Skip to main content


Frequently Asked Questions about Endpoint Management Tools

What is Endpoint Management Tools?

Endpoint Management Tools is a service that offers IT staff an efficient, secure method for managing workstations. 

The service is available for IT support organizations. If you are an end user, contact the IT or technical support staff for your department or unit.

Why is Cornell managing workstations?

Cornell’s IT staff have managed workstations for many years, but have often done so manually or have operated their own desktop management software. The Endpoint Management Tools service provides a less expensive but more secure and reliable user experience, and more effective integration with other support services such as the IT Service Desk.

What kinds of things does the service do?

The Endpoint Management Tools service helps provide faster, more efficient IT support. It can install or reinstall operating systems and applications very quickly, can update software, enable important security practices (such as installing malware protection, who disk encryption, and applying security patches), help identify problems before they become obvious to the end user, help protect workstations in the event of a widespread security issue, and help Cornell identify software that would be good candidates for bulk purchasing.

What information is being gathered about the managed computers?

The Endpoint Management Tools service stores inventory information about the hardware and installed software of the workstations, updated once per week. No user data is inventoried, and application usage information is not stored. The basic hardware and installed software information is at the heart of the functioning of Endpoint Management Tools as it makes it possible to “target” activities such as software installations and updates to appropriate computers.

Who can see the information about the managed computers?

System administrators (that is, those who manage the Endpoint Management service) have access to the servers where the inventory data is stored. IT directors and their direct designates can access campus-wide inventory information. IT support staff in a department or unit only see information about computers they support.

Can anyone see the documents stored on managed computers?

No. No information about user data is stored in the inventory database.

Who manages the managed computers?

IT support staff in a department or unit use the Endpoint Management Tools service to manage computers. They may do this directly by accessing the management tools or they may do it by making requests to the central Desktop Engineering team.

Is there a list of  specific software allowed? What if the software we need is not available for Endpoint Management Tools?

One of the advantages of Endpoint Management Tools is that it is a known, predictable environment, which allows for more complete, knowledgeable and efficient support. The Endpoint Management Tools service includes a growing library of common software found around campus. 

If you have a need for specific software that is not available via Endpoint Management Tools, the IT support staff in your department or unit can work with you to  find the best solution, either by installing the software or requesting it be added to the library of applications associated with Endpoint Management Tools.

What makes and models of computer hardware can be used?

See our Endpoint Management Tools Technical Requirements page for the list of currently supported models. Endpoint Management Tools may work with other models, but CIT support will be limited.

Why do computers need to be patched?

In order to comply with University Policy 5.10, which is aimed at creating and maintaining a secure work, teaching, research, and study environment, all systems that are used to conduct university business and/or are on the university networks must be patched at regular intervals.

Unpatched systems contain security holes that can be exploited by hackers. Once a hacker gains access to a system, it must be removed from the network and examined to determine the extent of any damage. This can be costly for the university and very disruptive to the user.