A.9 Version changes

Changes in 10-01

• The offline management function can now be used to manage computers that are not connected to the management server via a network.

• Information about JP1/IT Desktop Management can now be updated by acquiring support service information including anti-virus product information.

• During asset management, the license types and product IDs of some purchased software products, as well as software types, can now be managed.

• A description stating the following was added: Suspicious file reproduction operations and suspicious printing operations are handled differently.

• Differences in the Home module and Assets module when administration scopes are assigned were corrected.

• Software can now be added to the managed-software list by using the Software Inventory view of the Device module.

• The description of the case in which a site server is deployed within the network search range was improved.

• A description stating the following was added: To discover networked devices in an environment with site servers deployed, the management server and the site server must be mutually accessible by their IP addresses.

• A cautionary note about when a discovery range includes a loop-back address or broadcast address was added.

• Windows 8 and Windows Server 2012 were added as applicable OSs for JP1/IT Desktop Management - Agent.

• The explanation of the legend of the table indicating the system information that can be acquired from Active Directory was improved.

• A description stating the following was added: SNMP: NG(No credential) might appear if not enough information was collected to identify a device.

• The Host Name entry was added in the computer information that can be collected as system information.

• A description stating that the Workstation service of the OS of a managed computer must be running to collect the following information was added.

  • Automatic Windows Update in Windows Update Details

  • Windows Service Details

  • OS Security Details

• The description of Registered Date/Time shown on the Installed Computers tab was corrected.

• The conditions that must be met to control the power status of a computer were corrected.

• The time when the computer is restarted can now be set in the Add Agent Configuration dialog box and the Edit Agent Configuration dialog box. Accordingly, the descriptions of the Shutdown Computer and Computer Restart settings dialog boxes that appear on a computer with the agent installed were changed.

• Whether device information can be collected from any MDM system was added. The explanation of the legend was improved.

• A description stating the following was added: When you use the remote control feature, if there is no mouse connected to a computer with the agent installed, the mouse pointer will always be shaped as an arrow regardless of context.

• A description of how to specify the settings to control network connections so that newly discovered devices are automatically permitted to connect to the network was added.

• The settings you need to enter in the network control list for devices used in particular ways were added.

• A description stating that the computers for which network monitor is enabled are not judged for Windows firewall was added.

• The following products were added as supported anti-virus products (Japanese versions):

  • Norton AntiVirus 2012 (32-bit, 64-bit)

  • Norton AntiVirus (32-bit, 64-bit)

  • ウイルスバスター 2012 クラウド (32-bit, 64-bit)

  • ウイルスバスター クラウド (32-bit, 64-bit)

  • ウイルスバスター コーポレートエディション 10.6 (32-bit, 64-bit)

  • ウイルスバスター ビジネスセキュリティ 7.0 (32-bit, 64-bit)

  • Kaspersky Endpoint Security 8 for Windows 8.1 (32-bit, 64bit)

  • Kaspersky Endpoint Security 8 for Windows (32-bit, 64-bit)

  • ESET NOD32 Antivirus 5.0 (32-bit, 64-bit)

  • ESET NOD32 Antivirus 5.2 (32-bit, 64-bit)

  • Sophos Endpoint Protection - Enterprise 10 (32-bit, 64-bit)

  • Sophos Endpoint Protection - Advanced 10 (32-bit, 64-bit)

  • Sophos Endpoint Protection - Basic 10 (32-bit, 64-bit)

  • F-Secure Client Security 9.11 (32-bit, 64-bit)

  • F-Secure Client Security 9.20 (32-bit, 64-bit)

  • F-Secure Client Security 9.31 (32-bit, 64-bit)

  • F-Secure Client Security 9.32 (32-bit, 64-bit)

  The following products were removed from the supported anti-virus products (Japanese versions).

  • ウイルスバスター 2010 (32-bit, 64-bit)

  • F-Secure Client Security 8.01 (32-bit, 64-bit)

• A note that applies when a security policy (for which Block Printing or Acquisition of Operations Logs is set) is assigned to an agent-installed computer, and actions to be taken were added.

• A note that applies when both JP1/IT Desktop Management and another program restrict startup of the same software program was added.

• A note that applies when Restrict reading/writing is enabled for USB devices in a security policy was added.

• A note on computers running a 64-bit edition of an OS and with VMWare Server installed was added.

• Windows Internet Explorer 10 and Firefox 5 were added as Web browsers for which operation logs can be acquired.

• The description of Original File Created Date/Time acquired in an operation log was corrected.

• The note on the recreatelogdb command was corrected.

• It is now stated that ReFS is also applicable to the notes on acquiring source information of incoming files when files are moved or copied to a drive that uses a file system other than NTFS.

• The description of how devices and hardware assets are identified was corrected.

• Information about unconfirmed software can now be displayed in the Software Inventory view of the Device module.

• A description stating the following was added: Computers with the network monitor enabled cannot be configured in a cluster configuration.

