2.6.2 Collecting device information

(1) Types of device information you can collect

JP1/IT Desktop Management 2 collects device information from the devices it manages. There are two categories of device information: Basic device information, and common fields (assets and device inventory).

Basic device information

Device information that is collected by default. There are four categories of basic device information: System Details, Hardware Details, Installed Software Details, and Security Details.

Common fields (Assets and device inventory)

Information that relates to the user of a device. You can have users enter this information directly.

The range of device information you can collect depends on whether the device is a computer with the agent installed. For agentless devices, the information you can collect depends on the authentication method used. The explanation below refers to the following types of authentication used with agentless devices:

• Administrative share: You can use the authentication provided by a Windows administrative share.

• SNMP: You can use the authentication implemented by SNMP.

• ARP: You can use the authentication implemented by ARP.

• ICMP: You can use the authentication implemented by ICMP.

• Active Directory: JP1/IT Desktop Management 2 links with Active Directory.

• MDM: JP1/IT Desktop Management 2 links with an MDM system.

If a device cannot undergo authentication using Windows administrative shares or SNMP, you can use ICMP or APR to verify the device presence but not to collect information from the device. When linking with Active Directory, some items can be collected from Active Directory while others cannot.

When linking with an MDM system to manage smart devices, you can collect the information managed by the MDM system as device information.

You can view collected device information in the Device Inventory and Software Inventory views of the Device module. Reasons why the system might be unable to collect device information include the device being turned off or not connected to the network, or failing to establish a connection with the management server. Items for which --, N/A, or Unknown is displayed could not be collected. Reasons why a particular item cannot be collected include the device's authentication status, device type, operating system, and software.SNMP: NG(No credential) might appear if not enough information was collected to identify a device.

The tables in the next section show the items of device information you can collect, and whether each item can be collected from a computer with the agent installed, an agentless device, Active Directory, or an MDM system.

To Page Top

(2) Device status information that can be collected

The following table lists the information JP1/IT Desktop Management 2can collect about the status of a device.

Management Type

Icon	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
	Agent Management Indicates a device with the agent installed.	Y	--	--	--	--	--
	Agentless Management (Authentication Successful) Indicates a device that has undergone successful authentication via a Windows administrative share or via SNMP.	--	Y	Y	--	Y	--
	Agentless Management (Authentication Failed) Indicates a device that has not undergone authentication.	--	--	--	Y	--	--
	Agent Management (Network Access Control) Indicates a device with the agent installed and with network access control enabled.	Y	--	--	--	--	--
	Agent Management (Network Access Control)(Starting management) Indicates a device with the agent installed and network access control in the process of starting.	Y	--	--	--	--	--
	Agent Management (Network Access Control)(Failed to start management) Indicates a device with the agent installed, where an attempt to start network access control has failed.	Y	--	--	--	--	--
	Agent Management (Network Access Control)(Stopped management) A device with the agent installed and network access control disabled.	Y	--	--	--	--	--
	Agent Management (Network Access Control)(Failed to stop management) A device with the agent installed where an attempt to stop network access control has failed.	Y	--	--	--	--	--
	Agent Management (Relay system) Indicates a device with a relay system installed.	Y	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control) Indicates a device with a relay system installed and with network access control enabled.	Y	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control)(Starting management) Indicates a device with a relay system installed and network access control in the process of starting.	Y	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control)(Failed to start management) Indicates a device with a relay system installed, where an attempt to start network access control has failed.	Y	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control)(Stopped management) Indicates a device with a relay system installed and network access control in the process of stopping.	Y	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control)(Failed to stop management) Indicates a device with a relay system installed, where an attempt to stop network access control has failed.	Y	--	--	--	--	--
	MDM Linkage Management Indicates a device for which information has been acquired from an MDM system.	--	--	--	--	--	Y

Legend: Y: Can be collected. --: Not applicable.

Connection settings

Connection settings indicate the network connection settings status in JP1/IT Desktop Management 2.

Icon	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
	Allowed The device is able to connect to the network.	Y	Y	Y	Y	Y	Y
	Blocked The device is unable to connect to the network. This status also applies to devices whose network connection was automatically blocked by a security policy or the network monitoring function.	Y	Y	Y	Y	Y	Y
	Forced Block A device whose network connection has been blocked by an administrator.	Y	Y	Y	Y	Y	Y
	Not use period A device that is not allowed to connect to the network because it is outside the allowed time period defined in the network control list.	Y	Y	Y	Y	Y	Y
	Unknown JP1/IT Desktop Management 2is determining whether the device is permitted to connect to the network. The device will transition to another status when the judgment is made.	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected.

Device Status

Icon	Description	Agent installed#1	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
	Running Indicates that the computer is on.	Y	Y	Y	Y	N	N
	Stop Indicates that the computer is off.#2	Y #3	Y	Y	Y	N	N
	Warning There is a problem with the device. You can use the System Information and Events tabs of the Device module to investigate further.	Y #3, #4	N	Y#5	N	N	N
	Critical There is a serious problem with the device. You can use the System Information and Events tabs of the Device module to investigate further.	N	N	Y#6	N	N	N
	Unknown The status of the device is unknown.	N	N	Y	Y	Y	Y

Legend: Y: Can be collected. N: Cannot be collected.

Note:

For details about the conditions under which each device status is displayed, see (8) Criteria for device statuses.

#1

Stop appears as the device status when you first acquire the status of an offline-managed computer. Each time thereafter, the device retains its previous status.

#2

If a device cannot be communicated with, the device status becomes Stop.

#3

The following devices' statuses become Warning when they are turned off and being managed offline. The status for such devices never appears as Stop.

• Relay system

• Computer with the agent installed and network access control enabled

#4

The device status for an agent-installed computer on which network monitoring is enabled becomes Warning when JP1_ITDM2_Network Monitor service is stopped.

#5

The device status for a printer whose toner or paper level is low becomes Warning.

#6

The device status for a printer that has no remaining toner or paper becomes Critical.

Management Status

Icon	Description	Agent installed	Agentless				MDM
			Administrative share	SNMP	ARP/ICMP	Active Directory
	Online management The device is being managed online.	Y	--	--	--	--	--
	Offline management The device is being managed offline.	Y	--	--	--	--	--
	Agent not Installed The agent is not installed on the device.	--	Y	Y	Y	Y	Y

Legend: Y: Can be collected --: Not applicable

Host ID

Item	Description	Agent installed	Agentless				MDM
			Administrative share	SNMP	ARP/ICMP	Active Directory
Host ID	Displays the host ID.	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected

To Page Top

(3) System information that can be collected

This section describes the information that JP1/IT Desktop Management 2 can collect as system information. System information consists of the following:

• Device type

• Computer information

• User information

• OS information

• Network information

• Printer information

Device type

Device type	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
PC	Set when the OS type is one of the following: Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP Windows 2000 Windows OS (unknown edition) Windows OS (unknown type) Mac OS Unknown OS	Y	Y	Y	N	Y	N
Server	Set when the OS type is one of the following: Windows 2000 Server Windows 2000 Advanced Server Windows Server 2003 Windows Server 2008 Windows Server 2012 UNIX Linux	Y	Y	Y	N	Y	N
Storage	Must be assigned to a device by an administrator.	N	N	N	N	N	N
Network Device	Collected automatically for a network device other than a network printer.	N	N	Y	N	N	N
Printer	Collected automatically for a network printer.	N	N	Y	N	N	N
Smart Device	Set when the information was acquired from an MDM system.	N	N	N	N	N	Y
Peripheral Device	Must be assigned to a device by an administrator.	N	N	N	N	N	N
USB Device	Set in the following cases: When input by an administrator When registered from the Register USB Device dialog box	N	N	N	N	N	N
Display	Must be assigned to a device by an administrator.	N	N	N	N	N	N
Other	Must be assigned to a device by an administrator.	N	N	N	N	N	N
Custom device type	Must be assigned to a device by an administrator.	N	N	N	N	N	N
Unknown	Set when the device type could not be acquired.	N	N	N	Y	N	N

Legend: Y: Can be collected automatically. N: Cannot be collected automatically.

