How to monitor a Windows fleet without buying an RMM

If you operate a fleet of Windows hosts — workstations, RDP servers, line-of-business application servers — you've probably been pitched an RMM. Remote Monitoring and Management tools are the default answer the industry gives to "how do I keep an eye on a lot of machines at once?". ConnectWise Automate, Datto RMM, NinjaOne, Atera, N-able. They're real products with real value, and at a certain scale they're worth the money.

But for a lot of organizations — especially in-house IT teams, smaller MSPs, and developers running their own infrastructure — RMMs feel like overkill. They're priced per endpoint per month, they bundle features you'll never use, they want exclusive ownership of the agent on your hosts, and most of them ship a stack from a previous decade. If you've ever winced at a quote from one of these vendors, this post is for you.

The thesis: most of what an RMM provides can be replaced by a small, focused agent and a server you control. You give up some things; you gain others. Let's unpack which is which.

What does an RMM actually do?

Strip away the marketing and you're left with about seven core capabilities:

1. Inventory — what hardware, OS, and software is on each host.
2. Monitoring — vitals (CPU, RAM, disk, network), services, processes.
3. Alerting — fire notifications when something crosses a threshold or stops.
4. Remote access — see and control the screen of a host when you need to.
5. Task execution — run a script, install software, restart a service.
6. Patch management — keep Windows and third-party apps updated.
7. Reporting — roll the above up into something a manager looks at monthly.

That's it. The rest is dashboards, integrations, marketplace, ticketing. Useful, but not load-bearing.

The minimum viable alternative

Here's what you actually need to cover six of those seven capabilities:

• A small agent on every host that can run tasks and report state.
• A central API + database that holds tasks, results, and inventory.
• A web dashboard that operators look at.
• A scheduler for recurring jobs and a watchdog for thresholds.
• Optional: an on-demand remote viewer (VNC) for the rare times you need to see the screen.

That's a weekend project for a senior engineer, or a few weeks for someone learning .NET. The architecture is famously boring:

┌──────────┐         ┌────────────┐         ┌──────────┐
│  Agent   │ ─poll─→ │  Server +  │ ←view── │ Operator │
│ (on host)│ ←tasks  │  Database  │  tasks  │   (web)  │
└──────────┘         └────────────┘         └──────────┘

Every popular RMM is, under the hood, exactly this. The agent polls, the server holds state, the operator sees the dashboard. The differences are in execution quality, the toolbox, and the polish.

What you can do cheaply

Inventory and monitoring. Both are essentially scheduled tools — collect this data, push to server, store. SystemInfo, DiskSpace, InstalledSoftware, WindowsServices — these are 50-line PowerShell scripts each, or simple .NET equivalents that don't fight UAC.

Alerts. Pick a threshold, evaluate on each report, fire when crossed. Send to email, a webhook, Slack, Telegram. Add per-host cooldown so you don't get flooded when something flaps. This is also straightforward — the hard part is picking the right thresholds, which no RMM does well either.

Task execution. If your agent has a stable polling channel back to the server, the server can drop a task in a queue and the agent picks it up and runs it. PowerShell is built into Windows. System.Management.Automation in .NET lets you execute PowerShell with structured input and output. You don't need a special "RMM scripting language" — you have the entire PowerShell ecosystem.

Remote viewer. This is where most homebrew alternatives stop short, because nobody wants to embed a VNC server in their custom agent. The trick: don't. Install a portable TightVNC (or any other) on demand, tunnel through the agent's existing channel, kill it when the operator disconnects. Zero pre-install footprint, fully auditable.

Reporting. If your data is in a database you control, you can use Power BI, Metabase, or just SQL. RMMs lock reporting behind their own canvas, which is invariably worse than the BI tool you already pay for.

What you give up (honestly)

This is where most "build your own RMM" blog posts get evangelical and wave away the tradeoffs. Let's not do that.

1. Patch management at scale

Properly orchestrated Windows Update + third-party patching (Chrome, Adobe, Java, etc.) with rollback and approval workflows is a real engineering effort. Some RMMs are great at this; most are merely passable. Building it yourself is doable but not trivial — figure on weeks, not days, and the maintenance burden is permanent because every patch source has its own quirks. If you're a managed service provider patching 5,000 hosts across hundreds of customers, this is a feature worth paying for.

For in-house IT teams with <500 hosts, Windows Update for Business + a small wrapper handles 95% of the case for free.

2. Vendor accountability

When something breaks, an RMM vendor has a phone you can call. When your home-rolled agent fails on Patch Tuesday because Microsoft shipped a breaking change, you're on call. This matters less than people think — most RMM support is "have you tried turning it off and on again" — but it isn't zero.

3. Compliance certifications

If your industry requires SOC 2 or ISO 27001 of your tooling, RMM vendors pre-paid that audit cost. Self-rolling means you're either inheriting your own audit posture or skipping the box entirely. For most regulated industries, having your own DIY agent inside a SOC 2 boundary is fine; for the few where the auditor specifically wants vendor certifications, you're stuck.

4. PSA integration

If you're an MSP running ConnectWise Manage or HaloPSA, your RMM's tight integration with the PSA is part of why it costs what it costs. Replacing the RMM means rebuilding that integration, which is webhook-and-API work but real.

The honest cost comparison

RMMs run $2–$8/endpoint/month depending on tier and volume. A 200-endpoint fleet is $4,800–$19,200/year. A 1,000-endpoint fleet is $24,000–$96,000/year.

A self-rolled alternative costs:

• One-time engineering effort: $0 (if you build it yourself in 2 weeks) to ~$50,000 (if you contract it out).
• Ongoing hosting: $50–$500/month for a server that handles thousands of agents.
• Ongoing maintenance: a few hours per month at steady state. More during the first quarter.

So the breakeven against an RMM is roughly: if you have more than 50 endpoints and a competent engineer who can spare a few hours a month, building (or adopting an open alternative) costs less from year two onward.

That math doesn't account for opportunity cost — engineering time has alternatives — but it tells you why we keep meeting smart IT teams who looked at the RMM quote, did the spreadsheet, and built their own.

What we built and why

PWA's design choices reflect this thesis: 40+ built-in tools so most ops work doesn't need scripting; recurring tasks with cron; a watchdog for thresholds; multi-tenant by design; on-demand VNC; an MCP server so Claude Desktop can drive the fleet for you. Self-hosted on your own server. SQLite / SQL Server / PostgreSQL / MySQL for storage. White-label if you're an MSP.

You don't have to use PWA, of course. The point of this post isn't a pitch — it's that you don't need to pay RMM prices to monitor a fleet of Windows hosts. If you do build your own, copy the architecture above and skip the mistakes. If you adopt something off the shelf, look hard at the price/value ratio. And if you go with a traditional RMM, do it with eyes open about which capabilities you're actually paying for.