2.6.3 Controlling devices
You can control the devices managed by JP1/IT Desktop Management. This section describes how to control devices in the following ways:
- Send messages to users
-
You can send a message to a user of a computer. You can also send the same message to several computers at once.
- Control a computer's access to the network
-
You can permit or deny a computer network access.
- Collect user information
-
You can collect information from users by displaying an input window on the user's computer.
- Turn a computer on or off
-
You can restart computers remotely and turn computers on and off.
- Collect the latest device information
-
You can collect the latest device information any time you wish.
- Define prohibited software
-
You can view a list of software installed on a computer, and designate certain software as prohibited software. This allows you to view the violation level of the computer in terms of installed software in the Security module. You can also prevent users from using certain software, or uninstall it remotely.
- Uninstall software
-
You can uninstall software by selecting it from a list of software installed on a computer.
- Remotely control a computer
-
You can access the desktop of a computer and control it remotely.
- Control smart devices
-
You can lock, wipe, and reset passcodes on smart devices managed by JP1/IT Desktop Management.
- Organization of this subsection
(1) Conditions for power control
This section describes the conditions that must be met to control the power status of a computer.
Conditions for turning on a computer
If there is a value for AMT Firmware Version in the device information, the system uses AMT to turn on the computer. If not, the system uses Wake on LAN. The following conditions must be met to turn on a computer:
- Important note
-
You cannot turn on a computer if any of the following apply:
-
The computer is in a wireless LAN environment
-
A LAN and wireless LAN are connected to the same subnet
-
The computer is suspended in battery mode
-
- Conditions on the management server
-
When using AMT
-
The AMT user ID and password must be registered in the AMT view under Inventory in Settings module.
-
Port 16992 used by AMT must be available.
When using Wake on LAN
-
None.
-
- Conditions on the computer
-
When using AMT
-
The computer is connected to the management server.
-
The agent is installed on the computer.
-
The computer supports AMT.
A computer supports AMT if a value appears for AMT Firmware Version in the device information.
-
The user name and password for AMT are entered in the BIOS settings.
-
Port 16992 used by AMT must be available.
- Tip
-
You can configure AMT in agent configurations which you can then apply to computers with the agent installed. This means that the administrator does not need to configure the BIOS on each computer individually.
- Tip
-
You can register one combination of AMT user ID and password on a given management server. For this reason, when using AMT to turn computers on and off, the same ID and password must be used on each computer.
When using Wake on LAN
-
The computer is connected to the management server.
-
The agent is installed on the computer.
-
The computer supports Wake on LAN.
-
Magic Packet mode is enabled in the Wake on LAN settings.
-
Conditions for turning off a computer
The following conditions must be met to turn off a computer:
- Conditions on the management server
-
None.
- Conditions on the computer
-
-
The computer is connected to the management server.
-
The agent is installed on the computer.
-
A Shutdown Computer dialog box appears on a computer you are turning off.
![[Figure]](GRAPHICS/ZU560002.GIF)
If there is no intervention by the user, the computer will shut down automatically after 180 seconds.
Note the following when shutting down a computer:
-
A computer will not shut down automatically if its screen saver is active and password protected.
-
A locked computer will not shut down automatically.
-
A computer will not shut down automatically if a user is working on an open file.
-
A computer will not shut down automatically if another user is logged on to the computer.
-
If the user has not yet logged on to the computer, the computer shuts down without displaying the Shutdown Computer dialog box.
-
If the computer is instructed to turn off by the management server while the Shutdown Computer dialog box is displayed, the latter instruction is ignored.
Conditions for restarting a computer
The following conditions must be met to restart a computer:
- Conditions on the management server
-
None.
- Conditions on the computer
-
-
The computer is connected to the management server.
-
The agent is installed on the computer.
-
A Restart Computer dialog box appears on a computer you are restarting.
