2.6.2 Collecting device information

JP1/IT Desktop Management 2 collects device information from the devices it manages. It can also collect device information from Active Directory, or information can be entered directly by an administrator. You can view device information in the Inventory module.

For details about the types of device information JP1/IT Desktop Management 2 can collect, see (1) Types of device information you can collect.

Note that the range of information you can collect depends on the type of device, as described next.

Computers with the agent installed

The manager collects every piece of device information managed by JP1/IT Desktop Management 2. It can also collect the information managed by Active Directory. Administrators can also enter certain information directly.

You can also display a form to users and collect the information they enter. For details about how to collect information entered by users, see (12) Collecting user information.

You can also search for and collect information about software that does not appear in the Programs and Features list of the Windows Control Panel. For details, see (11) Defining search conditions for software information.

Agentless computers

Device information is collected during the discovery process, to the extent permitted by the authentication settings. Authentication can use Windows administrative shares or SNMP. If authentication fails, the manager acquires device information within the scope available to the ICMP or ARP protocol.

You can also collect the information managed by Active Directory, and administrators can enter certain information directly.

Devices other than computers

The manager acquires the range of device available via SNMP authentication or the ICMP or ARP protocol.

Administrators can also enter certain information directly.

Timing of device information collection

The following describes how the timing with which information is collected depends on the device type.

Computers with the agent installed

Online-managed computers

JP1/IT Desktop Management 2 automatically collects device information when a computer becomes a management target, and updates the database when changes are detected in the information associated with a computer.

Offline-managed computers

Device information is updated each time you use external media to provide the computer's information to the management server.

In the case of agents for UNIX or Mac, note that you cannot collect device information from offline-managed computers.

Agentless computers and devices other than computers

Device information is updated regularly according to a set schedule.

You can collect the latest device information from devices with the agent installed at any time you wish.

When collecting device information in this way, the management server collects the most recent information entered by the user.

Organization of this subsection

(1) Types of device information you can collect
(2) Device status information that can be collected
(3) System information that can be collected
(4) Hardware information
(5) Installed software information
(6) Security information
(7) Shared management items for asset information and device information
(8) Criteria for device statuses
(9) Timing of device information collection
(10) Collecting software information
(11) Defining search conditions for software information
(12) Collecting user information
(13) Collecting registry information
(14) Updating device information
(15) Information collected when updating device information
(16) Events generated when updating device information
(17) Collecting the device revision history
(18) Device information which can be collected in revision history and the conditions to detect changes
(19) Behavior after managed computers are disconnected from the network
(20) Creating groups
(21) Process for definitions and groups for departments and locations
(22) Overview of user-defined groups
(23) Deleting duplicate device information
(24) Size of inventory information collected from devices with agents for UNIX or Mac installed

(1) Types of device information you can collect

JP1/IT Desktop Management 2 collects device information from the devices it manages. There are two categories of device information: Basic device information, and common fields (assets and device inventory).

Basic device information: Device information that is collected by default. There are four categories of basic device information: System Details, Hardware Details, Installed Software Details, and Security Details.
Common fields (Assets and device inventory): Information that relates to the user of a device. You can have users enter this information directly.

The range of device information you can collect depends on whether the device is a computer with the agent installed. For agentless devices, the information you can collect depends on the authentication method used. The explanation below refers to the following types of authentication used with agentless devices:

Administrative share: You can use the authentication provided by a Windows administrative share.
SNMP: You can use the authentication implemented by SNMP.
ARP: You can use the authentication implemented by ARP.
ICMP: You can use the authentication implemented by ICMP.
Active Directory: JP1/IT Desktop Management 2 links with Active Directory.
MDM: JP1/IT Desktop Management 2 links with an MDM system.
API: JP1/IT Desktop Management 2 links with an external system via the API.

If a device cannot undergo authentication using Windows administrative shares or SNMP, you can use ICMP or APR to verify the device presence but not to collect information from the device. When linking with Active Directory, some items can be collected from Active Directory while others cannot.

When linking with an MDM system to manage smart devices, you can collect the information managed by the MDM system as device information.

The use of the API from an external system allows you to collect the information managed by the external system as device information.

You can view collected device information in the Device Inventory and Software Inventory views of the Inventory module. Reasons why the system might be unable to collect device information include the device being turned off or not connected to the network, or failing to establish a connection with the management server. Items for which --, N/A, or Unknown is displayed could not be collected. Reasons why a particular item cannot be collected include the device's authentication status, device type, operating system, and software.SNMP: NG(No credential) might appear if not enough information was collected to identify a device.

The tables in the next section show the items of device information you can collect, and whether each item can be collected from a computer with the agent installed, an agentless device, Active Directory, an MDM system, or API.

To Page Top

(2) Device status information that can be collected

The following table lists the information JP1/IT Desktop Management 2can collect about the status of a device.

When using SNMP authentication, the device information that can be collected depends on the SNMP agent installed on the computer. This means that some device information might not be collected.

Management Type

Icon	Description	Agent installed		Agentless
Icon	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
	Agent Management Indicates a device with the agent installed.	Y	Y	--	--	--	--	--	--
	Agentless Management (Authentication Successful) Indicates a device that has undergone successful authentication via a Windows administrative share or via SNMP. Also indicates a device that is newly discovered by Active Directory discovery.	--	--	Y	Y	--	Y	--	--
	Agentless Management (Authentication Failed) Indicates a device that has not undergone authentication.	--	--	--	--	Y	--	--	--
	Agent Management (Network Access Control) Indicates a device with the agent installed and with network access control enabled.	Y	--	--	--	--	--	--	--
	Agent Management (Network Access Control)(Starting management) Indicates a device with the agent installed and network access control in the process of starting.	Y	--	--	--	--	--	--	--
	Agent Management (Network Access Control)(Failed to start management) Indicates a device with the agent installed, where an attempt to start network access control has failed.	Y	--	--	--	--	--	--	--
	Agent Management (Network Access Control)(Stopping management) A device with the agent installed and network access control disabled.	Y	--	--	--	--	--	--	--
	Agent Management (Network Access Control)(Failed to stop management) A device with the agent installed where an attempt to stop network access control has failed.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system) Indicates a device with a relay system installed.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control) Indicates a device with a relay system installed and with network access control enabled.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control - Starting management) Indicates a device with a relay system installed and network access control in the process of starting.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control - Failed to start management) Indicates a device with a relay system installed, where an attempt to start network access control has failed.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control - Stopping management) Indicates a device with a relay system installed and network access control disabled.	Y	--	--	--	--	--	--	--
	Agent Management (Relay system)(Network Access Control - Failed to stop management) Indicates a device with a relay system installed, where an attempt to stop network access control has failed.	Y	--	--	--	--	--	--	--
	Management Relay Server Indicates a management relay server installed.	Y^#	--	--	--	--	--	--	--
	Management Relay Server (Network Access Control) Indicates a management relay server installed and network access control enabled.	Y^#	--	--	--	--	--	--	--
	Management Relay Server (Network Access Control - Starting management) Indicates a management relay server installed and network access control in the process of starting.	Y^#	--	--	--	--	--	--	--
	Management Relay Server (Network Access Control - Failed to start management) Indicates a management relay server installed, where an attempt to start network access control has failed.	Y^#	--	--	--	--	--	--	--
	Management Relay Server (Network Access Control - Stopping management) Indicates a management relay server installed and network access control disabled.	Y^#	--	--	--	--	--	--	--
	Management Relay Server (Network Access Control - Failed to stop management) Indicates a management relay server installed, where an attempt to stop network access control has failed.	Y^#	--	--	--	--	--	--	--
	MDM Linkage Management Indicates a device has acquired information from an MDM system and managing the information.	--	--	--	--	--	--	Y	--
	API Management Indicates a device has acquired information from an external system via the API and managing the information.	--	--	--	--	--	--	--	Y

Legend: Y: Can be collected. --: Not applicable.