• The description of a server on which the ioutils exportoplog command can be executed was corrected.

• A note for users operating a computer was added.

• Windows Internet Explorer 10 was added as a software product required for a computer on which the agent will be installed.

• The site server prerequisites were corrected.

• The prerequisites for a computer on which the network monitor is enabled were corrected.

• The prerequisites for linking with JP1/IM were added.

• The maximum disk space requirements are now separately described for the management server in a single-server configuration system, for the management server and database server in a multi-server configuration system, and for a site server.

• The list of services was changed as described below.

  • The JP1/IT Desktop Management - Manager services and the site server services were described separately.

  • Descriptions of the network monitor services and agent services were added.

  • An entry showing whether the service starts automatically was added.

    An entry showing whether the process is resident was added to the list of processes.

• The port numbers used for JP1/IT Desktop Management - Manager were described separately for a single-server configuration and for a multi-server configuration.

• Descriptions of the values set for the setup parameters and agent setting parameters when JP1/IT Desktop Management is upgraded from a version earlier than 09-50 were added.

• In accordance with the addition of the following event numbers, the range of values that can be specified for events not subject to notification was changed to 0 to 1123.

  1117, 1118, 1123

• The default value of the start time of the acquisition schedule that can be specified in the MDM linkage settings was changed to (Blank).

• Memory requirements for each system component of the product were changed.

• Disk space requirements for each system component of the product were changed.

• Prerequisite CPUs for each system component of the product were changed.

• The list of limit values was updated.

• The description of automatically obtaining information from an MDM system and the time at which information is collected were corrected.

• A description of the Windows menu names used in this manual was added.

• A maximum of 50,000 devices can now be managed by using a multi-server configuration system.

• The information that will be displayed and operations that can be performed can now be limited according to the task allocation set for the user account.

• Suppression of only writes is now possible for floppy drives and removable disks.

• JP1 event can now be reported by linkage with JP1/IM.

• A description was added stating that the root OU settings in the information about connections to Active Directory domains are not case sensitive.

• A description of the LDAP attribute name used for obtaining information such as Department, Country, and State from Active Directory was added.

• A description stating the following was added: If security countermeasures are automatically enforced, you cannot change the settings of the managed computers back to the state before the countermeasures were taken even if you use the JP1/IT Desktop Management functions.

• The following notes on network monitoring were added:

  • Notes on the Routing and Remote Access service

  • A wired LAN connection is recommended for computers for which the network monitor is enabled.

  • A mission-critical server, such as a file server, should not be configured as the network monitoring computer with network monitor enabled.

  • A note on using a DHCP server to monitor the network in which IP addresses are dynamically allocated

• A description about when a network control list is updated was added.

• A description stating the following was added: Maintenance of a network control list is performed automatically when device information is updated or deleted.

• A description stating the following was added: The devices disconnected from the network by the network monitor can only communicate with computers with the network monitor enabled in the network segment or computers registered for Exclusive Communication Destination for Access-Denied Devices.

• Descriptions of monitoring targets for the network monitor feature, including the networks, OSs on monitored computers, and protocols, were added.

• A description stating the following was added: If a device discovered by the monitor feature is deleted, the device will not be discovered again unless it is disconnected and then reconnected to the network.

• A description stating the following was added: A list populated with a MAC address and associated with a device can no longer be deleted from the network control list.

• A description stating the following was added: Site servers are automatically registered for Exclusive Communication Destination for Access-Denied Devices.

• A description stating the following was added: If a network monitor agent is installed, the service is automatically enabled and the firewall settings are automatically disabled.

• A description stating the following was added: Serial numbers that can be used as mapping keys during imports are serial numbers specified in BIOS information.

• A description stating the following was added: Installation and uninstallation of software by using the distribution function are performed with local system account permissions.

• A description stating the following was added: If a connection between a computer and a management server fails, operation logs are temporarily saved in the computer.

• A description stating the following was added: When you delete devices from the network control list, information for the devices with Permit specified for network connection is also deleted from the network control list. However, information for the devices with Not Permit specified remains in the list.

• A description stating the following was added: Servers on which Citrix XenApp or Windows terminal service is installed cannot be managed even if you install an agent.

• The description of the devices for which Windows administrative shares or SNMP authentication cannot be used was changed.

• A description stating the following was added: The Workstation service of the OS must be running on a computer on which an agent will be installed.

• A note was added on performance degradation in printer servers and network in an environment in which a network shared printer has been registered on a computer on which an agent will be installed.

• The following descriptions about agentless management were added:

  • Notes on using agentless management

  • When device information is collected

  • When executable programs for acquiring device information are sent

  • Settings necessary for managing agentless computers

• The settings required to acquire device information from agentless devices when Windows Administrative Share is enabled in Windows 7, Windows Vista, and Windows Server 2008 were changed.

• A description stating the following was added: If you delete a hardware asset for which Asset Status is Unconfirmed, the device is deleted from the Inventory Information view of the Device module.

