Components of the Collector
Components of the Collector
The Collector is mainly composed of a couple of kernel drivers, along with a small set of services and libraries, that gather information about the devices in your corporate network and their activity. The Collector periodically sends all the gathered information to an Engine, where it is processed and stored. Other tools that are delivered with the Collector help you with its installation and configuration.
Find in this document the description of all the different components of the Collector and the filesystem paths where to find them in the devices of the end-users after installation. This article details as well the registry keys and the additional files created or modified during the installation of the Collector.
The Windows version of the Collector includes several features in addition to the gathering of user activity. These extra features require a comprehensive set of components.
Windows Collector binaries
For all versions of Windows, the following components are installed:
- Main driver: A kernel mode driver that gathers valuable information from the device of the end-user.
- Network specific driver: A kernel mode driver that detects network connections.
- Helper service: A Windows service that complements the main driver by collecting additional information.
- Printing info library: A dynamic link library that is responsible for detecting printing activity.
- Optional Command line configuration tool: A tool to configure the Collector from the command line.
- Optional Control Panel extension: A tool to control the behaviour of the Collector that is added to the Control Panel of Windows.
- Automatic updates: A component of the Collector that is responsible for downloading new versions and updating the installed components.
- Coordinator: Coordination of the Collector with the Appliance to detect new updates, engage with end-users, and execute remote actions.
- Nexthink Engage: Components for presenting the questions of campaigns and getting answers from the end-users.
- Nexthink Act: Components that manage the execution of remote actions.
|Network specific driver||nxtrdrv5.sys||%windir%\System32\drivers|
| Printing info|
| Command line|
| Control Panel|
Starting from Windows 8, these additional binaries are also installed:
- Metro apps helper library: A dynamic link library that detects the execution of Metro apps.
|Metro apps helper library||nxtwrt.dll||%windir%\System32|
Registry keys of the Windows Collector
On installation, the Collector creates the following keys in the Registry of Windows:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\Updater
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\EndUserFeedback
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\COD
Additional files of the Windows Collector
Find the log files of the Collector here:
Finally, Windows creates a cached copy of the kernel drivers in two folders whose names start with the name of the drivers (nxtrdrv and nxtrdrv5, respectively) followed by an unique identifier that depends on the version of the driver itself. Find the folders here:
The Mac version of the Collector has just the necessary components to report user activity.
Mac Collector binaries
- Main service: A Mac daemon that gathers valuable information from the device of the end-user.
- Coordination service: A Mac daemon that synchronizes with the appliances to provide services such as automatic updates, end-user engagement and execution of remote actions in the near future.
|Main service||nxtsvc||/Library/Application Support/Nexthink|
Configuration files of the Mac Collector
|Daemon configuration file||config.plist||/Library/Application Support/Nexthink|
|Coordinator configuration file||tcp_config.json|
At the end of the file tcp_config.json, find the exact version of the installed Collector and the status of the TCP connection.
Additional files of the Mac Collector
Find the log files of the Mac Collector here:
- /Library/Logs/nxtsvcgen.n.log (n positive, when previous log is rotated)