Security Configuration (Endpoint Management Tools - Windows)

This article applies to: Endpoint Management Tools

This page is intended for IT support professionals. End users should contact local IT support.

These setting are for ACLs or firewalls you have in place.

The following IP addresses need both inbound and outbound access to all UDP and TCP ports:

10.16.113.22	(sf-infranode013.cit.cornell.edu)
10.16.113.23	(sf-infranode014.cit.cornell.edu)
10.16.113.24	(sf-infranode015.cit.cornell.edu)
10.84.37.68	(sf-infranode016.cit.cornell.edu)
10.84.37.69	(sf-infranode017.cit.cornell.edu)
10.84.37.71	(sf-infranode019.cit.cornell.edu)
10.84.37.73	(sf-infranode027.cit.cornell.edu)
128.253.173.224/27	(domain controller subnet)

Windows Firewall

If you have a Windows firewall, copy the GPO SF-MD_CM12_ClientPorts to the OU where the computers will be installing the clients, then apply it. This will configure the Windows firewall to allow inbound communications from the CM2012 infrastructure to the clients.

Managed Firewall Service

The Global objects CU_GRP_Managed_Desktop and CU_NET_Active_Directory, taken together, can be used to specify this list of IP addresses / subnets.

Endpoint Management Tools Articles

see all

Windows

Access Compliance Reports (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. There are several reports included in the CM2012 Console that focus on evaluating patch...

Access Standard Reports (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. There are several reports that focus on evaluating patch compliance. The...

Access the CM2012 Console (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. The CM2012 Console is your interface for Endpoint Management Tools for Windows....

Certified Desktop: Windows Screen Lock Compliance

The Certified Desktop agreement specifies "all devices must employ a locking screensaver that requires a strong password to unlock, with a timeout (inactivity period after which locking occurs) not longer than 30 minutes." This page outlines technical details for tracking individual computer compliance with this requirement on Windows machines.

Deploy a Task Sequence (Endpoint Management Tools - Windows)

Once you have completed the steps in our Work with Task Sequences article, you need to deploy the task sequence to a collection containing the machines you would like to image. In...

Deploy Perceptive Content via Endpoint Management Tools

This article is intended for local technical support providers.

Deploy System Center Endpoint Protection

SCEP is the antivirus product for Windows devices managed through our Endpoint Protection Management service.

Determine if a Computer is Managed (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. There are a number of ways to check if a computer is being managed through the Endpoint...

Force an Inventory Refresh (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. Various parts of the inventory database are updated automatically at different times. If...

Guidelines for CU VPN Use for Off-Campus Users of Windows Devices

In interests of both conserving the CU VPN service and providing remote end users’ computers with the resources needed to maintain normal operation, CIT recommends using CU VPN to connect...

Install the CM Client (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. Once the client is installed on a workstation, the workstation sends inventory...

Security Configuration (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. These setting are for ACLs or firewalls you have in place. The following IP...

Testing Process (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. Although the Endpoint Management Tools service encourages adoption of standards...

Windows Third-Party and Operating Systems Update Process

CIT has changed (December 2020) the update process to make delivering updates to software and operating systems less intrusive to individual users’ computer use and to eliminate the inconvenience...

Work with Task Sequences (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. This page is for Endpoint Management Tools users who need to use any of the Task...

Workstation Configuration (Endpoint Management Tools - Windows)

This page is intended for IT support professionals. End users should contact local IT support. This page provides configuration information regarding hardware, software, and...

Was this page helpful?

Your feedback helps improve the site.

Comments?

To share feedback about this page, log in with your NetID.
Need assistance with an IT@Cornell service? Contact the Service Desk instead.

Search Filters:

Knowledge Base Article

Quick Links and Search

How can we help?

Quick Login

Security Configuration (Endpoint Management Tools - Windows)

Windows Firewall

Managed Firewall Service

Endpoint Management Tools Articles

Windows

Was this page helpful?

Comments?

Support

Follow IT@Cornell...