#: Refers to the agent for the management relay server.

Connection settings

Connection settings indicate the network connection settings status in JP1/IT Desktop Management 2.

Icon	Description	Agent installed	Agentless
Icon	Description	Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
	Allowed The device is able to connect to the network.	Y	Y	Y	Y	Y	Y	Y
	Blocked The device is unable to connect to the network. This status also applies to devices whose network connection was automatically blocked by a security policy or the network monitoring function.	Y	Y	Y	Y	Y	Y	Y
	Forced Block A device whose network connection has been blocked by an administrator.	Y	Y	Y	Y	Y	Y	Y
	Not use period A device that is not allowed to connect to the network because it is outside the allowed time period defined in the network control list.	Y	Y	Y	Y	Y	Y	Y
	Unknown JP1/IT Desktop Management 2is determining whether the device is permitted to connect to the network. The device will transition to another status when the judgment is made.	Y	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected.

Device Status

Icon	Description	Agent installed^#1		Agentless
Icon	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
	Running Indicates that the computer is on.	Y	N	Y	Y	Y	N	N	Y
	Stop Indicates that the computer is off.^#2	Y^#3	N	Y	Y	Y	N	N	Y
	Warning There is a problem with the device. You can use the System Information and Events tabs of the Inventory module to investigate further.	Y^{#3, #4}	N	N	Y^#5	N	N	N	Y
	Critical There is a serious problem with the device. You can use the System Information and Events tabs of the Inventory module to investigate further.	N	N	N	Y^#6	N	N	N	Y
	Unknown The status of the device is unknown.	N	Y	N	Y	Y	Y	Y	Y
	Management by Management Server Under the Local Server Indicates that the managing device of the device is a management relay server under the local server. The operation status is not collected for this device.	Y	Y	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected. N: Cannot be collected. --: Not applicable.

Note:

For details about the conditions under which each device status is displayed, see (8) Criteria for device statuses.

#1

Stop appears as the device status when you first acquire the status of an offline-managed computer. Each time thereafter, the device retains its previous status.

However, if ON is specified for the OfflineRegistration_StatusUnknown property in the configuration file (jdn_manager_config.conf), the device status will be Unknown.

#2

If a device cannot be communicated with, the device status becomes Stop.

#3

The following devices' statuses become Warning when they are turned off and being managed offline. The status for such devices never appears as Stop.

Relay system
Computer with the agent installed and network access control enabled

#4

The device status for an agent-installed computer on which network monitoring is enabled becomes Warning when JP1_ITDM2_Network Monitor service is stopped.

#5

The device status for a printer whose toner or paper level is low becomes Warning.

#6

The device status for a printer that has no remaining toner or paper becomes Critical.

Management Status

Icon	Description	Agent installed		Agentless
Icon	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
	Online management The device is being managed online.	Y	Y	--	--	--	--	--	--
	Offline management The device is being managed offline.	Y	--	--	--	--	--	--	--
	Agent not Installed The agent is not installed on the device.	Y	--	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected --: Not applicable

Information of the management relay server to which the managed device connects

Item	Description	Agent installed	Agentless
Item	Description	Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Managing Source	Indicates the host name of the management relay server that manages the device. If the device is managed by the local server, (local server) is displayed.	Y	Y	Y	Y	Y	Y	Y
Route to the Managing Source	Indicates the route from the local server to the management relay server that manages the device.	Y	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected.

To Page Top

(3) System information that can be collected

This section describes the information that JP1/IT Desktop Management 2 can collect as system information. System information consists of the following:

Device type
Host ID
Computer information
User information
OS information
Network information
Printer information
Smart device information

When using SNMP authentication, the device information that can be collected depends on the SNMP agent installed on the computer. This means that some device information might not be collected.

Device type

Device type	Description	Agent installed		Agentless
Device type	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
PC	Set when the OS type is one of the following: Windows 10 Windows 8.1 Windows 8 Windows 7 Windows Vista Windows XP Windows 2000 Windows OS (unknown edition) Windows OS (unknown type) Mac OS Unknown OS	Y	Y^#1	Y	Y	N	Y	N	Y
Server	Set when the OS type is one of the following: Windows 2000 Server Windows 2000 Advanced Server Windows Server 2003 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 UNIX AIX HP-UX Solaris Linux CentOS Red Hat Enterprise Linux Oracle Linux	Y	Y	Y	Y	N	Y	N	Y
Storage	Must be assigned to a device by an administrator.	N	N	N	N	N	N	N	Y
Network Device	Collected automatically for a network device other than a network printer.	N	N	N	Y	N	N	N	Y
Printer	Collected automatically for a network printer.	N	N	N	Y	N	N	N	Y
Smart Device	Set when the information was acquired from an MDM system.	N	N	N	N	N	N	Y	Y
Peripheral Device	Must be assigned to a device by an administrator.	N	N	N	N	N	N	N	Y
USB Device	Set in the following cases: When input by an administrator When registered from the Register USB Device dialog box	N	N	N	N	N	N	N	Y
Display	Must be assigned to a device by an administrator.	N	N	N	N	N	N	N	Y
Other	Must be assigned to a device by an administrator.	N	N	N	N	N	N	N	Y
Custom device type^#2	Must be assigned to a device by an administrator.	N	N	N	N	N	N	N	Y
Unknown	Set when the device type could not be acquired.	N	N	N	N	Y	N	N	Y

Legend: Y: Can be collected automatically. N: Cannot be collected automatically.

#1: An agent can be installed in the following Mac OSs: OS X 10.10, OS X 10.11, macOS 10.12, macOS 10.13, macOS 10.14, macOS 10.15, and macOS 11

#2: In a multi-server configuration, when a device type is changed on a management relay server, and if the new device type item is not set in the higher management server, the item is added to the higher management server. If the maximum number of items that can be added on the higher management server is exceeded, the device information update fails on the higher management server. Check events of the higher management server to see whether the update failed.

Tip: Special network devices that are Linux-based such as BIG-IP might be discovered as servers (Linux). After checking the Device Details of the discovered device, you can change the device type if needed.

Tip: A printer that has the functionality of a router may be discovered as a Network Device. In this case, check the device information of the discovered device, and modify device type if necessary.

Host ID

Item	Description	Agent installed	Agentless
Item	Description	Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Host ID	Displays the host ID.	Y	Y	Y	Y	Y	Y	Y

Legend: Y: Can be collected

Note: A host ID of an agent-installed computer or a computer from which information is collected through administrative share identifies the device based on the items listed below. When any of the information items are changed due to a hardware component replacement, the computer can be registered as a different device.

Machine UUID
Machine serial number
BIOS serial number
Motherboard serial number

Note that a computer is registered as a different device up to three times when any of the information items listed above are changed.

Note

When you manage shared VDI-based virtual computers, you can generate host IDs based on one of the following device information items:

Computer name^#1
Account name^#2
IP address (IPv4)^#1

#1: This option is selectable when VMware Horizon View and the Machine Creation Services (MCS) technology provided by Citrix Virtual Desktops are used.