Computer information

Item		Description	Agent installed	Agentless
				Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Computer information	Computer Name (Description)	Name (Computer) The computer name set in the Computer Name Changes dialog box displayed by clicking Change on the Computer Name panel of the System Properties. For SNMP authentication, the acquired host name is displayed. For a smart device, the user name, contract phone number, and model name displayed to identify the smart device in the MDM system are displayed. Description (Computer) The value in the Computer description field on the Computer Name panel of the System Properties. For SNMP authentication, the description about the device and the object ID unique to the device developer are displayed. For smart devices, this information cannot be acquired.	Y	Y	Y	N	Y	Y
	Host Name	The fully qualified domain name of the physical host. In the following circumstances, the NetBIOS name or the host name without a domain name are collected. The host is not part of a domain or its domain membership cannot be confirmed The host name was acquired by an SNMP search For a smart device, the user name, contract phone number, and model name displayed to identify the smart device in the MDM system are collected.	Y	Y	Y	N	Y	Y
	Model (Manufacturer)	The model and manufacturer of the computer, assigned by the vendor.	Y	Y	N	N	N	Y
	UUID	The universally unique identifier (UUID) of the computer.	Y	Y	N	N	N	N
	Serial #	The serial number (BIOS information) of the computer.	Y	Y	N	N	N	Y
	CPU	The model name of the CPU.	Y	Y	Y	N	N	N
	Total Memory	The total amount of physical memory installed in the computer.	Y	Y	Y	N	N	Y
	Total Free Space	The amount of free space on the hard disk (the type of logical drive is Local Disk). If the total amount of free space on the local disk exceeds 9,223,372,036,854,775,807 bytes, 9,223,372,036,854,775,807 (bytes) is displayed.	Y	Y	N	N	N	N
System Drive	System Drive	The total number of logical drives.	Y	Y	N	N	N	N
	System Drives (Type/Free/Total/File System)	If there are several system drives, the following information can be collected for each drive: Type The type of drive, such as hard disk, CD/DVD drive, or removable disk. Free space#1 The free space available on the drive. Capacity#1 The total capacity of the drive. File system#1 The name of the file system, such as FAT32 or NTFS.	Y	Y	N	N	N	N
	Disk Name (Capacity/Interface)#2	Disk Name The model of the hard disk drive. Total Capacity The total capacity of the hard disk drive. Interface The interface such as IDE or SCSI used with the hard drive.	Y	Y	Y#3	N	N	Y#4
BIOS Information	BIOS Information	The name of the BIOS.	Y	Y	N	N	N	N
	Manufacturer	The manufacturer of the BIOS.	Y	Y	N	N	N	N
	Serial Number	The serial number of the BIOS.	Y	Y	N	N	N	N
	Version (BIOS/SMBIOS)	BIOS The version of the BIOS. SMBIOS The version of the SMBIOS.	Y	Y	N	N	N	N
	Release Date	The release date of the BIOS.	Y	Y	N	N	N	N
AMT Firmware Version		The version of the AMT firmware.	Y	N	N	N	N	N
Power Control	Turn off monitor (AC/DC)#5, #6	The length of time until the monitored power supply shuts off. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	Y	N	N	N	N
	System standby (AC/DC)#5	The length of time until the system enters standby. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	Y	N	N	N	N
	System hibernates (AC/DC)#5	The length of time until the system goes into hibernation. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	Y	N	N	N	N
	Turn off hard disks (AC/DC)#4, #5	The length of time before the hard disk is turned off. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	Y	N	N	N	N
	Processor Throttle (AC/DC)#5, #6	The power setting of the processor. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#1: In Windows 8.1, Windows 8, Windows Server 2012, Windows 7, and Windows Server 2008 R2, information cannot be collected if BitLocker drive encryption is locked.

#2: In Windows Server 2012, if a virtual disk is configured with the storage service, the virtual disk information is collected as a physical disk.

#3: Only Disk Name and Capacity can be collected.

#4: Only Capacity can be collected.

#5: If a user without Administrator permission is logged on to a computer running Windows Server 2003 or Windows XP, the system collects the power control settings for the last user who logged on with Administrator permission.

#6: If these features cannot be used, correct information might not have been collectable.

User Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Last Logged On User Name (User Name)	The user name or account name and domain name (or computer name) of the last user to log on.	Y#	Y#	N	N	N	N
Last Logged On User Description	A description of the last user to log on.	Y#	Y#	N	N	N	N
Locale/Current Time Zone	Locale The locale of the last user to log on. Current Time Zone The time zone of the last user to log on.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#: If the last user to log in is a domain user, you cannot collect the full name and description of the user.

OS Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
OS and Service Pack (Language)	The language of the OS and the service packs applied to the OS. This information indicates which language version of Windows (such as English or Japanese) is installed, not the locale setting.	Y	Y	N	N	Y#	N
Serial #	The serial number of the OS. The serial number is different from the license key needed to install the OS.	Y	Y	N	N	N	N
Owner (Company)	Owner The owner name entered by the user when installing the OS. Company The company name entered by the user when installing the OS.	Y	Y	N	N	N	N
OS last startup date/time	The last startup date and time of the OS.	Y	Y	N	N	N	N
Windows directory	The directory in which the OS is installed.	Y	Y	N	N	N	N
Windows Installer Version	The version number of Windows Installer.	Y	Y	N	N	N	N
Windows Update (Agent Version)	The version number of the Windows Update agent.	Y	Y	N	N	N	N
IE Version (Service Pack)	IE Version The Internet Explorer version. IE Service Pack The service pack version of Internet Explorer.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#: Only the service pack information can be collected.

Network Details

Item	Description	Agent installed#1	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
IP Address/Subnet Mask	The IP address and subnet mask of the device.	Y	Y	Y	Y#2, #3	Y	N
Network Adapter	The name of the network adapter.	Y	Y	Y	N	N	N
MAC Address	The MAC address of the device.	Y	Y	Y	Y#3, #4	Y	Y
Default Gateway	The default gateway.	Y	Y	Y	N	N	N
WINS Server Address (Primary/Secondary)	Primary The address of the primary WINS server. Secondary The address of the secondary WINS server.	Y	Y	N	N	N	N
DNS Server Address	The address of the DNS server.	Y	Y	N	N	N	N
DHCP	Whether or not DHCP is enabled.	Y	Y	N	N	N	N
DHCP Server Address	The address of the DHCP server.	Y	Y	N	N	N	N
Lease Acquisition/Expiration Date/Time	The date and time when the DHCP lease was acquired, and then date and time when the lease expires.	Y	Y	N	N	N	N
Domain (Workgroup)/Role	Domain The name of the domain or workgroup to which the computer belongs. Domain Role The role of the device in the OS domain, such as primary domain controller or member workstation.	Y	Y	Y#5	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#1: Cannot be collected from an offline-managed computer lacking a NIC.

#2: Only the IP address can be collected.

#3: The collected information does not appear on the System Details tab of the Device Information view of the Device module. You can review the collected information by exporting the device list.

#4: Only collected in environments that use ARP.

#5: Only the Domain is collected.

