Skip to main content

Cornell University

Security Configuration (Endpoint Management Tools - Windows)

This article applies to: Endpoint Management Tools

This page is intended for IT support professionals. End users should contact local IT support.

These setting are for ACLs or firewalls you have in place.

The following IP addresses need both inbound and outbound access to all UDP and TCP ports:

IP Address Hostname (sf-infranode013.c) (sf-infranode014.c) (sf-infranode015.c) (sf-infranode016.c) (sf-infranode017.c) (sf-infranode019.c) (sf-infranode027.c) (domain controller subnet)

Windows Firewall

If you have a Windows firewall, copy the GPO SF-MD_CM12_ClientPorts to the OU where the computers will be installing the clients, then apply it. This will configure the Windows firewall to allow inbound communications from the CM2012 infrastructure to the clients.

Managed Firewall Service

The Global objects CU_GRP_Managed_Desktop and CU_NET_Active_Directory, taken together, can be used to specify this list of IP addresses / subnets.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.