#2: This option is selectable when the Provisioning Services (PVS) technology provided Citrix Virtual Desktops is used.

Furthermore, when the device information item in question satisfies all of the following conditions, it is used as part of the host ID to be generated:

Computer name: A string that does not exceed 15 characters and consists of alphanumeric characters, a hyphen (-), and a underscore (_)
Account name: A string that does not exceed 20 characters and consists of alphanumeric characters, spaces, and symbols (-, !, #, $, ', (, ), ., ^, _, `, {, }, and ~)

Important

Observe the following precautions concerning the generation of host IDs for the management of shared VDI-based virtual computers:

The device information item to be used for the generation of a host ID must be unique.
The device information item to be used for the generation of a host ID must be appropriate to each virtualization method. If you select an incorrect device information item, licenses might not be counted correctly.
If you use an IP address to generate a host ID, assume that only one IP address is set for each virtual computer. When multiple IP addresses are set for a virtual computer, only one of them is used to generate a host ID.
When you validate the setting to obtain an IP address automatically on Windows, use the device information item other than IP address to generate a host ID.

Computer information

Item		Description	Agent installed			Agentless
Item		Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Computer information	Computer Name (Description)	Name (Computer) The computer name set in the Computer Name Changes dialog box displayed by clicking Change on the Computer Name panel of the System Properties. For SNMP authentication, the acquired host name is displayed. For a smart device, the name is one of the following names used to identify the smart device in the MDM system: the smart device name, or a name that is the combination of the user name, contract phone number, and model name, separated with colons (:).^#1 Description (Computer) The value in the Computer description field on the Computer Name panel of the System Properties. For SNMP authentication, the description about the device and the object ID unique to the device developer are displayed. For smart devices, this information cannot be acquired.	Y	Y^#2	Y^#2	Y	Y	N	Y	Y	Y
	Host Name	The fully qualified domain name of the physical host. In the following circumstances, the NetBIOS name or the host name without a domain name are collected. The host is not part of a domain or its domain membership cannot be confirmed The host name was acquired by an SNMP search For a smart device, the smart device name, or a combined name of the user name, contract phone number, and model name, connected with colons (:), that are displayed to identify the smart device in the MDM system.^#1	Y	Y^#2	Y^#2	Y	Y	N	Y	Y	Y
	Model (Manufacturer)	The model and manufacturer of the computer, assigned by the vendor.	Y	Y	Y	Y	N	N	N	Y	Y
	UUID	The universally unique identifier (UUID) of the computer.	Y	Y	Y	Y	N	N	N	N	Y
	Serial #	The serial number (BIOS information) of the computer.	Y	Y	Y	Y	N	N	N	Y	Y
	CPU	The model name of the CPU.	Y	Y	Y	Y	Y	N	N	N	Y
	Total Memory	The total amount of physical memory installed in the computer.	Y	Y	Y	Y	Y	N	N	Y	Y
	Total Free Space	The amount of free space on the hard disk (the type of logical drive is Local Disk). If the total amount of free space on the local disk exceeds 9,223,372,036,854,775,807 bytes, 9,223,372,036,854,775,807 (bytes) is displayed.	Y	Y	Y	Y	N	N	N	N	Y
System Drive	System Drive	The total number of logical drives.	Y	Y	Y	Y	N	N	N	N	Y
	System Drives^#3 (Type/Free/Total/File System)	If there are several system drives, the following information can be collected for each drive: Type The type of drive, such as hard disk, CD/DVD drive, or removable disk. Free space^#4 The free space available on the drive. Capacity^#4 The total capacity of the drive. File system^#4 The name of the file system, such as FAT32 or NTFS. The string Locked by BitLocker appears when the system drive is locked by BitLocker.	Y	Y	Y	Y	N	N	N	N	Y
	Disk Name (Capacity/Interface)^#5	Disk Name The model of the hard disk drive. Total Capacity The total capacity of the hard disk drive. Interface The interface such as IDE or SCSI used with the hard drive.	Y	Y	Y	Y	Y^#6	N	N	Y^#7	Y
BIOS Information	BIOS Information	The name of the BIOS.	Y	N	N	Y	N	N	N	N	Y
	Manufacturer	The manufacturer of the BIOS.	Y	Y	N	Y	N	N	N	N	Y
	Serial Number	The serial number of the BIOS.	Y	N	N	Y	N	N	N	N	Y
	Version (BIOS/SMBIOS)	BIOS The version of the BIOS. SMBIOS The version of the SMBIOS.	Y	Y	N	Y	N	N	N	N	Y
	Release Date	The release date of the BIOS.	Y	Y	N	Y	N	N	N	N	Y
AMT Firmware Version		The version of the AMT firmware.	Y	N	N	N	N	N	N	N	Y
Power Control	Turn off monitor (AC/DC)^{#8, #9}	The length of time until the monitored power supply shuts off. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	N	N	Y	N	N	N	N	Y
	System standby (AC/DC)^#8	The length of time until the system enters standby. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	N	N	Y	N	N	N	N	Y
	System hibernates (AC/DC)^#8	The length of time until the system goes into hibernation. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	N	N	Y	N	N	N	N	Y
	Turn off hard disks (AC/DC)^{#7, #8}	The length of time before the hard disk is turned off. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	N	N	Y	N	N	N	N	Y
	Processor Throttle (AC/DC)^{#8, #9}	The power setting of the processor. AC Indicates an AC power supply. DC Indicates a DC (battery) power supply.	Y	N	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#1: For whether the smart device name or the combined name of the user, contract phone number, and model name connected with colons (:) is displayed, see the descriptions about the computer name and host name in (2) Device information that can be acquired from MDM systems.

#2: The information is collected if the agent for UNIX or Mac is set so that the computer name is notified. In this case, the host name (fully qualified domain name) is collected as if it is a computer name. Note that computer description cannot be obtained.

#3: For a Windows agent, a drive letter (such as C: and D:) is obtained, For an agent for UNIX or Mac, a mount path is obtained,

#4: In Windows Server 2019, Windows Server 2016, Windows 10, Windows 8.1, Windows 8, Windows Server 2012, Windows 7, and Windows Server 2008 R2, information cannot be collected if BitLocker drive encryption is locked.

#5: In Windows Server 2019, Windows Server 2016 and Windows Server 2012, if a virtual disk is configured with the storage service, the virtual disk information is collected as a physical disk.

#6: Only Disk Name and Capacity can be collected.

#7: Only Capacity can be collected.

#8: If a user without Administrator permission is logged on to a computer running Windows Server 2003 or Windows XP, the system collects the power control settings for the last user who logged on with Administrator permission.

#9: If these features cannot be used, correct information might not have been collectable.

User Details

Item	Description	Agent installed			Agentless
Item	Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Last Logged On User Name (User Name)	The user name or account name and domain name (or computer name) of the last user to log on.	Y^#1	N	Y	Y^#1	N	N	N	N	Y
Last Logged On User Description	A description of the last user to log on.	Y^#1	N	N	Y^#1	N	N	N	N	Y
Locale/Current Time Zone	Locale The locale of the last user to log on. Current Time Zone The time zone of the last user to log on.	Y	N	Y^#2	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Note: The user details can be collected when the user logs on by using the console. The user details cannot be collected when the user logs on remotely.

#1: If the last user to log in is a domain user, you cannot collect the full name and description of the user.

#2: Only information about the time zone can be collected.

OS Details

Item	Description	Agent installed			Agentless
Item	Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
OS and Service Pack or Version (Language) ^#1	The service pack or version, and the language of the OS that are applied to the OS. This information indicates which language version of Windows (such as English or Japanese) is installed, not the locale setting.	Y	Y^#2	Y^#2	Y	N	N	Y^#3	N	Y
Kernel version	The kernel version of Linux.	N	Y	N	N	N	N	N	N	Y
Serial #	The serial number of the OS. The serial number is different from the license key needed to install the OS.	Y	N	N	Y	N	N	N	N	Y
Owner (Company)	Owner The owner name entered by the user when installing the OS. Company The company name entered by the user when installing the OS.	Y	N	N	Y	N	N	N	N	Y
OS last startup date/time	The last startup date and time of the OS.	Y	Y	Y	Y	N	N	N	N	Y
Windows directory	The directory in which the OS is installed.	Y	N	N	Y	N	N	N	N	Y
Windows Installer Version	The version number of Windows Installer.	Y	N	N	Y	N	N	N	N	Y
Windows Update (Agent Version)	The version number of the Windows Update agent.	Y	N	N	Y	N	N	N	N	Y
IE Version (Service Pack)	IE Version The Internet Explorer version. IE Service Pack The service pack version of Internet Explorer.	Y	N	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#1: Information to be collected depends on the operating system of the agent.

For any operating system other than Windows 10, Windows Server 2019, or Windows Server 2016:: The service pack information of the operating system is collected.
For Windows 10, Windows Server 2019, or Windows Server 2016:: The version information that is returned by the Ver.exe command of the operating system (for example, 1511) is collected.

#2: Only the OS name can be collected.

#3: Only information about the OS service pack or version can be collected.

Network Details

Item	Description	Agent installed^#1		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
IP Address/Subnet Mask^#6	The IP address and subnet mask of the device.	Y	Y	Y	Y	Y^#2^{, #3}	Y	N	Y
Network Adapter	The name of the network adapter.	Y	Y	Y	Y	N	N	N	Y
MAC Address^#6	The MAC address of the device.	Y	Y	Y	Y	Y^#3^{, #4}	Y	Y	Y
Default Gateway	The default gateway.	Y	Y	Y	Y	N	N	N	Y
WINS Server Address (Primary/Secondary)	Primary The address of the primary WINS server. Secondary The address of the secondary WINS server.	Y	N	Y	N	N	N	N	Y
DNS Server Address	The address of the DNS server.	Y	Y	Y	N	N	N	N	Y
DHCP	Whether or not DHCP is enabled.	Y	Y	Y	N	N	N	N	Y
DHCP Server Address	The address of the DHCP server.	Y	Y	Y	N	N	N	N	Y
Lease Acquisition/Expiration Date/Time	The date and time when the DHCP lease was acquired, and then date and time when the lease expires.	Y	N	Y	N	N	N	N	Y
Domain (Workgroup)/Role	Domain The name of the domain or workgroup to which the computer belongs. Domain Role The role of the device in the OS domain, such as primary domain controller or member workstation.	Y	N	Y	Y^#5	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Note: The network information can be collected only from network adapters that appear in the Control Panel.

#1: Cannot be collected from an offline-managed computer lacking a NIC.

#2: Only the IP address can be collected.

#3: The collected information does not appear on the System Details tab of the Device Inventory view of the Inventory module. You can review the collected information by exporting the device list.

#4: Only collected in environments that use ARP.

#5: Only the Domain is collected.

#6: The System Details tab of the Device Inventory view of the Inventory module displays all device information (information regarding the devices connected to the network) held by the computer. The Device List view and the system configuration information display information regarding the network-connected devices used for communication with a higher system. However, when the computer is communicating with the Internet gateway, information regarding one of the network-connected devices held by the computer is displayed.

Printer Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Printing Method (Method/Colors)	The printing method used by the printer.	N	N	N	Y	N	N	N	Y
Consumables (Type/Description/Condition)	The type of consumable (such as ink) used by the printer, and the amount remaining.	N	N	N	Y	N	N	N	Y
Paper Feed Tray (Type/Name/Condition)	The type of paper feed tray used in the printer, and the amount of paper remaining.	N	N	N	Y	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Smart Device Information

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
IMEI	The ID number assigned to the mobile device.	N	N	N	N	N	N	Y	Y
UDID	An identifier assigned to smart devices made by Apple.	N	N	N	N	N	N	Y	Y
ICCID	A number assigned to the SIM card in smart devices manufactured by Apple.	N	N	N	N	N	N	Y	Y
IMSI	An ID number that identifies a subscriber of a mobile communication device. An IMSI is assigned to the SIM card of a smart device.	N	N	N	N	N	N	Y	Y
Contract phone number	The telephone number assigned to the subscriber.	N	N	N	N	N	N	Y	Y
E-mail	The E-mail address of the smart device.	N	N	N	N	N	N	Y	Y
Carrier	The company that provides the communication service used by the smart device.	N	N	N	N	N	N	Y	Y
Passcode or password setting	Whether a passcode or password is set on the device.	N	N	N	N	N	N	Y	Y
Internal storage (Free)	Internal storage The internal storage capacity of the smart device. Free The free space available on the internal storage of the smart device.	N	N	N	N	N	N	Y	Y
External storage (Free)	External storage The capacity of media (such as SD cards) installed in the smart device. Free The free space available on media (such as SD cards) installed in the smart device.	N	N	N	N	N	N	Y	Y
RAM (Free)	RAM The memory capacity of the smart device. Free The amount of free memory available on the smart device.	N	N	N	N	N	N	Y	Y

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(4) Hardware information

This section describes the hardware information you can collect. Hardware information consists of the following:

Processor Details
Memory Details
Hard Disk Details
CD-ROM Drive Details
Removable Drive Details
Printer Details
Video Controller Details
Sound Card Details
Network Adapter Details
Monitor Details
Keyboard Details
Mouse Details

When using SNMP authentication, the device information that can be collected depends on the SNMP agent installed on the computer. This means that some device information might not be collected.

Processor Details

Item	Description	Agent installed	Agentless
Item	Description	Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Processor Details	The number of processors.	Y	Y	N	N	N	N	Y
Processor Name	The name of the processor.	Y^#	Y	Y	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#: For devices with agents for UNIX or Mac installed, the list of devices in the Device Inventory view or in a CSV file exported by a command shows only one name even when there are multiple processors. The number of processors on a device with an agent for UNIX or Mac installed is shown on the Hardware Details tab in the Device Inventory view.

Memory Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Memory Details	The total amount of physical memory installed in the computer.	Y^#2	Y	Y	N	N	N	N	Y
Total Capacity	The amount of physical memory installed in the computer.	Y^#2	Y	Y	N	N	N	Y	Y
Slots	The total amount of physical memory installed in a memory slot. If the computer has several memory slots, the amount of memory in each slot can be collected.	Y^#2	Y^#3	Y	N	N	N	N	Y
Virtual Memory Capacity^#1	The total amount of virtual memory.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#1:

The virtual memory capacity is the sum of the available physical memory and the total size of the page files.

#2:

For managed device whose physical memory and memory slot association information does not exist, these information cannot be collected. The association information of physical memory and memory slot can be checked using the following Windows PowerShell command. If the association information of physical memory and memory slot does not exist, no result is outputted by the command.

Get-WMIObject -class Win32_PhysicalMemoryLocation

In order to collect these information, please set the following registry in the managed device:

Key name	For 32-bit OS: HKLM\SOFTWARE\HITACHI\JP1/IT Desktop Management - Agent For 64-bit OS: HKLM\SOFTWARE\Wow6432Node\HITACHI\JP1/IT Desktop Management - Agent
Value name	JdngGetAllUseMemoryInfo
Type	REG_SZ
Data	1

When the registry is set, memory details such as video memory is also acquired in addition to physical memory.

#3

Can acquire up to a maximum of 127 items.

Hard Disk Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Hard Disk Details	The number of hard disk drives.	Y	Y*^#6	Y	Y	N	N	N	Y
Disk names (Total Volume/Interface)^#1	When there is more than one hard disk, the following information is collected for each disk: Hard Disk Model The model name of the hard disk drive. Total Volume The capacity of the hard disk. This item shows the total capacity regardless of how the drive is partitioned. Interface The interface of the hard disk drive, such as IDE or SCSI.	Y	Y*^#6	Y	Y^#2	N	N	Y^#3	Y
Drive (Free/Total/File System)^#4	When there is more than one hard disk, the following information is collected for each disk: Free^#5 The amount of free space on the drive. Total^#5 The total capacity of the drive. File System^#5 The name of the file system. The string Locked by BitLocker appears when the system drive is locked by BitLocker.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. Y*: Only AIX, Linux, or Mac OS can be collected. N: Cannot be collected.

Note: Drive information cannot be collected for network drives.

#1: In Windows Server 2019, Windows Server 2016 and Windows Server 2012, if the storage service has been used to create a virtual disk, the information for the virtual disk is obtained as if it is a physical disk.

#2: The Interface item cannot be collected.

#3: Only the Total Volume item can be collected.

#4: For a Windows agent, a drive letter (such as C: and D:) is obtained, For an agent for UNIX or Mac, a mount path is obtained,

#5: In Windows Server 2019, Windows Server 2016, Windows 10, Windows 8.1, Windows 8, Windows Server 2012, Windows 7, and Windows Server 2008 R2, information cannot be collected if BitLocker drive encryption is locked.

#6: Can acquire up to a maximum of 127 items.

CD-ROM Drive Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
CD-ROM Drive Details	The number of CD/DVD drives.	Y	N	Y	N	N	N	N	Y
CD-ROM Drive	The model name of the CD/DVD drive. If there are several CD/DVD drives, this information is collected for each drive.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Removable Drive Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Removable Drive Details	The number of removable drives.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Printer Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Printer Details	The number of printers set up on the computer.	Y	N	Y	N	N	N	N	Y
Printer Name (Type)	If there are several printers, the following information is collected for each printer: Printer Name The name of the printer. Type The printer type.	Y	N	Y	N	N	N	N	Y
Driver	The printer driver. If there are several printers, this item is collected for each printer.	Y	N	Y	N	N	N	N	Y
Shared Name	The shared name of the printer. If there are several printers, this item is collected for each printer.	Y	N	Y	N	N	N	N	Y
Server Name (Port)	If there are several printers, the following items are collected for each printer: Server Name The name of the printer server. Port The printer port.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Video Controller Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Video Controller Details	The number of video drivers.	Y	N	Y	N	N	N	N	Y
Video Chip	The name of the video chipset.	Y	N	Y	N	N	N	N	Y
VRAM Capacity	The amount of VRAM on the video card.	Y	N	Y	N	N	N	N	Y
Video Driver	The name of the video driver.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Sound Card Details

Item	Description	Agent installed			Agentless
Item	Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Sound Card Details	The number of sound card drivers.	Y	N	Y	Y	N	N	N	N	Y
Product Name (Manufacturer)	The name and manufacturer of the sound card.	Y	N	Y^#	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#: Only the name of the sound card can be collected.

Network Adapter Details

Item	Description	Agent installed	Agentless
Item	Description	Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Network Adapter Details	The number of network adapters.	Y	Y	Y	N	N	N	Y
Network Adapter	The name of the network adapter.	Y	Y	Y	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Monitor Details

Item	Description	Agent installed			Agentless
Item	Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Monitor Details	The number of monitors.	Y	N	Y	Y	N	N	N	N	Y
Monitor	The name of the monitor.	Y	N	Y	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Keyboard Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Keyboard Details	The number of keyboards.	Y	N	Y	Y	N	N	N	Y
Keyboard	The name of the keyboard.	Y	N	Y	Y	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Mouse Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Mouse Details	The number of mouse.	Y	N	Y	Y	N	N	N	Y
Mouse	The name of the mouse.	Y	N	Y	Y	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(5) Installed software information

This section describes the information you can collect about installed software. Installed software information consists of the following:

When using SNMP authentication, the device information that can be collected depends on the SNMP agent installed on the computer. This means that some device information might not be collected.

In the case of a Windows agent

Software listed in Programs and Features

Information about the software registered in the Programs and Features section of the Windows Control Panel.

Important

If both of the following conditions exist, uninstall the software, and then delete the user account. If you delete the user account before the software is uninstalled, the relevant software information will remain as installed software information for JP1/IT Desktop Management 2.

- Software that appears only in the Programs and Features section of the Windows Control Panel is installed on the user's computer.

- You want to delete the user account used to install the software that meets the above condition.

Important

In Windows, you cannot delete the following information about Store apps installed on a computer. Therefore, the following information about Store apps will be detected and the apps will be recognized as installed software, even if the app itself does not appear in Programs and Features or Apps & features of Windows:

- Information about Microsoft Store system apps

- Information about installed Microsoft Store apps

- Information about Microsoft Store apps for which provisioning has been performed

Software registered in Software Search Conditions

Information about software that is not registered in the Programs and Features section of the Windows Control Panel. By setting search conditions in the Software Search Conditions view of the Settings module, you can search for and collect information about executable files (with the extention exe, for example) on the computer.

Installed OS

Information about the OS installed on the computer.

For details about software search conditions, see (11) Defining search conditions for software information.

In the case of an agent for UNIX

The software information that can be collected depends on how the search is performed:

When Software installed by remote install is searched: Information on the software installed by JP1/IT Desktop Manager 2. This includes Hitachi program products and UAP.
When All software is searched: Information on the Hitachi program products (other than software installed by JP1/IT Desktop Manager 2), third party software, OS patch information, and the search result based on a search list. A search list can be used to search for information on any software that you set as a search target.

For details on the software information that can be collected for agents for UNIX, see the JP1/IT Desktop Management 2 - Agent Description and User's Guide (For UNIX Systems).

For details on the management of system information and software information for UNIX agents, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

In the case of an agent for Mac

This applies to applications that are installed in a Mac OS and for which All software can be selected as a search method. By using a search list, you can find information about any software that you set as the search target. For details about how to manage the system information and software information of a Mac agent, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

Software listed in Programs and Features, and Windows Store app

Item	Description	Windows Agent installed	Agentless
Item	Description	Windows Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Software Name	The name of the installed software. If Windows Updates are registered in groups, the name of the group is displayed.	Y	Y	N	N	N	N	Y
Version^#	The version of the installed software.	Y	Y	N	N	N	N	Y
Software Vendor	The vendor of the installed software.	Y	Y	N	N	N	N	Y
Support URL	The URL of the support page for the installed software.	Y	Y	N	N	N	N	Y
Purchasing Status	The manner in which the software is licensed. Volume license version or Full-product version appears as the purchasing status.	Y*	Y*	N	N	N	N	N
Product ID	The product ID of Microsoft Office installed on the computer. This item appears in the Software List view of the Inventory module if the purchasing status is `Volume license version`. The last five digits are replaced with asterisks in the Software List.	Y*	Y*	N	N	N	N	N
GUID	The globally unique identifier (GUID) of the installed software.	Y*	Y*	N	N	N	N	N
Software type	The type the installed software based on the information in the software dictionary. When the information in the software dictionary is offline-updated, information such as commercial software and freeware is displayed. In a multi-server configuration, the software type is not reported to the higher management server. This information is collected by each management server.	Y	Y	N	N	N	N	N
Installation Date	The date on which the software was installed.	Y	Y	N	N	N	N	Y
Installation Folder	The installation path of the software.	Y	Y	N	N	N	N	Y
Windows Store app	Information indicating whether the target software is a Windows Store app.	Y	N	N	N	N	N	Y

Legend: Y: Can be collected. Y*: Only collected for some software. N: Cannot be collected.

Note: For a software program that appears only in Programs and Features of the user who installed the software program, its information can be collected while the user is logged in.

#: If the software is a JP1 product, version is collected in the format of the JP1 product. However, for the case of JP1/TELstaff, JP1/VERITAS, and JP1/HIBUN, or when the managed node is agentless, the version displayed in Programs and Features is collected.

Y* in the legend above means that the information can be collected only for the following Microsoft Office products:

Japanese versions of Microsoft Office products

Software Name	Edition
Microsoft Office	Microsoft Office Enterprise 2007^#1
	Microsoft Office Home and Business 2010^#2
	Microsoft Office Personal Edition 2003^#2
	Microsoft Office Professional Edition 2003^#2
	Microsoft Office Professional Enterprise Edition 2003^#1
	Microsoft Office Professional 2007
	Microsoft Office Professional 2010^#2
	Microsoft Office Professional Plus 2007^#1
	Microsoft Office Professional Plus 2010^#1
	Microsoft Office Professional Plus 2013^#1,#3
	Microsoft Office Professional Plus 2016^{#1, #3}
	Microsoft Office Standard Edition 2003
	Microsoft Office Standard 2007
	Microsoft Office Standard 2010^#1
	Microsoft Office Standard 2013^{#1, #3}
	Microsoft Office Standard 2016^{#1, #3}
	Microsoft Office Ultimate 2007^#2
Microsoft Lync	Microsoft Lync 2010^#1
Microsoft Lync	Microsoft Lync 2013^{#1, #3}
Microsoft Skype for Business	Microsoft Skype for Business 2016^{#1, #3}
Microsoft Office Access	Microsoft Office Access 2003^#4
	Microsoft Office Access 2007
	Microsoft Access 2010
	Microsoft Access 2013^{#1, #3}
	Microsoft Access 2016^{#1, #3}
Microsoft Office Excel	Microsoft Office Excel 2003^#4
	Microsoft Office Excel 2007
	Microsoft Excel 2010
	Microsoft Excel 2013^{#1, #3}
	Microsoft Excel 2016^{#1, #3}
Microsoft Office FrontPage	Microsoft Office FrontPage 2003
Microsoft Office Groove	Microsoft Office Groove 2007
Microsoft Office InfoPath	Microsoft Office InfoPath 2007
	Microsoft InfoPath 2010
	Microsoft InfoPath 2013^{#1, #3}
Microsoft Office InterConnect	Microsoft Office InterConnect 2007
Microsoft Office OneNote	Microsoft Office OneNote 2007
	Microsoft OneNote 2010
	Microsoft OneNote 2013^{#1, #3}
Microsoft Office Outlook	Microsoft Office Outlook 2003^#4
	Microsoft Office Outlook 2007
	Microsoft Outlook 2010
	Microsoft Outlook 2013^{#1, #3}
	Microsoft Outlook 2016^{#1, #3}
Microsoft Office PowerPoint	Microsoft Office PowerPoint 2003^#4
	Microsoft Office PowerPoint 2007
	Microsoft PowerPoint 2010
	Microsoft PowerPoint 2013^{#1, #3}
	Microsoft PowerPoint 2016^{#1, #3}
Microsoft Office Project	Microsoft Office Project Professional 2003
	Microsoft Office Project Professional 2007
	Microsoft Project Professional 2010
	Microsoft Project Professional 2013^#1,#3
	Microsoft Project Professional 2016^{#1, #3}
	Microsoft Office Project Standard 2003
	Microsoft Office Project Standard 2007
	Microsoft Project Standard 2010
	Microsoft Project Standard 2013^#1,#3
	Microsoft Project Standard 2016^{#1, #3}
Microsoft Office Publisher	Microsoft Office Publisher 2003
	Microsoft Office Publisher 2007
	Microsoft Publisher 2010
	Microsoft Publisher 2013^{#1, #3}
	Microsoft Publisher 2016^{#1, #3}
Microsoft Office SharePoint Workspace	Microsoft SharePoint Workspace 2010
Microsoft Office Visio	Microsoft Office Visio 2003 Professional
	Microsoft Office Visio 2003 Standard
	Microsoft Office Visio 2007 Professional
	Microsoft Office Visio 2007 Standard
	Microsoft Visio 2010 Premium
	Microsoft Visio 2010 Professional
	Microsoft Visio 2010 Standard
	Microsoft Visio Professional 2013^#1,#3
	Microsoft Visio Professional 2016^{#1, #3}
	Microsoft Visio Standard 2013^{#1, #3}
	Microsoft Visio Standard 2016^{#1, #3}
Microsoft Office Word	Microsoft Office Word 2003^{#2, #4}
	Microsoft Office Word 2007
	Microsoft Word 2010
	Microsoft Word 2013^{#1, #3}
	Microsoft Word 2016^{#1, #3}

#1: Collected only when the purchasing status is Volume license version.

#2: Collected only when the purchasing status is Full-product version.

#3: The product ID cannot be collected.

#4: The purchasing status cannot be collected.

English versions or Chinese versions of Microsoft Office products

Software Name	Edition
Microsoft Office	Microsoft Office Enterprise 2007
	Microsoft Office Professional 2007
	Microsoft Office Professional Plus 2007
	Microsoft Office Professional Plus 2010
	Microsoft Office Professional Plus 2013^#1,#2
	Microsoft Office Professional Plus 2016^{#1, #2}
	Microsoft Office Standard 2007
	Microsoft Office Standard 2010
	Microsoft Office Standard 2013^{#1, #2}
	Microsoft Office Standard 2016^{#1, #2}
Microsoft Lync	Microsoft Lync 2010
Microsoft Lync	Microsoft Lync 2013^{#1, #2}
Microsoft Skype for Business	Microsoft Skype for Business 2016^{#1, #3}
Microsoft Office Access	Microsoft Office Access 2007
	Microsoft Access 2010
	Microsoft Access 2013^{#1, #2}
	Microsoft Access 2016^{#1, #2}
Microsoft Office Excel	Microsoft Office Excel 2007
	Microsoft Excel 2010
	Microsoft Excel 2013^{#1, #2}
	Microsoft Excel 2016^{#1, #2}
Microsoft Office Groove	Microsoft Office Groove 2007
Microsoft Office InfoPath	Microsoft Office InfoPath 2007
	Microsoft InfoPath 2010
	Microsoft InfoPath 2013^{#1, #2}
Microsoft Office OneNote	Microsoft Office OneNote 2007
	Microsoft OneNote 2010
	Microsoft OneNote 2013^{#1, #2}
Microsoft Office Outlook	Microsoft Office Outlook 2007
	Microsoft Outlook 2010
	Microsoft Outlook 2013^{#1, #2}
	Microsoft Outlook 2016^{#1, #2}
Microsoft Office PowerPoint	Microsoft Office PowerPoint 2007
	Microsoft PowerPoint 2010
	Microsoft PowerPoint 2013^{#1, #2}
	Microsoft PowerPoint 2016^{#1, #2}
Microsoft Office Project	Microsoft Office Project Professional 2007
	Microsoft Project Professional 2010
	Microsoft Project Professional 2013^#1,#2
	Microsoft Project Professional 2016^{#1, #2}
	Microsoft Office Project Standard 2007
	Microsoft Project Standard 2010
	Microsoft Project Standard 2013^#1,#2
	Microsoft Project Standard 2016^{#1, #2}
Microsoft Office Publisher	Microsoft Office Publisher 2007
	Microsoft Publisher 2010
	Microsoft Publisher 2013^{#1, #2}
	Microsoft Publisher 2016^{#1, #2}
Microsoft Office SharePoint Workspace	Microsoft SharePoint Workspace 2010
Microsoft Office Visio	Microsoft Office Visio 2007 Professional
	Microsoft Office Visio 2007 Standard
	Microsoft Visio 2010 Premium
	Microsoft Visio 2010 Professional
	Microsoft Visio 2010 Standard
	Microsoft Visio Professional 2013^#1,#2
	Microsoft Visio Professional 2016^{#1, #2}
	Microsoft Visio Standard 2013^{#1, #2}
	Microsoft Visio Standard 2016^{#1, #2}
Microsoft Office Word	Microsoft Office Word 2007
	Microsoft Word 2010
	Microsoft Word 2013^{#1, #2}
	Microsoft Word 2016^{#1, #2}

#1: Collected only when the purchasing status is Volume license version.

#2: The product ID cannot be collected.

Software registered in the Software Search Conditions view

Item	Description	Windows Agent installed	Agentless
Item	Description	Windows Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Software Name	The name of the installed software. If Windows Updates have been registered in groups, the name of the group is displayed.	Y	N	N	N	N	N	N
Version	The version of the installed software.	Y	N	N	N	N	N	N
Software Vendor	The vendor of the installed software.	Y	N	N	N	N	N	N
Software Installation Date	The date on which the software was installed.	Y	N	N	N	N	N	N
Installation Folder	The installation path of the software.	Y	N	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Installed OS

Item	Description	Windows Agent installed	Agentless
Item	Description	Windows Agent installed	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Software Name	The name of the installed software.	Y	Y	N	N	N	N	Y
Version	The version of the installed software.	Y	Y	N	N	N	N	Y
Software Vendor	The vendor of the installed software.	Y	Y	N	N	N	N	Y
Installation Date	The date on which the software was installed.	Y	Y	N	N	N	N	Y
Installation Folder	The installation path of the software.	Y	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(6) Security information

This section describes the information you can collect about a device's security. Security information consists of the following:

Windows Update Details
Antivirus Software Details
Windows Service Details
OS Security Details
Hibun Details
BitLocker Drive Encryption Details

When using SNMP authentication, the device information that can be collected depends on the SNMP agent installed on the computer. This means that some device information might not be collected.

Windows Update Details

Item	Description	Agent installed			Agentless
Item	Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Automatic update^#1	Information indicating whether the automatic update feature is enabled.	Y	N	Y	Y	N	N	N	N	Y
Installed Updates^#2	The number of installed updates.	Y	N	N	Y	N	N	N	N	Y
Article ID (Installation Date)^#3	The name of the Windows update and the date when the update was installed.	Y	N	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#1: For Windows, Collected when the Workstation service of the OS is running.

Note that for Windows, automatic update is displayed as enabled when all of the following conditions are true:

In Control Panel - Windows Update - Change settings, Important updates is set to Install updates automatically.
The Windows Update service is running. For agents whose operating systems are Windows 10, Windows Server 2019, or Windows Server 2016, the startup type of the Windows Update service is Automatic or Manual.

#2: When an installed program update is deleted, the information remains unupdated for up to three intervals of security monitoring. This is for preventing a false error when the information of the program update is unavailable just temporarily.

When the information of all installed program updates is no longer available, which was available previously, the system determines that the information collection failed and does not delete the collected information of the installed program updates.

#3 A hyphen (-) is displayed if information about the installation date could not be acquired.

Antivirus Software Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Software Name	The name of the antivirus product.	Y	N	Y	N	N	N	N	N
Version	The version of the antivirus product.	Y	N	Y	N	N	N	N	N
Installation Date	The date on which the antivirus product was installed.	Y*	N	Y*	N	N	N	N	N
Scan Engine Version	The scan engine version of the antivirus software.	Y*	N	Y*	N	N	N	N	N
Virus Definition File Version	The version (date) of the definition file used by the antivirus product.	Y*	N	Y*	N	N	N	N	N
Auto Protect	The auto-protect setting (resident or non-resident) of the antivirus product.	Y*	N	Y*	N	N	N	N	N
Last Scanned Date/Time	The date and time when the computer was last scanned for viruses.	Y*	N	Y*	N	N	N	N	N

Legend: Y: Can be collected. Y*: Can be collected for some products. N: Cannot be collected.

For details about the antivirus software information you can collect, see (14) Supported anti-virus products.

Windows Service Details

Item	Description	Agent installed^#		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Windows Service Details	The display name of an active Windows service that is prohibited by a security policy.	Y	N	N	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: This information is collected when the Workstation service is running on the OS. This function can manage up to 30 services.

#: Only collected from online-managed computers.

OS Security Details

Item		Description	Agent installed			Agentless
Item		Description	Windows	UNIX	Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Account Details^#1	Account Name	The name of a local account. Account details are collected for each account name.	Y	N	Y	Y	N	N	N	N	Y
	Days Since Last Password Change	The number of days since the account password was last changed. For accounts that are disabled or expired or whose password must be changed at the next logon, the number of days since the last password change is not collected.	Y	N	Y	Y	N	N	N	N	Y
	Password Strength^#2	The strength of the password. You can use the password definition file (jdng_security.xml) of the agent to set conditions for weak passwords. For details, see the description on customizing conditions for weak passwords in the JP1/IT Desktop Management 2 Configuration Guide.	Y	N	N	Y	N	N	N	N	Y
	Password Never Expires	Whether the password is configured to never expire.	Y	N	N	Y	N	N	N	N	Y
Power On Password^#3		Whether the computer has a power-on password.	Y	N	N	Y	N	N	N	N	Y
Guest Account		Whether or not a Guest account is configured on the computer.	Y	N	Y	Y	N	N	N	N	Y
Auto Logon		Whether automatic logon is enabled.	Y	N	Y	Y	N	N	N	N	Y
Shared Folder		Whether a shared folder is set up on the computer.	Y	N	N	Y	N	N	N	N	Y
Administrative share		Whether administrative shares are enabled.	Y	N	N	Y	N	N	N	N	Y
DCOM		Whether DCOM is enabled on the computer.	Y	N	N	Y	N	N	N	N	Y
Anonymous Access		Whether information can be collected by anonymous access.	Y	N	N	Y	N	N	N	N	Y
Screen Saver Details^#4	Account Name	The name of the Windows local account. Screen Saver Details are collected for each account name.	Y	N	N	Y^#5	N	N	N	N	Y
	Screen Saver Settings	Whether a screen saver is enabled.	Y	N	N	Y^#5	N	N	N	N	Y
	Password	Whether the screen saver is password-protected.	Y	N	Y^#6	Y^#5	N	N	N	N	Y
	Startup Time	The length of time before the screen saver activates.	Y	N	N	Y^#5	N	N	N	N	Y
Firewall		Whether the Firewall is enabled.	Y	N	Y	Y	N	N	N	N	Y
Remote Desktop		Whether the remote desktop feature is enabled.	Y	N	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

Note: For Windows, this information is collected when the Workstation service of the OS is running.