• A description stating the following was added: A virtual environment configured by combining VMware vSphere and VMware View is not supported.

• A description of how to set the user permissions required for remote control using Windows authentication was added.

• A description stating the following was added: Devices manually registered in the network control list can also be deleted from the network control list.

• A description stating the following was added: Devices that must always be connected to the network must be registered in the network control list as the devices permitted for network connection.

• The following were added as the events that cause the network connection to change automatically:

  • Device information is updated or deleted

  • Network-connected device information is changed.

• The descriptions of information used for judgement of unauthorized software and unauthorized Windows service was corrected.

• Descriptions of user accounts not subject to security judgement were added.

• The description of Other Access Restrictions in the items that can be set for security policies was corrected.

• Supplementary notes on external media for which operation can be suppressed for each OS were added.

• Prerequisites for acquiring the following types of operation logs were changed:

  • Start and termination of programs

  • File and folder operations

  • Web access

• A description stating the following was added: Operation logs for file deletion might not be acquired depending on the method of deleting the file.

• Descriptions of the operation log information that is acquired when the user performs an undo operation (using the keyboard or Undo menu item) were added.

• A description of the Content-type of MIME header of email that is not handled as an attached file was added to the notes on operation logs acquired by sending and receiving emails.

• A description of the case in which files are moved or copied to a drive formatted by using other than NTFS, such as a FAT Drive, was added to the notes on acquiring source information of incoming files.

• The CSV file coding format for importing the following hardware asset information was changed:

  • Memory

  • Storage capacity

  • Free storage capacity

  • Display size

• The recommended disk space was corrected. The recommended disk space values when only operation logs related to suspicious operations are collected on the site server were added.

• A description stating the following was added: To distribute packages to many devices, distribute them in several batches or use site servers.

• The ioutils exportdevice command can now be used to export device information.

• The ioutils exportdevicedetail command can now be used to export detailed device information.

• The balloon tip message that appears when you apply a security policy that requires restarting of the computer was changed.

• Network connection environments for each system component were added to the network prerequisites.

• The condition required to use an RFB connection for starting a remote control session was changed. In addition, a caution stating that operation is not always guaranteed for remote control using the RFB connection was added.

• Descriptions of the system environment for using a site server configuration and the number of devices that can be managed by a single site server were added.

• mgr\definition was added as a folder that is created under the installation folder.

• The explanations of automatic execution of the following functions and when they are executed were corrected:

  • Collecting user information

  • Regularly checking and updating support information

  • Updating Scan Engine Version and Virus Definition File Version settings for anti-virus products

• The descriptions in the list of processes were corrected.

• Smart devices can now be managed by linkage with an MDM service.

• The total number of installed devices (number of used licenses) is now displayed in managed software information.

• The information that will be displayed and operations that can be performed can now be limited according to the task allocation set for the user account.

• A description stating the following was added: Agentless devices cannot be managed in a NAT environment.

• A description stating the following was added: You cannot use the network monitor feature to detect devices in network segments that are not directly accessible from the management server.

• A description stating the following was added: You can monitor multiple network segments from one computer on which the network monitor is enabled and the agent is installed if the computer has access to several networks through a number of network cards.

• Windows Server 2008 R2 Datacenter was added in the prerequisites for a management server, computers on which an agent will be installed, and site servers.

• A description of the confirmation method when software is added to a managed computer was added.

• A description of how departments and locations are defined was added. The name of a department and location can now be changed from the menu area.

• A description stating the following was added: By configuring event notification by email, you can have the administrator notified by email when a network connection is blocked or permitted.

• A description stating the following was added: If access to removable disks is suppressed, the use of USB-connected removable disks is not permitted even if they are registered as hardware assets.

• A description stating the following was added: You can use automatic update distribution based on security policies and the Windows automatic update function (Windows Update and Microsoft Update).

• If multiple instances of a managed software product are installed on one computer, they are now counted as one license used.

• A description stating the following was added: If hyphens (-) are displayed in the information area, they are replaced by null strings when exported.

• A description of the types of software that can be uninstalled by using the distribution function was added.

• A command can now be used to delete operation logs on a site server.

• Windows 7 was added in perquisites for computers for which the network monitor is enabled.

• The description of network prerequisites was improved.

• A description stating the following was added: The site servers specified to store operation logs must be placed in the same network segment as the management server in a NAT environment.

• The guidelines for the required disk space for backing up operation logs for one year were changed.

• The guidelines for the recommended disk space for all data (including operation logs) managed by JP1/IT Desktop Management were changed.

• Port number 31000 was added to the list of port numbers for site servers.

• Descriptions of the rules for setting a user account password were added.

• A description stating the following was added: If a domain user is authenticated by a Windows administrative share, the user ID must be in user-ID@FQDN (FQDN: fully qualified domain name) or in domain-name\user-ID format.

• A description stating the following was added: For custom installation, at least 20 GB of disk space is required on the database storage folder drive to acquire operation logs.

To Page Top