About Tools

Tools in AlloyScan are quick remote-administration shortcuts that you launch against an audited device from its device form. A click on a tool hands the action — pinging, opening a Remote Desktop session, taking a screenshot, browsing the device share, running a custom PowerShell — off to the appropriate client application installed on your workstation.

How Tools work

Tools are not executed on the AlloyScan server, and they are not executed on the target device's behalf by the platform. The execution model is local-launch:

1. You open a device form in Inventory and click the Tools button in the form header.
2. AlloyScan presents the site's catalog of tools — 14 built-in entries plus any custom tools the Administrator has defined.
3. You pick a tool. AlloyScan's web UI hands the request off to the Alloy Integration Launcher, a helper that runs on your local workstation.
4. The Launcher invokes the matching local client (for example, the Windows Remote Desktop client, your VNC viewer, or PowerShell) and targets it at the device's address.

The platform's role is to provide the device address, the tool definition, and the integration handoff. The actual session — the RDP connection, the ping output, the PowerShell window — runs entirely between your workstation and the target endpoint. AlloyScan does not relay or proxy that traffic.

Why this design

• No agent on the operator side. Administrators already have their preferred clients installed (RDP, VNC, terminal). Tools reuse those clients rather than reimplementing them in the browser.
• No additional path to the endpoint. The connection follows whatever route your workstation already has to the target. AlloyScan does not need to bridge the network between the SaaS surface and the customer LAN to make a tool work.
• Administrator-extensible. Built-in tools cover common cases. Custom tools let you extend the catalog with site-specific scripts and clients.

Built-in vs custom tools

• Built-in tools. A fixed set of 14 entries shipped with the product (Screenshot, Telnet, Ping, VNC, Remote Desktop, Open in Windows Explorer, Manage, Trace route, Event viewer, Path ping, Task list, Shutdown, Reboot, Wake on LAN). They are configured per-site and cover the common Windows-administration toolbox.
• Custom tools. Administrator-defined entries that extend the catalog. A custom tool specifies how the Launcher should invoke a local executable or script, with parameters substituted from the device record (for example, the device's IP or DNS name) and an OS gate that controls when the tool is offered.

The full list of built-in entries with their parameters and OS constraints is in the built-in tools reference. For custom-tool authoring, see How to create a custom tool.

Key distinctions

• Tools vs Scan / Audit. Scans and audits are AlloyScan-driven, run by the Audit Service or Audit Agent, and feed Inventory. Tools are operator-driven, run by the operator's workstation, and produce no inventory data.
• Tool catalog vs Tool invocation. Administrators manage the catalog at Admin Center > Site Settings > Customization > Tools. Operators invoke tools from a device form via the Tools button. The two surfaces are separate.
• Built-in vs Custom. Built-in entries cover common operations and are part of the product. Custom entries are written and maintained per-site.

Limitations

• The Alloy Integration Launcher must be installed on your local workstation, not on the endpoint, for any tool to work.
• The matching client (RDP, VNC, terminal, etc.) must already be available on your workstation; AlloyScan does not provide the clients themselves.
• Some tools are OS-gated and only appear on devices whose audited operating system matches.
• Tool invocation is interactive; AlloyScan does not surface a remote-command result back into the platform.

Note: Details may vary by deployment.

Related

• How to use a tool on a device
• How to create a custom tool
• Built-in tools reference
• About Inventory
• Glossary