Printer Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Printing Method (Method/Colors)	The printing method used by the printer.	N	N	Y	N	N	N
Consumables (Type/Description/Condition)	The type of consumable (such as ink) used by the printer, and the amount remaining.	N	N	Y	N	N	N
Paper Feed Tray (Type/Name/Condition)	The type of paper feed tray used in the printer, and the amount of paper remaining.	N	N	Y	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Smart Device Information

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
IMEI	The ID number assigned to the mobile device.	N	N	N	N	N	Y
UDID	An identifier assigned to smart devices made by Apple.	N	N	N	N	N	Y
ICCID	A number assigned to the SIM card in smart devices manufactured by Apple.	N	N	N	N	N	Y
IMSI	An ID number that identifies a subscriber of a mobile communication device. An IMSI is assigned to the SIM card of a smart device.	N	N	N	N	N	Y
Contract phone number	The telephone number assigned to the subscriber.	N	N	N	N	N	Y
E-mail	The E-mail address of the smart device.	N	N	N	N	N	Y
Carrier	The company that provides the communication service used by the smart device.	N	N	N	N	N	Y
Passcode setting	Whether a passcode is set on the device.	N	N	N	N	N	Y
Internal storage (Free)	Internal storage The internal storage capacity of the smart device. Free The free space available on the internal storage of the smart device.	N	N	N	N	N	Y
External storage (Free)	External storage The capacity of media (such as SD cards) installed in the smart device. Free The free space available on media (such as SD cards) installed in the smart device.	N	N	N	N	N	Y
RAM (Free)	RAM The memory capacity of the smart device. Free The amount of free memory available on the smart device.	N	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(4) Hardware information

This section describes the hardware information you can collect. Hardware information consists of the following:

• Processor Details

• Memory Details

• Hard Disk Details

• CD-ROM Drive Details

• Removable Drive Details

• Printer Details

• Video Controller Details

• Sound Card Details

• Network Adapter Details

• Monitor Details

• Keyboard Details

• Mouse Details

Processor Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Processor Details	The number of processors.	Y	Y	N	N	N	N
Processor Name	The name of the processor.	Y	Y	Y	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Memory Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Memory Details	The total amount of physical memory installed in the computer.	Y	Y	N	N	N	N
Total Capacity	The amount of physical memory installed in the computer.	Y	Y	N	N	N	Y
Slots	The total amount of physical memory installed in a memory slot. If the computer has several memory slots, the amount of memory in each slot can be collected.	Y	Y	N	N	N	N
Virtual Memory Capacity#	The total amount of virtual memory.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#: The virtual memory capacity is the sum of the available physical memory and the total size of the page files. If the computer is running Windows Server 2003 (no service pack) or Windows XP, the virtual memory capacity in the system information is the total size of the page files.

Hard Disk Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Hard Disk Details	The number of hard disk drives.	Y	Y	Y	N	N	N
Disk names (Total Volume/Interface)#3	When there is more than one hard disk, the following information is collected for each disk: Hard Disk Model The model name of the hard disk drive. Total Volume The capacity of the hard disk. This item shows the total capacity regardless of how the drive is partitioned. Interface The interface of the hard disk drive, such as IDE or SCSI.	Y	Y	Y#1	N	N	Y#2
Drive (Free/Total/File System)	When there is more than one hard disk, the following information is collected for each disk: Free The amount of free space on the drive. Total The total capacity of the drive. File System The name of the file system.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: Drive information cannot be collected for network drives.

#1: The Interface item cannot be collected.

#2: Only the Total item can be collected.

#3: In Windows Server 2012, if the storage service has been used to create a virtual disk, the information for the virtual disk is collected as if it is a physical disk.

CD-ROM Drive Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
CD-ROM Drive Details	The number of CD/DVD drives.	Y	Y	N	N	N	N
CD-ROM Drive	The model name of the CD/DVD drive. If there are several CD/DVD drives, this information is collected for each drive.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Removable Drive Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Removable Drive Details	The number of removable drives.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Printer Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Printer Details	The number of printers set up on the computer.	Y	Y	N	N	N	N
Printer Name (Type)	If there are several printers, the following information is collected for each printer: Printer Name The name of the printer. Type The printer type.	Y	Y	N	N	N	N
Driver	The printer driver. If there are several printers, this item is collected for each printer.	Y	Y	N	N	N	N
Shared Name	The shared name of the printer. If there are several printers, this item is collected for each printer.	Y	Y	N	N	N	N
Server Name (Port)	If there are several printers, the following items are collected for each printer: Server Name The name of the printer server. Port The printer port.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Video Controller Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Video Controller Details	The number of video drivers.	Y	Y	N	N	N	N
Video Chip	The name of the video chipset.	Y	Y	N	N	N	N
VRAM Capacity	The amount of VRAM on the video card.	Y	Y	N	N	N	N
Video Driver	The name of the video driver.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Sound Card Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Sound Card Details	The number of sound card drivers.	Y	Y	N	N	N	N
Product Name (Manufacturer)	The name and manufacturer of the sound card.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Network Adapter Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Network Adapter Details	The number of network adapters.	Y	Y	Y	N	N	N
Network Adapter	The name of the network adapter.	Y	Y	Y	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Monitor Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Monitor Details	The number of monitors.	Y	Y	N	N	N	N
Monitor	The name of the monitor.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Keyboard Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Keyboard Details	The number of keyboards.	Y	Y	Y	N	N	N
Keyboard	The name of the keyboard.	Y	Y	Y	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Mouse Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Mouse Details	The number of mouse.	Y	Y	Y	N	N	N
Mouse	The name of the mouse.	Y	Y	Y	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(5) Installed software information

This section describes the information you can collect about installed software. Installed software information consists of the following:

Software listed in Programs and Features

Information about the software registered in the Programs and Features section of the Windows Control Panel.

Important note

If both of the following conditions exist, uninstall the software, and then delete the user account. If you delete the user account before the software is uninstalled, the relevant software information will remain as installed software information for JP1/IT Desktop Management 2.

- Software that appears only in the Programs and Features section of the Windows Control Panel is installed on the user's computer.

- You want to delete the user account used to install the software that meets the above condition.

Software registered in Software Search Conditions

Information about software that is not registered in the Programs and Features section of the Windows Control Panel. By setting search conditions in the Software Search Conditions view of the Settings module, you can search for and collect information about executable files (with the extention exe, for example) on the computer.

Installed OS

Information about the OS installed on the computer.

For details about software search conditions, see (11) Defining search conditions for software information.

Important note

Modern UI applications cannot be managed as software information.

Software listed in Programs and Features

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Software Name	The name of the installed software. If Windows Updates are registered in groups, the name of the group is displayed.	Y	Y	N	N	N	N
Version	The version of the installed software.	Y	Y	N	N	N	N
Software Vendor	The vendor of the installed software.	Y	Y	N	N	N	N
Support URL	The URL of the support page for the installed software.	Y	Y	N	N	N	N
Purchasing Status	The manner in which the software is licensed. Volume license version or Full-product version appears as the purchasing status.	Y*	Y*	N	N	N	N
Product ID	The product ID of Microsoft Office installed on the computer. This item appears in the Software List view of the Device module if the purchasing status is Volume license version. The last five digits are replaced with asterisks in the Software List.	Y*	Y*	N	N	N	N
GUID	The globally unique identifier (GUID) of the installed software.	Y*	Y*	N	N	N	N
Installation Date	The date on which the software was installed.	Y	Y	N	N	N	N
Installation Folder	The installation path of the software.	Y	Y	N	N	N	N

Legend: Y: Can be collected. Y*: Only collected for some software. N: Cannot be collected.

Items labeled Y* can be collected only for the following Microsoft Office products:

Japanese versions of Microsoft Office products

Software Name	Edition
Microsoft Office	Microsoft Office Enterprise 2007#1
	Microsoft Office Home and Business 2010#2
	Microsoft Office Personal Edition 2003#2
	Microsoft Office Professional Edition 2003#2
	Microsoft Office Professional Enterprise Edition 2003#1
	Microsoft Office Professional 2007
	Microsoft Office Professional 2010#2
	Microsoft Office Professional Plus 2007#1
	Microsoft Office Professional Plus 2010#1
	Microsoft Office Professional Plus 2013#1, #3
	Microsoft Office Standard Edition 2003
	Microsoft Office Standard 2007
	Microsoft Office Standard 2010#1
	Microsoft Office Standard 2013#1, #3
	Microsoft Office Ultimate 2007#2
Microsoft Lync	Microsoft Lync 2010#1
	Microsoft Lync 2013#1, #3
Microsoft Office Access	Microsoft Office Access 2003#4
	Microsoft Office Access 2007
	Microsoft Access 2010
	Microsoft Access 2013#1, #3
Microsoft Office Excel	Microsoft Office Excel 2003#4
	Microsoft Office Excel 2007
	Microsoft Excel 2010
	Microsoft Excel 2013#1, #3
Microsoft Office FrontPage	Microsoft Office FrontPage 2003
Microsoft Office Groove	Microsoft Office Groove 2007
Microsoft Office InfoPath	Microsoft Office InfoPath 2007
	Microsoft InfoPath 2010
	Microsoft InfoPath 2013#1, #3
Microsoft Office InterConnect	Microsoft Office InterConnect 2007
Microsoft Office OneNote	Microsoft Office OneNote 2007
	Microsoft OneNote 2010
	Microsoft OneNote 2013#1, #3
Microsoft Office Outlook	Microsoft Office Outlook 2003#4
	Microsoft Office Outlook 2007
	Microsoft Outlook 2010
	Microsoft Outlook 2013#1, #3
Microsoft Office PowerPoint	Microsoft Office PowerPoint 2003#4
	Microsoft Office PowerPoint 2007
	Microsoft PowerPoint 2010
	Microsoft PowerPoint 2013#1, #3
Microsoft Office Project	Microsoft Office Project Professional 2003
	Microsoft Office Project Professional 2007
	Microsoft Project Professional 2010
	Microsoft Project Professional 2013#1, #3
	Microsoft Office Project Standard 2003
	Microsoft Office Project Standard 2007
	Microsoft Project Standard 2010
	Microsoft Project Standard 2013#1, #3
Microsoft Office Publisher	Microsoft Office Publisher 2003
	Microsoft Office Publisher 2007
	Microsoft Publisher 2010
	Microsoft Publisher 2013#1, #3
Microsoft Office SharePoint Workspace	Microsoft SharePoint Workspace 2010
Microsoft Office Visio	Microsoft Office Visio 2003 Professional
	Microsoft Office Visio 2003 Standard
	Microsoft Office Visio 2007 Professional
	Microsoft Office Visio 2007 Standard
	Microsoft Visio 2010 Premium
	Microsoft Visio 2010 Professional
	Microsoft Visio 2010 Standard
	Microsoft Visio Professional 2013#1, #3
	Microsoft Visio Standard 2013#1, #3
Microsoft Office Word	Microsoft Office Word 2003#2, #4
	Microsoft Office Word 2007
	Microsoft Word 2010
	Microsoft Word 2013#1, #3

#1: Collected only when the purchasing status is Volume license version.

#2: Collected only when the purchasing status is Full-product version.

#3: The product ID cannot be collected.

#4: The purchasing status cannot be collected.

English versions or Chinese versions of Microsoft Office products

Software Name	Edition
Microsoft Office	Microsoft Office Enterprise 2007
	Microsoft Office Professional 2007
	Microsoft Office Professional Plus 2007
	Microsoft Office Professional Plus 2010
	Microsoft Office Professional Plus 2013#1, #2
	Microsoft Office Standard 2007
	Microsoft Office Standard 2010
	Microsoft Office Standard 2013#1, #2
Microsoft Lync	Microsoft Lync 2010
	Microsoft Lync 2013#1, #2
Microsoft Office Access	Microsoft Office Access 2007
	Microsoft Access 2010
	Microsoft Access 2013#1, #2
Microsoft Office Excel	Microsoft Office Excel 2007
	Microsoft Excel 2010
	Microsoft Excel 2013#1, #2
Microsoft Office Groove	Microsoft Office Groove 2007
Microsoft Office InfoPath	Microsoft Office InfoPath 2007
	Microsoft InfoPath 2010
	Microsoft InfoPath 2013#1, #2
Microsoft Office OneNote	Microsoft Office OneNote 2007
	Microsoft OneNote 2010
	Microsoft OneNote 2013#1, #2
Microsoft Office Outlook	Microsoft Office Outlook 2007
	Microsoft Outlook 2010
	Microsoft Outlook 2013#1, #2
Microsoft Office PowerPoint	Microsoft Office PowerPoint 2007
	Microsoft PowerPoint 2010
	Microsoft PowerPoint 2013#1, #2
Microsoft Office Project	Microsoft Office Project Professional 2007
	Microsoft Project Professional 2010
	Microsoft Project Professional 2013#1, #2
	Microsoft Office Project Standard 2007
	Microsoft Project Standard 2010
	Microsoft Project Standard 2013#1, #2
Microsoft Office Publisher	Microsoft Office Publisher 2007
	Microsoft Publisher 2010
	Microsoft Publisher 2013#1, #2
Microsoft Office SharePoint Workspace	Microsoft SharePoint Workspace 2010
Microsoft Office Visio	Microsoft Office Visio 2007 Professional
	Microsoft Office Visio 2007 Standard
	Microsoft Visio 2010 Standard
	Microsoft Visio 2010 Professional
	Microsoft Visio 2010 Premium
	Microsoft Visio Professional 2013#1, #2
	Microsoft Visio Standard 2013#1, #2
Microsoft Office Word	Microsoft Office Word 2007
	Microsoft Word 2010
	Microsoft Word 2013#1, #2

#1: Collected only when the purchasing status is Volume license version.

#2: The product ID cannot be collected.

Software registered in the Software Search Conditions view

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Software Name	The name of the installed software. If Windows Updates have been registered in groups, the name of the group is displayed.	Y	N	N	N	N	N
Version	The version of the installed software.	Y	N	N	N	N	N
Software Vendor	The vendor of the installed software.	Y	N	N	N	N	N
Software Installation Date	The date on which the software was installed.	Y	N	N	N	N	N
Installation Folder	The installation path of the software.	Y	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Installed OS

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Software Name	The name of the installed software.	Y	Y	N	N	N	N
Version	The version of the installed software.	Y	Y	N	N	N	N
Software Vendor	The vendor of the installed software.	Y	Y	N	N	N	N
Installation Date	The date on which the software was installed.	Y	Y	N	N	N	N
Installation Folder	The installation path of the software.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(6) Security information

This section describes the information you can collect about a device's security. Security information consists of the following:

• Windows Update Details

• Antivirus Software Details

• Windows Service Details

• OS Security Details

• Hibun Details

Windows Update Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Automatic Windows Update#1	Information indicating whether the Windows Update feature is enabled.	Y	Y	N	N	N	N
Installed Updates	The number of installed updates.	Y	Y	N	N	N	N
Article ID (Installation Date)#2	The name of the Windows update and the date when the update was installed.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

#1: Collected when the Workstation service of the OS is running.

#2: A hyphen (-) is displayed if information about the installation date could not be acquired.

Antivirus Software Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Software Name	The name of the antivirus product.	Y	Y	N	N	N	N
Version	The version of the antivirus product.	Y	Y	N	N	N	N
Installation Date	The date on which the antivirus product was installed.	Y*	Y*	N	N	N	N
Scan Engine Version	The scan engine version of the antivirus software.	Y*	Y*	N	N	N	N
Virus Definition File Version	The version (date) of the definition file used by the antivirus product.	Y*	Y*	N	N	N	N
Auto Protect	The auto-protect setting (resident or non-resident) of the antivirus product.	Y*	Y*	N	N	N	N
Last Scanned Date/Time	The date and time when the computer was last scanned for viruses.	Y*	Y*	N	N	N	N

Legend: Y: Can be collected. Y*: Can be collected for some products. N: Cannot be collected.

For details about the antivirus software information you can collect, see (14) Supported anti-virus products.

Windows Service Details

Item	Description	Agent installed#	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Windows Service Details	The display name of an active Windows service that is prohibited by a security policy.	Y	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: This information is collected when the Workstation service is running on the OS.

#: Only collected from online-managed computers.

OS Security Details

Item		Description	Agent installed	Agentless
				Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Account Details	Account Name	The name of a Windows local account. Account details are collected for each account name.	Y	Y	N	N	N	N
	Days Since Last Password Change	The number of days since the account password was last changed. This information is not collected for disabled or expired accounts.	Y	Y	N	N	N	N
	Password Strength#1	The strength of the password.	Y	Y	N	N	N	N
	Password Never Expires	Whether the password is configured to never expire.	Y	Y	N	N	N	N
Power On Password		Whether the computer has a power-on password.	Y	Y	N	N	N	N
Guest Account		Whether or not a Guest account is configured on the computer.	Y	Y	N	N	N	N
Auto Logon		Whether automatic logon is enabled in Windows.	Y	Y	N	N	N	N
Shared Folder		Whether a shared folder is set up on the computer.	Y	Y	N	N	N	N
Administrative share		Whether administrative shares are enabled.	Y	Y	N	N	N	N
DCOM		Whether DCOM is enabled on the computer.	Y	Y	N	N	N	N
Anonymous Access		Whether information can be collected by anonymous access.	Y	Y	N	N	N	N
Screen Saver Details	Account Name	The name of the Windows local account. Screen Saver Details are collected for each account name.	Y	Y#2	N	N	N	N
	Screen Saver Settings	Whether a screen saver is enabled.	Y	Y#2	N	N	N	N
	Password	Whether the screen saver is password-protected.	Y	Y#2	N	N	N	N
	Startup Time	The length of time before the screen saver activates.	Y	Y#2	N	N	N	N
Windows Firewall		Whether the Windows firewall is enabled.	Y	Y	N	N	N	N
Remote Desktop		Whether the remote desktop feature is enabled.	Y	Y	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: This information is collected when the Workstation service of the OS is running.

#1: The following passwords are considered to have low strength:

• Blank passwords

• Passwords that match the account name exactly

• A password that is the same character string as the account name, and consists of only upper case letters, only lower case letters, or has only the first letter capitalized.

• A password that is the same character string as the computer name, and consists of only upper case letters, only lower case letters, or has only the first letter capitalized.

• password, PASSWORD, or Password

• admin, ADMIN, or Admin

• administrator, ADMINISTRATOR, or Administrator

JP1/IT Desktop Management 2 does not judge the strength of passwords associated with disabled, expired, or locked user accounts. When an account has a weak password, the last modified date/time of the password changes when its security is assessed. However, the password itself is left unchanged.

#2: When using an administrative share to collect device information, the system only collects information for the user who is logged on to Windows at the time of collection.

Hibun Details

Item	Description	Agent installed	Agentless
			Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Product Name	The full name of the installed product.	Y	N	N	N	N	N
Version	The version of the installed software.	Y	N	N	N	N	N
Patch Version	Information about the patches applied to the installed software.	Y	N	N	N	N	N
Login User ID	The user ID of the last user who logged in to the Hibun product.	Y	N	N	N	N	N
Last Login Date/Time	The time when a user last logged in to the Hibun product.	Y	N	N	N	N	N
Last Logout Date/Time	The time when a user last logged out from the Hibun product.	Y	N	N	N	N	N
Drive	The local drive.	Y	N	N	N	N	N
Encryption Status	The encryption status of the drive.	Y	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: The information in this table can be collected when the managed computer is running version 09-00 or later of the Hibun product.

To Page Top

(7) Shared management items for asset information and device information

Item	Description	Input method/data type (default)	Agent installed	Agentless
				Administrative share	SNMP	ARP/ICMP	Active Directory	MDM
Department	The department where the user of the computer works.	Entry by adminstrator/Hierarchy	Y	N	N	N	Y	N
Location	The physical location of the computer.	Entry by adminstrator/Hierarchy	Y	N	Y#	N	Y	N
User Name	The name of the computer user.	Entry by administrator/Text	Y	N	N	N	Y	N
Account	The account of the computer user.	Entry by administrator/Text	Y	N	N	N	Y	N
E-mail	The E-mail address of the computer user.	Entry by administrator/Text	Y	N	N	N	Y	N
Phone	The telephone number of the computer user.	Entry by administrator/Text	Y	N	N	N	Y	N

Legend: Y: Can be collected. N: Cannot be collected.

#: Collected when location information is set in the SNMP agent.

To Page Top

(8) Criteria for device statuses

Device status	Criteria
Running	The current time is within 10 minutes of the last confirmation time plus the polling interval.
Stop	This status appears in situations like the following: The current time is more than 10 minutes after the last confirmation time plus the polling interval. Device information was collected for anoffline-managed computer for the first time.#
Warning	This status appears in situations like the following: The current time is more than 10 minutes after the last confirmation time plus the polling interval, and network monitor is enabled on the agent. Device information was collected for the first time for an offline-managed computer with the network monitor enabled.# The system fails to negotiate authentication with an agentless computer. SNMP reports that a printer device is in Warning status (for example, toner is low).
Critical	SNMP reports that a printer device is unusable (for example, the printer is out of paper).
Unknown	Information about the device status could not be collected.

Note:

A computer with the network monitor agent installed might report several device statuses. In this case, the device status displayed in the modules is determined as follows:

1. The most severe status is displayed. In order of severity, the statuses are Critical, Warning, Stop, Running, and Unknown.

2. If the reported statuses have the same severity level, the device status reported for the most important system component is shown. The agent is the most important, followed by the network monitor agent.

#

Thereafter, the device retains its previous status.

To Page Top

(9) Timing of device information collection

Device information is collected from online management agents according to a regular schedule determined by the monitoring interval in the agent configurations. When an online management agent detects that device information has changed, it reports the device information to the management server. No information is reported if the device information is unchanged.

The following table lists the device information reported to the management server.

Detected item		Reported information	Monitoring interval
Host ID		All device information#1	Monitoring Interval (Others) (min)
Connection-target management server		All device information#2	Monitoring Interval (Others) (min)
System information		All information for detected items	Monitoring Interval (Others) (min)#3
Hardware information		All information for detected items	Monitoring Interval (Others) (min)
Installed software information		Information about additions, deletions, and changes among detected items	Monitoring Interval (Security) (min)#4
Security information	Windows Update	All information for detected items	Monitoring Interval (Security) (min)
	Anti-virus product information	All information for detected items	Monitoring Interval (Security) (min)
	Service security settings	All information for detected items	Monitoring Interval (Security) (min)
	OS security settings	All information for detected items	Monitoring Interval (Security) (min)
Hibun information		All information for detected items	Monitoring Interval (Others) (min)
Common management items	Entered by user	All device information for detected items	When the user finishes entering
Added management items

#1: If a host ID is changed, the agent determines that the device on which it is installed has changed, and reports a full set of device information.

#2: When the connection-target management server changes, the agent reports a full set of information to the new connection-target management server. Any instructions received from the previous connection target are retained.

#3: The Free Space attribute of the System Drive item in the computer information is collected once every 24 hours.

#4: Changes to the software information discovered in a software search are detected once every 24 hours.

To Page Top

(10) Collecting software information

JP1/IT Desktop Management 2 also collects software information when it collects device information from the computers it manages. You can view software information arranged by product name and version in the Software Inventory view of the Device module.

Tip

An event is generated whenever software is added to a managed computer. By configuring email notification, you can have the administrator notified by email when software is added.

When software that is not registered in JP1/IT Desktop Management 2 is found on a managed computer, its discovery is reported in the Topic panel of the Home module. You can view a list of newly discovered software in the New Software panel of the Dashboard view in the Overview view of the Device module. You can also display the New Software panel in the Home module by selecting Panel Layout in the View menu at the top of the module.

There are three types of software information. For details about the items collected for each type, see (5) Installed software information.

Software registered in Programs and Features

Information about the software registered in the Programs and Features section of the Windows Control Panel. This information is collected from computers with the agent installed, and from agentless computers using authentication to administrative shares.

Software registered in Software Search Conditions

Information about software not listed in the Programs and Features section of the Windows Control Panel. You can specify these conditions in the Software Search Conditions view of the Settings module. JP1/IT Desktop Management 2 uses these conditions to find and collect information about executable files (such as exe files) on computers that have the agent program installed.

A search for software is conducted when the computer starts, and every 24 hours thereafter. The agent searches every local drive on the computer for software, and collects information about software that matches the software search conditions.

Operating system information

Information about the operating system installed on a computer. This information can be collected from computers with the agent program installed, and from agentless computers using authentication to administrative shares.

Setting software search conditions

As software search conditions, specify the executable file names you want to find.

If software that matches the search conditions is also present in the Programs and Features section of the Windows Control Panel, software information found by the search is not registered for that item.

If the search finds software with the same file name in different folders, information is collected for each piece of software, and several sets of software information are registered for software with the same name. You can distinguish between each piece of software by its installation path.

You can define software search conditions directly from the Settings module, or you can import conditions as a list. The search conditions you define apply to all computers with the agent installed. You cannot define separate sets of software search conditions for individual computers. For details about how to set software search conditions, see (11) Defining search conditions for software information.

Displaying computers with software installed

After collecting software information from managed computers, you can view a list of computers with a particular piece of software installed. This list appears on the Installed Computers tab of the Software Inventory view.

The following table lists the items shown on the Installed Computers tab.

Item	Description
Host Name	The host name of the managed computer with the software installed.
Manufacturer	The manufacturer of the computer with the software installed.
IP Address	The IP address of the computer with the software installed.
OS	The OS on the computer with the software installed.
User Name	The name of the user of the computer with the software installed.
Registered Date/Time	The date and time when the computer with the software installed was registered.
Installation Date	The date and time when the software was installed on the managed computer.

To Page Top

(11) Defining search conditions for software information

By collecting software information from managed computers, you can see how software licenses are being used, monitor whether prohibited software and mandatory software are installed in keeping with a security policy, and gain a clear understanding of what software is installed on the computers in your organization.

The process for collecting software information depends on the type of software, as follows:

Software registered in the Programs and Features section of the Windows Control Panel

Software information is collected automatically from computers with the agent installed, and from agentless computers that support authentication by administrative shares.

Software not registered in the Programs and Features section of the Windows Control Panel

You can collect software information from computers with the agent installed by defining software search conditions.

By defining software search conditions, you can search computers for software that matches the conditions, and collect software information for discovered software. A search is conducted when the computer starts, and every 24 hours thereafter.

You can edit software search conditions when software is renamed or upgraded and its parameters change.

You can update several software search conditions at once by exporting, editing, and then importing the conditions.

You can delete the software search conditions associated with software that no longer needs managing.

To Page Top

(12) Collecting user information

You can collect user information from computers with the agent installed by displaying an input window in which the user can enter the required information. This allows you to collect information like department names and asset numbers that JP1/IT Desktop Management 2 cannot collect automatically, which reduces the administrator's workload in data entry.

There are two types of user information you can collect:

Shared management items for asset information and device information

Information common to device information and hardware asset information.

Added management items for hardware asset information

Custom asset management items added to hardware asset information by an administrator.

You can use the Settings module to specify the date and time to allow users to start entering user information. If you specify the date and time, user information cannot be entered until the specified date and time is reached. When the local time of a user's computer reaches the specified date and time, a balloon tip appears and user information can be entered. Whether to display balloon tips can be selected in the User notification settings view for the agent configuration.

You can also set a schedule to collect user information on a regular basis from online-managed computers with the agent installed.

To Page Top

(13) Collecting registry information

You can collect registry information for computers as shared management items for hardware asset and device information, and as added management items for hardware asset information. By collecting registry information, you can use JP1/IT Desktop Management 2 to manage information specific to users and proprietary information defined by applications. Registry information can only be acquired from computers with the agent installed.

To collect registry information, you need to change the data source for the relevant items in the Asset Field Definitions view of the Settings module.

You must specify the root key and path of the registry entries that you want to collect. You can specify the following root keys:

• HKEY_CURRENT_USER^#

• HKEY_LOCAL_MACHINE

• HKEY_CLASSES_ROOT

• HKEY_USERS

• HKEY_CURRENT_CONFIG

#: When you specify a registry value under the HKEY_CURRENT_USER root key, the value is for the user who initiated the console session.

The formats of registry values are converted according to their data type. The following table shows how registry values of each data type are collected.

Data type	Collection method
REG_SZ, REG_EXPAND_SZ	The character string is not converted.
REG_MULTI_SZ	Information is collected in the form of several character strings connected by commas (,). For example: xxx,yyy,zzz
REG_DWORD#1	The numerical value is collected as a decimal character string.
REG_BINARY, REG_QWORD#2	Each byte of the binary value is converted to a hexadecimal character string, and the resulting strings are connected by spaces. For example: xx yy zz

#1: Not collected when the data type is REG_DWORD_BIG_ENDIAN.

#2: Not collected when the computer is running Windows Server 2003 or Windows XP.

To Page Top

(14) Updating device information

The device information on the management server is updated based on the information collected from managed computers.

The relative priority of device information depends on how the information is collected. For example, because device information for a computer with the agent installed is updated with information supplied by the agent, device information is not updated using information supplied by SNMP. The order of priority when updating device information is as follows:

1. Device information collected by the agent^#1

2. Device information collected via a Windows administrative share

3. Device information collected by SNMP

4. Device information collected from Active Directory

5. Device information collected by MDM linkage

6. Device information collected by ARP

7. Device information collected by ICMP (limited to confirming device presence)

8. Device information entered by an administrator^#2

#1: Includes device information for offline-managed computers supplied via an online-managed computer.

#2: Information entered by an administrator always takes priority for the Device Type item.

The factors that determine whether device information is updated are how the new information was collected, and how the information already in the database was collected. The following table shows whether device information is updated for each combination of these factors.

Method of device information collection		Existing information
		Entered by administrator	Collected from device	Not collected
Entered by administrator		Y#1	Y	Y
Collected from device	Data collected	Y#2	Y	Y
	Collected with empty value	N	Y#3	Y#3
	Not collected or value unchanged	N	N	N

Legend: Y: Device information is updated. N: Device information is not updated.

#1: An administrator can enter the Host Name, IP Address, Subnet Mask, Operating System, and Device Type items.

#2: Values of Device Type entered by an administrator always take priority, and are not replaced with information collected from a device.

#3: If the Host Name field is collected with an empty value, the device information is updated with the host ID.

Tip

When you collect device information from a device with more than one set of network information, the device information sometimes appears to relate to more than one device. In this case, to ensure that the number of devices is accurately tracked, only the device that matches the first set of network information is updated. Devices that match the other sets of network information are deleted. When this occurs, the date and time of agent deployment is aggregated in the remaining device information.

To Page Top

(15) Information collected when updating device information

The following device information is collected when you update device information manually or as part of a regular search for devices:

• Device type

• System information

• Hardware information

• Installed software information

• Windows Update information

• Anti-virus product information

• Service security settings

• OS security information

• Hibun information

• Shared management items for device and hardware asset information

• Added management items

To Page Top

(16) Events generated when updating device information

When an update to device information results in particular items being changed, added, or deleted, an event is generated and appears in the Events module.

The following table describes what actions cause events to be generated.

Item of device information		Event	Event trigger
Hardware information	Memory capacity	Changed	The new data differs from the existing data.
Hard disk	The following items of hard disk information: Disk name Capacity Interface	Added	No part of the existing data exactly matches the new data.
		Deleted	No part of the new data exactly matches the existing data.
Installed software information	Software name	Added	No part of the existing data exactly matches the new data, with the exception of Windows Update information.
		Deleted	No part of the new data exactly matches the existing data, with the exception of Windows Update information.
	Version	Changed	When data for a given Software Name differs in the new and existing data, with the exception of Windows Update information.
Security information	Windows Update	Changed	The new data differs from the existing data.
	Service security settings	Added	The new data is not found in the existing data.
		Deleted	The existing data is not found in the new data.
	Account name in OS security settings	Added	The new data is not found in the existing data.
		Deleted	The existing data is not found in the new data.
	The following items for an account name in OS security settings: Days since last password change Password strength Password never expires	Changed	The value of any of these items for a given account name differs in the existing and new data.
	Power on password in OS security settings	Changed	The new data differs from the existing data.
	Guest account in OS security settings	Changed	The new data differs from the existing data.
	Auto logon in OS security settings	Changed	The new data differs from the existing data.
	Shared folder in OS security settings	Changed	The new data differs from the existing data.
	Administrative share in OS security settings	Changed	The new data differs from the existing data.
	DCOM in OS security settings	Changed	The new data differs from the existing data.
	Anonymous access in OS security settings	Changed	The new data differs from the existing data.
	The following items of screen saver information in the OS security settings Screen saver Password Startup time	Changed	The value of any of these items differs in the existing and new data.
	Windows Firewall in OS security settings	Changed	The new data differs from the existing data.
	Remote desktop in OS security settings	Changed	The new data differs from the existing data.

To Page Top

(17) Collecting the device revision history

Users in an organization might change the computer configuration by, for example, inserting and removing a memory card, or installing or uninstalling software. It is not easy for the system administrator to find problems that are caused by changes, such as the theft of a memory card, or installation of software not permitted in the organization.

If information for devices managed by JP1/IT Desktop Management 2 changes, information before and after the change can be collected in the revision history. The revision history allows you to check only the device information that has changed, helping you find problematic changes easily. Check the revision history on a regular basis to confirm that no suspicious changes have been made.

To collect the revision history, you must specify the collection of revision history in the Settings module.

Process for collecting the revision history

If device information changed, the new device information is saved in the database. The new device information is compared with the old one at 0:00 everyday, and any differences are collected as the revision history for the day.

How to check the revision history

You can use the following two methods to check the collected revision history.

Checking the revision history displayed in the operation window

The Revision History view of the Device module allows you to check the latest revision history. This view displays a maximum of 600,000 entries in the revision history. If the number of entries exceeds 600,000, the oldest information is overwritten by the latest information.

Checking the revision history archive output to a CSV file

You can output the revision history archive to a CSV file. The output revision history archive allows you to retain information about the changes even if the revision history contains more than 600,000 entries. To output the revision history archive, you must specify the output settings during the setup.

Important note

If you delete device information, the host name of the deleted device is not displayed in the Revision History view of the Device module. If you need to check the host name of the deleted device, check the revision history archive output to a CSV file.

The following figure shows an overview of collecting and checking the revision history.

To Page Top

(18) Device information which can be collected in revision history and the conditions to detect changes

The following table describes the device information items whose changes can be collected in the revision history, and when JP1/IT Desktop Management 2 detects changes in device information.

Device information item	Changes collected in revision history	Conditions to detect changes
Mode	Changes to the management mode (Discovered, Managed, or Ignored) are collected.	The management mode is changed as follows: Discovered is changed to Managed. Managed is changed to Ignored. Ignored is changed to Managed. Device information indicated as Managed is deleted.
Management Type	Changes to the following management types are collected: Agent Management Agentless Management (Authentication Successful) Agentless Management (Authentication Failed) MDM Linkage Management	The device information has changed since the last time it was collected.
Host Name#1	Changes to the host name collected as computer information in the system information are collected.	The device information has changed since the last time it was collected. The host was changed in the operation window.
UUID (Computer Details)	Changes to the UUID collected as computer information in the system information are collected.	The device information has changed since the last time it was collected. Note, however, that changes to only the case of hexadecimal alphabetic letters (A to F or a to f) are ignored.
Total Memory (Computer Details)	Changes to the amount of memory collected as computer information in the system information are collected.	The device information has changed since the last time it was collected.
External Storage Capacity (Smart Device Information)	Changes to the external storage capacity collected as smart device information in the system information are collected.	The device information has changed since the last time it was collected.
IMSI (Smart Device Information)	Changes to the IMSI collected as smart device information in the system information are collected.	The device information has changed since the last time it was collected.
IP Address (Network Details)#1, #2, #3	Changes to an IP address collected in Network Details in the system information are collected.	The device information has changed since the last time it was collected. An IP address has changed in the operation window.
MAC Address (Network Details)#2	Changes to the MAC address collected in Network Details in the system information are collected.	The device information has changed since the last time it was collected. Note, however, that changes to only the case of hexadecimal alphabetic letters (A to F or a to f) are ignored.
Processor Name (Processor Details)#2	Changes to the processor collected in Processor Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Disk Name (Hard Disk Details)#2	Changes to the disk name collected in Hard Disk Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Hard Disk Capacity (Hard Disk Details)#2	Changes to the hard disk capacity collected in Hard Disk Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Drive Name (CD-ROM Drive Details) #2	Changes to the drive name collected in Drive Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Chip (Video Controller Details)#2	Changes to the video chip collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Chip VRAM Capacity (Video Controller Details)#2	Changes to the video chip VRAM capacity collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Driver (Video Controller Details)#2	Changes to the video driver collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Sound Card Product Name (Sound Card Details) #2	Changes to the sound card product name collected in Sound Card Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Installed Software Details	Changes to the following items in Installed Software Details are collected: Software Name Version Product ID	The device information has changed since the last time it was collected.
Department (Common Fields)	Changes to Department, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The department has changed in the operation window. The information is changed by importing a CSV file.
Location (Common Fields)	Changes to Location, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The location has changed in the operation window. The information is changed by importing a CSV file.
User Name (Common Fields)	Changes to User Name, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The user name has changed in the operation window. The information is changed by importing a CSV file.

#1: For a device that has one or more IP addresses with DHCP enabled, if the host name or an IP address is changed as follows, the changes in step 2 cannot be collected in the revision history.

1. The system administrator uses the operation window to change the device's host name or IP address for which DHCP is disabled.

2. After the above change, only the IP addresses for which DHCP is enabled are changed automatically.

In this case, the values of the device information and revision history displayed in the operation window are temporarily inconsistent. When the device information is collected the next day, the revision history is also collected and the values become consistent.

#2: If a device information item has multiple values, changes are collected if at least one value has been added, changed, or deleted. However, changes to only the order of values are not collected. The following table uses an example of Disk Name (Hard Disk Details) that has multiple values to show whether the revision history is collected.

Device information value		Revision history collected?
Before the change	After the change
HDDModel1, HDDModel2	HDDModel2, HDDModel3	Y
HDDModel1, HDDModel2	HDDModel1	Y
HDDModel1, HDDModel2	HDDModel1, HDDModel2, HDDModel3	Y
HDDModel1, HDDModel2	HDDModel2, HDDModel1	N

Legend: Y: Collected. N: Not collected.

#3: If DHCP is enabled for both the new and old IP addresses, the revision history is not collected. If DHCP is disabled for either the new or old IP address, the revision history is collected. The DHCP setting cannot be acquired if device information is collected by using SNMP or ICMP. If the DHCP setting cannot be acquired, the IP addresses are compared while DHCP is assumed to be disabled.

To Page Top

(19) Behavior after managed computers are disconnected from the network

If a managed computer loses network connectivity, the system attempts to connect to the computer at the interval specified in the agent configurations as if the computer were still connected to the network.

In this scenario, the management server cannot determine whether the managed computer has disconnected from the network or was switched off. Therefore, an online-managed computer that has disconnected from the network is assumed to have been turned off if a length of time equivalent to the server connection interval plus 10 minutes has elapsed since the last alive confirmation date/time. An agentless device is assumed to be turned off as soon as the management server is unable to collect information from the device.

During search for devices connected to the network, a managed device is not assumed to be turned off even if the management server is unable to collect information from the device. To check the status of an agentless device, select Update Device Details in the Device list or check the status after the information is updated regularly.

The device information for a computer remains unchanged until the computer reconnects to the network and JP1/IT Desktop Management 2 is able to collect up-to-date information for the computer.

Behavior of online-managed computers when disconnected from the network

Computers that are disconnected from the network are still subject to security policies. As a result, the following occurs:

• The user is prevented from starting restricted software.

  Blocked attempts to start restricted software are recorded as events on computers with the agent installed.

• The user is prevented from using devices if the security policy prohibits their use.

• Operation log entries are recorded.

  Operation logs are stored locally in the agent-installed computer.

Tip

These do not occur on agentless computers. This is because the security status of an agentless computer is judged by assessing its device information against the security policy on the management server, not as a result of sending a security policy to the computer itself.

Behavior when computers reconnect to the network

When a computer reconnects to the network after a period of isolation, it uploads security-related items and the latest device information according to the monitoring interval specified in the agent configurations, not immediately upon reconnection. Events that were saved locally while the computer was isolated from the network are uploaded when the computer next communicates with the management server.

A user's computer uploads operation logs to the management server. When the computer reconnects to the network, all the operation logs stored on the computer are uploaded at the next scheduled upload time.

Assessment of security status

While a computer is isolated from the network, its security status continues to be assessed based on the information in the database that was collected by the management server before the computer became isolated from the network.

To Page Top

(20) Creating groups

Groups are classified into system-sorted groups (Device type, Network, Department, and Location) that are automatically created by the system and user-defined groups created by the system administrator. Devices are automatically sorted into groups according to the device information and hardware asset information. The created groups are displayed in the menu area.

The following describes how each type of group is created.

Device type

Groups are created according to the device types (such as PC, server, or printer) collected from devices. When device information is collected from a computer with the device type PC or Server, subgroups are created for each OS.

Network

Groups are created for each network address based on the IP addresses and subnet masks of devices.

Department

Groups are created based on the department information collected from devices. If an administrator has registered a department hierarchy in the Asset Field Definitions view of the Settings module, it is automatically reflected in the group hierarchy.

When linking with Active Directory, the OU hierarchy is reflected in the group hierarchy.

Location

Groups are created based on the location information collected from devices. If an administrator has registered a location hierarchy in the Asset Field Definitions view of the Settings module, it is automatically reflected in the group hierarchy. If you use SNMP to collect device information, the location values collected by SNMP are reflected in the created groups.

When linking with Active Directory, the location values collected for each computer are reflected in the created groups.

User-Defined

The system administrator adds groups in the Edit User-Defined List dialog box that opens from the menu area. The managed computers are automatically sorted into the corresponding groups according to the conditions specified for each group in the user definitions.

Related Topics:

• 2.4.3 Linking with Active Directory

To Page Top

(21) Process for definitions and groups for departments and locations

In the Settings module, you can edit definitions of departments and locations in device information collected from users. The definitions you added in the Settings module are automatically added as groups in the menu area of the Assets module and the Device module. You can also view a list of definitions that are deleted due to office reorganization or personnel changes and delete all these definitions at one time. To do this, use the Delete Hierarchies Used in Old Organization dialog box that opens from the menu area of the Assets module and the Device module.

Department and location groups can be edited in the menu area.

The following describes the available operations and results when editing definitions in the Settings module and when editing groups in the menu area.

When editing definitions in the Settings module

In the Settings module, you can do the following to edit information:

• Add definitions

• Delete definitions

• Rename definitions

• Change the position of a definition in the hierarchy

If you edit information in the Settings module, the changes are applied to the definitions, and not to the user information on the devices. If you add, rename, or rearrange a definition, a new group corresponding to the edited definition is added while the group for the definition before the change remains in the menu area. If you delete a definition, the group corresponding to the definition you deleted also remains in the menu area.

The following figure shows the results that are applied to the menu area and user information on the device when a definition is renamed and another definition is deleted in the Settings module.

When editing groups in the menu area

In the menu area, you can do the following to edit information:

• Rename groups

• Delete groups

If you edit groups in the menu area, the changes are also applied to the user information on the device registered in the group, in addition to the group definition.

The following figure shows the results that are applied to the definition and user information on the device when a group is renamed in the menu area.

Tip

Create department and location definitions that reflect how you intend to manage devices. If the definitions disagree with the user information, edit the user information so that devices are registered in the groups you defined, as intended. By doing so, an administrator can manage devices in groups aligned with his or her intentions.

Settings required after definitions and groups are edited

If definitions and groups are edited due to office reorganization or personnel changes, you must do the following.

If department definitions are added

Do the following for the added departments:

• Assign security policies

• Assign agent configurations

• Add the department administrator to the administration scope

If department definitions are changed

Do the following for the changed departments, except for the case where you changed the definitions by using the ioassetsfieldutil import command:

• Assign security policies

• Assign agent configurations

• Add the department administrator to the administration scope

In addition, delete the following asset information items associated with the department of the old organization, or associate them with another department:

• Hardware asset information

• Software asset information

• Contract information

If a department definition is deleted

Delete the following asset information items associated with the deleted department, or associate them with another department:

• Hardware asset information

• Software asset information

• Contract information

If a department group is deleted

Delete the following asset information items associated with the deleted department, or associate them with another department:

• Hardware asset information

• Software asset information

• Contract information

To Page Top

(22) Overview of user-defined groups

User-defined groups, into which devices are sorted based on a given condition, can be edited in the menu area of the Security module and Device module.

You can assign security policies to user-defined groups. Unlike other groups, user-defined groups cannot be used for assigning agent configurations or reports.

Only one level of a user-defined group can be created. The name of a user-defined group can be a string with 256 or fewer ASCII characters other than control characters.

Devices are sorted according to the type of device information, target items, judgment condition, and judgment value specified in the user-defined group conditions. Therefore, you cannot directly sort devices into groups. A device that matches multiple user-defined groups is sorted into all the groups it matches. No devices are sorted into user-defined groups for which no conditions are set.

Type of device information

The type of device information of the target item. You can select Device list (sorted by system) (Device type, Network, Department, or Location) or Custom Field whose information is added by the system administrator.

Target items

The target item for the user-defined group conditions. If multiple target items are set, only the devices that meet the conditions for all the target items are sorted into groups.

Judgment conditions

The conditions used to compare the target item value with the judgment value. Devices are sorted into groups based on the result of the comparison.

Judgment value

The value that is compared with the target item according to the judgment condition.

The Devices for Which Conditions Do Not Apply group appears in the menu area by default. Devices that are not sorted into the user-defined groups created by the system administrator will be sorted into this group.

Judgment conditions and judgment values that can be specified for user-defined groups

Judgment conditions and judgment values that can be specified for a user-defined group vary depending on the type of device information. The following tables list the judgment conditions and judgment values that can be specified for each type of device information.

If Type of device information is Device list (sorted by system)

Judgment condition	Judgment value
Equals the judgment value	Hierarchy values displayed in the pull-down menu
Does not equal the judgment value
Equals the judgment value (including lower-hierarchy values)#
Does not equal the judgment value (including lower-hierarchy values)#

#: Cannot be specified if the target item is Network.

If Type of device information is Custom Field

Data type of judgement item	Judgment condition	Judgment value
Text	Equals the judgment value	Character string with 1 to 256 characters The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.
	Does not equal the judgment value
	Begins with the judgment value
	Ends with the judgment value
	Contains the judgment value
Number	Equals the judgment value	-2,147,483,647 to 2,147,483,647
	Does not equal the judgment value
	Equal to or greater than the judgment value
	Less than or equal to the judgment value
	Greater than the judgment value
	Less than the judgment value
Enumeration	Equals the judgment value	Value displayed in the pull-down menu The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.
	Does not equal the judgment value

When devices are sorted into user-defined groups

Devices are sorted into groups according to the specified user-defined group conditions when one of the following occurs:

• The name of a user-defined group is changed.

• A user-defined group is deleted.

• User-defined group conditions are edited.

• A device that belongs to the system-sorted group specified for the target item by the user-defined group conditions moves to another group.

• The Custom Field information specified for the target item by the user-defined group conditions is updated.

• The Custom Field information specified for the target item by the user-defined group conditions is deleted.

To Page Top

(23) Deleting duplicate device information

If an action such as reinstalling the operating system causes the agent program to be removed from a computer, a situation might arise in which the same device is registered more than once in the database. To delete duplicate device information:

• In the Device Inventory view of the Device module, delete the device whose Last Modified Date/Time is farther in the past.

• In the Device Inventory view of the Device module, sort the list of devices by MAC address. If two devices have the same MAC address, remove one of the devices.

To Page Top