![[Figure]](GRAPHICS/ZU990593.GIF)
The computer restarts subject to the conditions specified in the Computer Restart Settings area of the Agent Basic Settings tab of the agent configurations. If you select Automatically restart the computer if the user does not respond within the following period of time in the agent configurations, the computer automatically restarts after the time period specified in the agent configurations has elapsed if there is no intervention by the user. If you select Do not restart until the user responds in the agent configurations, the Restart Computer dialog box remains on screen and the computer does not restart until the user clicks the appropriate button.
Note the following when restarting a computer:
-
A computer will not restart automatically if its screen saver is active and password protected.
-
A locked computer will not restart automatically.
-
A computer will not restart automatically if a user is working on an open file.
-
A computer will not restart automatically if another user is logged on to the computer.
-
If the user has not yet logged on to the computer, the computer restarts without displaying the Restart Computer dialog box.
-
If the computer is instructed to turn off by the management server while the Restart Computer dialog box is displayed, the instruction to turn off takes precedence. In this scenario, the Restart Computer dialog box is replaced with a Shutdown Computer dialog box.
(2) Prerequisites for using AMT
The features of JP1/IT Desktop Management have different requirements in terms of the AMT version required on the computer.
The following table shows the version of AMT required to use each feature.
|
Feature |
Description |
Required AMT version |
|
|---|---|---|---|
|
Power control |
Turns remote computers on and off. |
2.0 to 9.0 |
|
|
Collecting AMT firmware versions |
Collects the AMT version as part of a computer's device information. |
||
|
IDE redirection |
Allows you to use CD-ROM drives remotely when using the remote control feature. |
||
|
Remote control over RFB connections |
Allows you to use the remote control feature over a RFB connection. |
6.0 to 9.0 |
|
|
AMT configuration |
Enable IDE redirection |
This feature allows the use of the IDE redirection feature of AMT. |
6.1 to 9.0 |
|
Enable remote KVM |
By enabling remote KVM on a computer in the agent configurations, you can remotely control the computer over an RFB connection. You can also set the authentication information needed to remotely control the computer. |
||
|
Enable AMT and set passwords for AMT users with administrator permission |
This feature enables AMT if disabled. You can also set the password for AMT users with administrator permission (the admin user). |
7.0 to 9.0 |
|
To use these features, the management server must be configured in the following ways:
- To automatically enable AMT on a computer
-
AMT must be enabled on a computer before you can use features that are based on AMT.
To automatically enable AMT on a computer, set the password used by AMT to gain administrator permission in the AMT view of the Settings module.
You can then enable AMT automatically on computers and access them with administrator permission.
If there is no administrator password set for AMT on a computer, the password you enter in the AMT view applies. You cannot set new a password if one is already registered in AMT. In this case, specify the registered password. If an administrator password is set but AMT is disabled, you need to first enable AMT on the computer.
- To control the power state of a computer using AMT, or collect the AMT firmware version from a computer
-
Set the credentials needed to communicate with AMT on the computer in the Set Credentials area of the AMT view of the Settings module.
Thereafter, AMT will be used to control the power state of the computer. The system will also collect the AMT firmware version when collecting the computer's device information.
- To remotely control a computer via RFB or use the IDE redirection feature
-
The remote KVM feature and IDE redirection feature must be enabled in AMT on the remote computer.
You can edit agent configurations in the Agent Configurations view of the Settings module. In the AMT view, select the Allow Remote KVM and Allow IDE Redirection check boxes.
If AMT is enabled on the computer, changes to AMT settings take effect each time the agent configurations are applied to the computer. If AMT is disabled on the computer, you need to configure the agent configurations to enable ATM automatically.
When you set up the computer in this manner, when an attempt by the remote control feature to connect to a computer using a standard connection fails, the remote control feature then attempts to connect using RFB. You can configure the system to use RFB when connecting from the Connect item in the File menu of the Remote Control view. You can also use the IDE redirection feature during remote control sessions.
Related Topics: