Job Management Partner 1/Software Distribution Administrator's Guide Volume 1
![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Specify the programs and paths to be monitored (monitoring target programs). You must specify them if you plan to prevent software from starting.
Figure 6-14 Edit Software Operation Monitoring Policy dialog box (specifying the programs to be monitored)
![[Figure]](FIGURE/ALT0160.GIF)
- Program operation settings not set in the monitoring target program list:
- You can select whether to allow or suppress the startup of programs and paths that are not displayed in Monitoring target program list.
- If you select Allow, the programs and paths other than those that are prevented from starting in Monitoring target program list are allowed to start.
- If you select Suppress, the programs and paths other than those that are allowed to start in Monitoring target program list are prevented from starting. However, the following paths are not suppressed:
- %SystemRoot%
- %windir%
- JP1/Software Distribution installation directory
- Hitachi program product installation work directory
- %Program Files%\Common Files#
- %Program Files%\InstallShield Installation Information#
- #: If the OS being used is a 64-bit version of Windows 8, Windows Server 2012 (x64), Windows 7 (x64), Windows Server 2008 (x64), Windows Vista (x64), or Windows Server 2003 (x64), paths with %Program Files% replaced with %Program Files(x86)% are also included.
- If startup suppression is in effect and JP1 events are set to be issued, a JP1 event is issued.
- The default is Allow.
- When creating a policy with Suppress specified, first sufficiently test its operations in a test environment before applying the policy to a client.
- Monitoring target program list
- A list of programs and paths to be monitored is displayed.
- If you set Program operation settings not set in the monitoring target program list: to Suppress, %temp% and %tmp% are displayed as defaults for the recommended paths for allowing startup.
- For a program, its software name, file name, formal file name, file version, file language, and product version are displayed as property information.
- A monitoring target program type is displayed in the Type column. For a program specified by a file name, File name is displayed. For a program specified by a formal file name, Formal file name is displayed. For a program specified by a path, Path name is displayed.
- The Operation column shows the operation settings for the operation monitoring target program. The following table shows the operation settings that are displayed.
| Operation settings |
Description |
| Suppression |
Programs and paths that are prevented from starting |
| Suppression (with conditions) |
Programs and paths that are prevented from starting under the specified condition |
| Allow |
Programs and paths that are allowed to start |
- The items displayed in Monitoring target program list are automatically sorted according to the priority order of suppression or permission. Suppose that a path with start suppression is displayed under a program that is allowed to start. In this case, the program can start, even if it is inside the path for which startup is suppressed.
Figure 6-15 Overview of Monitoring target program list
![[Figure]](FIGURE/ALT0165.GIF)
- Add
- The menu items shown below are displayed. You use these methods to add programs and paths that are to be monitored.
- Add by manual settings
- The Property Information Settings dialog box appears. Specify the properties of the programs to be monitored and add them to Monitoring target program list.
- Specify in the Property Information Settings dialog box either File name or Formal file name. The following describes the information to be specified for these items:
- File name
Specifies the file name of a program to be monitored. For example, if Notepad is to be monitored, specify notepad.exe.
If the program file might have been renamed by the client user, specify Formal file name.
- Formal file name
Specifies the value of formal-file-name or original-file-name that is displayed in the file properties of the program to be monitored.
If the client OS is Windows 8, Windows Server 2012, Windows 7, Windows Server 2008, or Windows Vista, append .mui to the value of original-file-name. For example, if Notepad is to be monitored in Windows 8 or Windows 7, specify notepad.exe.mui.
- Add by specifying the file
- The Specify File dialog box appears. Load the properties of the selected programs (files with extensions of exe, com, or scr) and add them to Monitoring target program list.
- When you are adding programs by specifying files, file names are not loaded. If the specified file has no software name, the file name is loaded as the registered name.
- Add from software inventory dictionary
- The Read from the Software Inventory Dictionary dialog box appears. Load JP1/Software Distribution's software inventory and add it to Monitoring target program list. You can also specify a condition to narrow the programs to be added. For details about how to specify a condition, see 3.2.5(2) Displaying only specified software.
- When you add programs from the software inventory dictionary, only data in the software inventory dictionary that is displayed for Software name and File name is loaded. If there is no data associated with Software name, the data associated with File name is loaded as the registered name.
- Add by specifying path
- The Path Information Setting dialog box opens. Specify the paths to be monitored and add them to Monitoring target program list.
- You can also specify an environment variable for the path. However, if you specify a character string in front of an environment variable, such as C:\temp\%xxxx%, the environment variable is treated as a character string. The system's environment variable is set for the environment variable. However, if %temp% and %tmp% are specified on Windows 2000 or Windows NT 4.0, both the system's environment variable and the user's environment variable are set.
- Change
- The Property Information Settings dialog box appears, and you can change the properties of the program selected from Monitoring target program list.
- Delete
- You can select and delete programs from Monitoring target program list. You can delete multiple programs at once.
- Permitted condition settings
- The Permission Condition Settings dialog box appears, and you can set a permitted condition for the program selected from Monitoring target program list. You can set permitted conditions for multiple programs at once.
- Organization of this subsection
- (1) Setting permitted conditions for the programs to be monitored
- (2) Notes on setting monitoring target programs
To prevent software or a path from starting, you can set a permitted condition for the program to be monitored in the Permission Condition Settings dialog box. A permitted condition consists of a user type and a time restriction, and when both of these conditions are satisfied, a program is not prevented from starting. For example, you can specify that the program being monitored may be used if the user belongs to either the Administrators user group or the user1 user account group and if the time is between 12:00 and 13:00.
Figure 6-16 Permission Condition Settings dialog box
![[Figure]](FIGURE/ALT0170.GIF)
(a) User type
- Type
- Select either User account or User group as the user type that is allowed to use a program. The default is User account.
- Condition
- Specify a condition for the user account or user group that is allowed to use the program. By clicking Browse, you can select from the list of user accounts or user groups registered in the computer.
- If you choose to directly specify a user account or user group, specify a user account using between 1 and 20 characters and a user group using between 1 and 255 characters. The following symbols are not permitted:
- *, +, ,, /, :, ;, <, =, >, ?, [, \, ], |
- Permitted user types
- This list displays the user types that are allowed to use the program and the condition for use. If there are multiple conditions, they are treated as OR conditions.
- Add
- Use this button to add the user type and condition specified for Type and Condition to the Permitted user types list.
- Delete
- Use this button to delete the user type and condition selected in Permitted user types.
- Condition
- Specify the time range in which the program may be used. In the system default, the start time is set to the current time and the stop time is set to one hour from the current time. The start time and stop time cannot be the same.
- Permitted Time
- This list displays the time condition for allowing the use of the program. If there are multiple conditions, they are treated as OR conditions.
- Add
- Use this button to add the time specified in Condition to the Permitted Time list.
- Delete
- Use this button to delete the condition selected in Permitted Time.
(2) Notes on setting monitoring target programs
- If you apply a policy for suppressing startup of software, system operation might become unstable. Check the operation of such a policy thoroughly in a test environment before you apply it to a client.
- Do not suppress startup of modules that are related to the OS or to JP1/Software Distribution operations. If startup of such a module is suppressed, the OS or operation monitoring facilities might not function correctly.
- When you set Program operation settings not set in the monitoring target program list to Suppress and apply a policy to a computer on which both JP1/Software Distribution Manager and JP1/Software Distribution Client are installed, you must specify the settings so that startup of JP1/Software Distribution Manager is permitted.
- A program that terminates immediately after it starts terminates before its operation can be suppressed. Consequently, it may not be possible to suppress such a program from operating.
- You cannot specify Allow or Suppress for a program in which the combined size of the file name and the path is 260 bytes or longer.
- The information used for determining whether startup of software is to be suppressed includes the file name, formal file name, file version, and file language that are specified as Property information. The registration name and product version that are specified as Product information are not used for determining a suppression target.
- If you cannot load a formal file name when specifying a monitoring target program, File name is set. In this case, you cannot specify Allow or Suppress using the formal name. Suppression or permission is determined based on the file name.
Even when the formal file name is verified to be valid, loading it may fail if the file's version resource value is in conflict.
- The file version is the File version that is displayed in the file properties. Its value might vary depending on the OS. If you specify a file version, use the value acquired by the same OS as for the client to which the operation monitoring policy is being applied. If you have acquired the file version automatically and its value differs from the one displayed by the client's OS, change the value manually.
- If a program to be suppressed is repeatedly suppressed at the client, the following error message may be issued.
Application could not be correctly initialized (0xc0000142).
Click OK to terminate the application.
In this case, restart the client's OS.
All Rights Reserved. Copyright (C) 2009, 2013, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated.