not the Assignment Service. disable
  • disable
    Instruct Collector not to use the Assignment Service.
  • enable
    Instruct Collector to use the Assignment Service.
Yes (only when enabling)
engage Activation of the features to engage with the end-user. enable_except_on_server_os
  • enable_except_on_server_os
    Activate the features to engage with the end-user, except on devices that run an OS of the server type.
  • disable
    Deactivate the features to engage with the end-user.
  • enable
    Activate the features to engage with the end-user.
data_over_tcp Send Collector data over TCP disable
  • disable
    Send end-user data over the UDP channel.
  • enable
    Send end-user data over the TCP channel.
proxy_pac_address URL of the PAC file to automatically configure the proxy settings. -
  • <url>
    The URL of the PAC file
  • ""
    Do not use a PAC file
proxy_address FQDN or IP address of the proxy for manual configuration of proxy settings. -
  • <FQDN or IP address>
    The address of the proxy.
  • ""
    Do not use manual proxy settings.
proxy_port Port number where the proxy is listening for manual configuration of proxy settings. -
  • <port number>
    The port number of the proxy.
  • ""
    Do not use manual proxy settings.

Nxtcfg in Remote Actions

Because the Collector communicates with the Engine when running remote actions, it is not recommended to change some of the configuration parameters of the Collector from a remote action. Thus, refrain from modifying any of the following configuration parameters when running nxtcfg.exe within a remote action:

  • ip
  • tcp_port
  • customer_key
  • root_ca

For the same reason, do not stop or restart the Collector with nxtcfg.exe in a remote action. Directly stopping or restarting the Collector abruptly ends the communication between the Collector and the Engine, resulting in the Collector losing its state in respect of the remote action. Once the Collector is up again, it starts the execution of the remote action from the beginning, potentially creating an infinite loop.

Instead, if you need to modify some Collector settings from a remote action that require a restart, use the following code in the script of the remote action:

  • To stop the Collector:
Stop-Service -Name "Nexthink Service" -Force
Stop-Service -Name "nxtrdrv5" -Force
Stop-Service -Name "nxtrdrv" -Force

  • To start the Collector:
Start-Service -Name "nxtrdrv"
Start-Service -Name "nxtrdrv5"
Start-Service -Name "Nexthink Service"

Setting the Customer Key and Root Certificate

The Collector uses the Customer Key and Root Certificate to validate the identity of the slave Appliance (Engine) and securily communicate with it via TLS. If any of these security parameters change in the Appliance (e.g. moving from pre-production to production environment), you must change the configuration in your Collectors accordingly.

The parameters customer_key and root_ca are special in the sense that they do not admit a direct value as argument, but a path to a text file holding the actual value of the Customer Key or the default Root Certificate, respectively. To download the Customer Key and the default Root Certificate from the master Appliance, follow the same method described for installing the Collector:

  1. Log in to the Web Console of the master Appliance as admin.
  2. Select the Appliance tab at the top of the Web Console.
  3. Click Collector management in the left-hand side menu.
  4. Under Collector default certificates at the bottom of the page, click the buttons DOWNLOAD CUSTOMER KEY and DOWNLOAD DEFAULT ROOT CERTIFICATE to download, respectively, the text files holding the Customer Key and the default Root Certificate of the Appliance.
    • Only use the default Root Certificate of the master Appliance if you did not replace the certificates for the TCP connection of the Collector with the Appliances.

To set the Customer Key and Root Certificate downloaded from the master Appliance, type in the following (assuming that you placed the downloaded files in the root directory of your C: drive): nxtcfg.exe /s customer_key="C:\Nexthink-customer-key.txt" root_ca="C:\Nexthink-root-ca.txt"

When listing the customer_key and root_ca parameters with the /l option of Nxtcfg, neither the full Customer Key nor the full Root Certificate are displayed. Instead, only the first few characters of both the configured key and certificate are shown. These characters are usually enough to identify the key or the certificate, while keeping the list of Nxtcfg parameters readable.

The operations described in this article should only be performed by a Nexthink Engineer or a Nexthink Certified Partner.

If you need help or assistance, please contact your Nexthink Certified Partner.