![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
Set up each client by setting up the following programs:
- IEEE 802.1X authentication
- JP1/Software Distribution Client
- Windows standard supplicant
Because this is pre-installed as standard in Windows, you need to perform setup only.
- MAC authentication
- JP1/Software Distribution Client
- Organization of this subsection
- (1) Setting up JP1/Software Distribution Client
- (2) Setting up the Windows standard supplicant
(1) Setting up JP1/Software Distribution Client
The following explains the setup required for JP1/Software Distribution Client to link to an authentication server. For details about setting up JP1/Software Distribution Client, see the manual Job Management Partner 1/Software Distribution Setup Guide, for Windows systems.
- Communication with JP1/Software Distribution Client (relay system) on the treatment server
- As the connection destination (higher system) of a client, specify JP1/Software Distribution Client (relay system) or JP1/Software Distribution SubManager on the treatment server.
- If a client is connected to the quarantine or unauthenticated network, the client can only communicate with the treatment server. This configuration allows security measures to be implemented on the client and the latest inventory information to be reported to the higher system via JP1/Software Distribution Client (relay system) or JP1/Software Distribution SubManager on the treatment server.
- Setup for polling the higher system after authentication (when the client OS is Windows)
- JP1/Software Distribution Client includes a function that polls a higher system such as JP1/Software Distribution Manager at machine startup to check for the instructions from the higher system. However, if linkage to an authentication server is used, JP1/Software Distribution Client cannot communicate with the higher system until authentication is completed successfully. Accordingly, the polling attempt might fail.
- To prevent a polling failure, first measure the time required for JP1/Software Distribution Client to log on to Windows after machine (OS) startup. Then, during JP1/Software Distribution Client setup, set JP1/Software Distribution Client to wait for that amount of time before starting polling.
- Of the following settings, only the first is mandatory, but it is recommended that you set all three:
- In the Default Running Status/Polling panel, specify a time interval in Maximum polling delay before or after starting the client, and select Start polling after waiting.
- In the Default Running Status/Polling panel, select Execute polling once every, and specify a polling interval.
- In the Retry Communication panel, set Retry count for establishing socket connection and Retry interval for establishing socket connection.
- Note
- If you have set The first polling is executed: Before the client starts during JP1/Software Distribution Client setup, installation at startup is delayed by the setup for polling the higher system after authentication. As a result, the startup of programs registered in the Software Distribution Client Startup folder is also delayed.
(2) Setting up the Windows standard supplicant
If IEEE 802.1X authentication is used, set up the Windows standard supplicant.
Set up the Windows standard supplicant.
The following table lists the settings for the Windows standard supplicant. For details about setting up the supplicant, refer to the documentation on the Microsoft Support site or to Windows help.
Table 13-9 Settings for Windows standard supplicant by OS
OS Setting Description Windows 2000 Starting the service Start the following Windows service:
Wireless Configuration
The startup type is set to Manual by default.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select MD5-Challenge.
Displaying an icon in the taskbar On the General page of the Local Area Connection Properties dialog box, select the Show icon in taskbar when connected check box. Windows XP Starting the service Start the following Windows service:
Wireless Zero Configuration
The startup type is set to Automatic by default. Check that the service has started.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select MD5-Challenge.
Displaying an icon in the notification area On the General page of the Local Area Connection Properties dialog box, select the Show icon in notification area when connected check box. Windows Server 2003 Starting the service Start the following Windows service:
Wireless Configuration
The startup type is set to Automatic by default. Check that the service has started.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select MD5-Challenge.
Displaying an icon in the notification area On the General page of the Local Area Connection Properties dialog box, select the Show icon in notification area when connected check box. Windows Vista Starting the service Start the following Windows service:
Wired AutoConfig
The startup type is set to Manual by default.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select Protected EAP (PEAP).
Windows Server 2008 Starting the service Start the following Windows service:
Wired AutoConfig
The startup type is set to Manual by default.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select Protected EAP (PEAP).
Windows 7 Starting the service Start the following Windows service:
Wired AutoConfig
The startup type is set to Manual by default.Enabling IEEE 802.1X authentication;
choosing the EAP authentication methodSpecify the following settings on the Authentication page of the Local Area Connection Properties dialog box:
- Select the Enable IEEE 802.1X authentication for this network check box.
- From the drop-down menu, select Protected EAP (PEAP).
- #
- In addition to these settings, it is recommended that you configure the Windows standard supplicant to initiate authentication after a restart by sending an EAPOL-START packet to the switch. To set up the supplicant to send EAPOL-START packets, you will need to make changes to the registry. For details about the settings for sending EAPOL-START packets, see applicable information published by Microsoft.
- Note
- If the supplicant is not set up to send EAPOL-START packets, client authentication is performed at the authentication interval set on the switch (authentication does not start when the client is restarted).
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated