Job Management Partner 1/Software Distribution Description and Planning Guide

[Contents][Glossary][Index][Back][Next]

2.5.5 Suppressing external media operations

By suppressing external media operations at a client, you can prevent the leakage of confidential information and the entry of undesirable information from external systems. This facility is available when the client version is between 08-51 and 09-00.

During external media operation suppression, writing and reading data via the following external media is suppressed:

Select the media whose operations are to be suppressed based on factors such as the frequency of use by jobs and the risk for information leakage.

If the client version is 09-50 or later, you can suppress these external media operations by suppressing device operations. For details about how to suppress device operations, see 2.5.6 Suppressing device operations.

The following figure provides an overview of external media operation suppression.

Figure 2-24 Overview of external media operation suppression

[Figure]

Organization of this subsection
(1) Prerequisites for the client OS
(2) Notes on suppressing external media operations

(1) Prerequisites for the client OS

To suppress external media operations, match the client OS to the prerequisites. If the client's OS is Windows NT 4.0, Windows 98, or Windows Me, suppression of external media operations is not supported.

Facility Windows
2000 Server 2003 XP Vista Server 2008 7
Suppression of USB-connected media operations (write- and read-disabled)#1, #2 Y Y Y Y Y#3 Y
Exclusion of specific USB-connected media from suppression#4, #5 Y Y Y Y Y Y
Suppression of USB-connected media operations (only write-disabled)#1, #2 N N Y N N N
Suppression of writing data to internal CD/DVD drive N Y Y Y N Y
Suppression of internal floppy disk operations Y Y Y Y N Y
Suppression of IEEE 1394-connected media operations#1 Y Y Y Y N Y
Suppression of internal SD card clot operations#1 N N Y Y N Y

Legend:
Y: Supported
N: Not supported

#1
The USB-connected media, IEEE 1394-connected media, and SD cards to be suppressed are those media that are displayed as follows when device components are displayed from the Safely Remove Hardware dialog box.
  • USB Mass Storage Device
  • IEEE 1394 SBP2 Drive
  • Secure Digital Storage Device

#2
In some cases, a USB-connected media device that is not displayed as a USB Mass Storage Device in the Safely Remove Hardware dialog box may be suppressed. In such a case, exclude the client PC or the suppressed USB-connected media from suppression. When you suppress USB-connected media operations (only write-disabled), you cannot exclude specific USB-connected media devices from suppression.

#3
If the OS of the client PC is Windows Server 2008, the suppressed items are USB storage devices.

#4
If the Exclude the specified media from suppression check box is selected, the items suppressed by suppressing USB-connected media operations (write- and read-disabled) are USB storage devices.

#5
With JP1/Software Distribution Client version 08-51 and earlier, you cannot exclude specific media from suppression.

The operations that can be suppressed differ depending on the OS of the client PC, as indicated below.

(2) Notes on suppressing external media operations

Notes on suppressing external media operations at an offline machine

Do not suppress the operation of external media that will be used to apply an operation monitoring policy or collect operating information. If you suppress the operation of such external media, you will not be able to apply an operation monitoring policy or collect operating information.

Notes on virtual environments

Note the following when an operation monitoring policy for suppressing external media operations is applied to a virtual environment: