Job Management Partner 1/Software Distribution Administrator's Guide Volume 1
![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
The security-related inventory information that is acquired as system information is reported from the client by referencing the values defined in the security.ini file. You can change the information to be acquired by editing the security.ini file.
If you do edit the security.ini file, distribute the edited security.ini file to the JP1/Software-Distribution-installation-directory\MASTER\DB directory on the clients, and then execute the Get system information from client job.
The security.ini file is stored in JP1/Software-Distribution-installation-directory\MASTER\DB.
The following figure shows the format of the security.ini file.
Figure 3-12 Format of the security.ini file
![[Figure]](FIGURE/INV0121.GIF)
The security.ini file consists of the following three sections:
| Section name |
Description |
| [PasswordCheck] |
Sets conditions for determining weak passwords. |
| [Passwordage] |
This section is applicable only when the When the system is changed, inventory information is notified to Higher System check box is selected on the System Monitoring page during client setup.
Sets a threshold for notifying the number of days since the Windows password was updated. |
| [ServiceName] |
Sets conditions for determining unnecessary services. |
If a section name or an item is not defined in the security.ini file, that information is not checked.
- Notes
- The security.ini file will never be overwritten when it is located immediately under JP1/Software-Distribution-installation-directory\MASTER\DB, and JP1/Software Distribution Manager was installed by Change or Repair.
- The security.ini file is not deleted when initialization is performed at the time of client setup with * specified as the connection destination.
- To avoid spending too much time on collection of system information, Hitachi recommends that you specify the total number of passwords to check, which can be specified in the PasswordCheck section of the security.ini file, to at least the value set in Account lockout threshold that is applied to the client PC.
The following describes how to specify each section.
- Organization of this subsection
- (1) [PasswordCheck] section
- (2) [Passwordage] section
- (3) [ServiceName] section
(1) [PasswordCheck] section
To change a definition in the [PasswordCheck] section, specify the new information in the following format:
- NoPassword=0 or NoPassword=1
- Specifies whether or not checking for a blank password is to be performed. The permitted values are as follows:
- 0: Do not check.
- 1: Check.
- The default is 0.
- If the specified value is neither 0 nor 1, whether or not a blank password is used is not checked.
- UserAccount=sum-of-specified-values
- Specifies the method for checking whether or not the user account name is used in the password.
- 0: Do not check.
- 1: Check if all letters are lower case.
- 2: Check if all letters are upper case.
- 4: Check if only the first letter is upper case.
- 8: Check if the specified letters exactly match the user account name.
- Specify in the range from 1 to 15 the sum of the values that correspond to the items to be checked. If you want to check all, specify a value of 15, which is the sum of all item values. The default is 0.
- If the specified value is a negative value, a space, or a value that is outside the permitted range, the system does not check whether or not the user account name is used in the password.
- ComputerName=sum-of-specified-values
- Specifies the method for checking whether or not the computer name is used in the password.
- 0: Do not check.
- 1: Check if all letters are lower case.
- 2: Check if all letters are upper case.
- 4: Check if only the first letter is upper case.
- Specify in the range from 1 to 7 the sum of the values that correspond to the items to be checked. If you want to check all, specify a value of 7, which is the sum of all item values. The default is 0.
- If the specified value is a negative value, a space, or a value that is outside the permitted range, the system does not check whether or not the computer name is used in the password.
- PasswordCount=n
- Specifies the number of keywords specified in Password, in the range from 1 to 256. The default is 0. If the specified value is outside the permitted range, the system does not check whether or not specific keywords are used in the password.
- Passwordn=keyword
- Specifies a keyword to be checked when checking is performed on whether a specific keyword is used as a password. You can specify as many keywords as the value specified in PasswordCount. Specify for n a number within the range specified in PasswordCount (1 to 256). The following keywords constitute the default specifications:
Password1=password
Password2=PASSWORD
Password3=Password
Password4=admin
Password5=ADMIN
Password6=Admin
Password7=administrator
Password8=ADMINISTRATOR
Password9=Administrator
(2) [Passwordage] section
To change the definition in the [Passwordage] section, specify the new information in the following format:
- Passwordage=n
- Specifies a threshold value for the number of days since the Windows password was updated, for which checking is performed on whether or not that threshold value has been exceeded. The permitted value is in the range from 1 to 49,710 days. The default is 42 days.
- If the specified value is a negative value, a space, or a value that is outside the permitted range, the system does not check for password updating.
(3) [ServiceName] section
To change a definition in the [ServiceName] section, specify the new information in the following format:
- ServiceCount=n
- Specifies the number of keys specified in ServiceName, in the range from 1 to 256. The default is 4. If the specified value is outside the permitted range, the system does not check whether or not unnecessary services are running.
- ServiceNamen=service-name
- Specifies the name of a service that is to be checked when checking is performed for unnecessary services that are running. You can specify as many service names as the value specified in ServiceCount. Specify for n a number within the range specified in ServiceCount (1 to 256). The following service names constitute the default specifications:
ServiceName1=MSFTPSVC
ServiceName2=TlntSvr
ServiceName3=W3SVC
ServiceName4=SMTPSVC
All Rights Reserved. Copyright (C) 2009, 2013, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.