#1 This function can manage the account information of up to 60 users.

For domain accounts, the password information might not be collected.

In addition, the target for the maximum number of users for account information is the number of users for which information of an account name and a password is collected.

#2: The following passwords are considered to have low strength:

Blank passwords
Passwords that match the account name exactly
A password that is the same character string as the account name, and consists of only upper case letters, only lower case letters, or has only the first letter capitalized.
A password that is the same character string as the computer name, and consists of only upper case letters, only lower case letters, or has only the first letter capitalized.
password, PASSWORD, or Password
admin, ADMIN, or Admin
administrator, ADMINISTRATOR, or Administrator

JP1/IT Desktop Management 2 for user accounts that are disabled, expired, or locked or whose password must be changed at the next logon, the strength of the password is not evaluated. When an account has a weak password, the last modified date/time of the password changes when its security is assessed. However, the password itself is left unchanged.

For Windows, if the Local Security Policy administrative tool (local environment, domain environment) is configured to enable Audit account management under Local Policies - Audit Policy, multiple event log might be recorded when the inventory is acquired.

#3 Power On Password represents the information set in Power-On Password in the BIOS. It is not a hard disk password. For some models, the information of power-on password cannot be collected and thus Unimplemented or Unknown can be displayed.

#4 The screen saver information of a logged-in user is collected and retained for 30 days since the last login. This function can manage the screen saver information of up to 60 users.

#5: When using an administrative share to collect device information, the system only collects information for the user who is logged on to Windows at the time of collection.

#6 For Mac OS, the judgement results indicate the results for all user accounts, instead of for each user account.

Hibun Details

Item		Description	Agent installed		Agentless
Item		Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Product Name		The full name of the installed product^#1.	Y	N	N	N	N	N	N	N
Version		The version of the installed software.	Y	N	N	N	N	N	N	N
Patch Version		Information about the patches applied to the installed software.	Y	N	N	N	N	N	N	N
Login User ID		The user ID of the last user who logged in to the Hibun product.	Y^#2	N	N	N	N	N	N	N
Last Login Date/Time		The time when a user last logged in to the Hibun product.	Y^#2	N	N	N	N	N	N	N
Last Logout Date/Time		The time when a user last logged out from the Hibun product.	Y^#2	N	N	N	N	N	N	N
Hibun DE (FS) Login Details	Login User ID	The user ID of the last user who logged in to the Hibun file server.	Y^#3	N	N	N	N	N	N	N
	Last Login Date/Time	The time when a user last logged in to the Hibun file server.	Y^#3	N	N	N	N	N	N	N
	Last Logout Date/Time	The time when a user last logged out from the Hibun file server.	Y^#3	N	N	N	N	N	N	N
Drive		The local drive.	Y^{#2, #4}	N	N	N	N	N	N	N
Encryption Status		The encryption status of the drive.	Y^{#2, #4}	N	N	N	N	N	N	N

Legend: Y: Can be collected. N: Cannot be collected.

Note: The information in this table can be collected when the managed computer is running version 09-00 or later of the Hibun product.

#1: From version 10 and later, each pair of the following Hibun products (up to version 9) is considered to be the same:

JP1/Hibun IC and Hibun IC
JP1/Hibun IF and Hibun IF
JP1/Hibun IF Mail Option and Hibun IF Mail Option
JP1/Hibun IS and Hibun IS

#2: Not displayed for JP1/Hibun IF Mail Option, Hibun IF Mail Option, or Hibun DP.

#3: Displayed for Hibun DE.

#4: Displayed for JP1/Hibun IC, Hibun IC, and Hibun DE.

BitLocker Drive Encryption Details

Item	Description	Agent installed		Agentless
Item	Description	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Encryption Status	The encryption status of the drive.	Y	N	Y	N	N	N	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

To Page Top

(7) Shared management items for asset information and device information

Item	Description	Input method/data type (default)	Agent installed		Agentless
Item	Description	Input method/data type (default)	Windows	UNIX or Mac OS	Administrative share	SNMP	ARP/ICMP	Active Directory	MDM	API
Department	The department where the user of the computer works.	Entry by adminstrator/Hierarchy	Y	N	N	N	N	Y	N	Y
Location	The physical location of the computer.	Entry by adminstrator/Hierarchy	Y	N	N	Y^#	N	Y	N	Y
User Name	The name of the computer user.	Entry by administrator/Text	Y	N	N	N	N	Y	N	Y
Account	The account of the computer user.	Entry by administrator/Text	Y	N	N	N	N	Y	N	Y
E-mail	The E-mail address of the computer user.	Entry by administrator/Text	Y	N	N	N	N	Y	N	Y
Phone	The telephone number of the computer user.	Entry by administrator/Text	Y	N	N	N	N	Y	N	Y

Legend: Y: Can be collected. N: Cannot be collected.

#: Collected when location information is set in the SNMP agent.

To Page Top

(8) Criteria for device statuses

Device status	Criteria
Running	The current time is within 10 minutes of the last confirmation time plus the polling interval.
Stop	This status appears in situations like the following: The current time is more than 10 minutes after the last confirmation time plus the polling interval. Device information was collected for an offline-managed computer for the first time.^#1
Warning	This status appears in situations like the following: The current time is more than 10 minutes after the last confirmation time plus the polling interval, and network monitor is enabled on the agent. Device information was collected for the first time for an offline-managed computer with the network monitor enabled.^#2 The system fails to negotiate authentication with an agentless computer. SNMP reports that a printer device is in Warning status (for example, toner is low).
Critical	SNMP reports that a printer device is unusable (for example, the printer is out of paper).
Unknown	This status appears in situations like the following: Information about the device status could not be collected. Device information was collected for the first time for an offline-managed computer.^#1
Management by Management Server Under the Local Server	This device is in a multi-server configuration and is not placed directly under the server,

Note:

A computer with the network monitor agent installed might report several device statuses. In this case, the device status displayed in the modules is determined as follows:

The most severe status is displayed. In order of severity, the statuses are Critical, Warning, Stop, Running, and Unknown.
If the reported statuses have the same severity level, the device status reported for the most important system component is shown. The agent is the most important, followed by the network monitor agent.

#1

If ON is set for the OfflineRegistration_StatusUnknown property in the configuration file (jdn_manager_config.conf), the device status will be Unknown. In all other cases, the status will be Stop.

When device information is collected for the second or a subsequent time, the previous device status is retained. However, if ON is set for the OfflineRegistration_StatusUnknown property in the configuration file (jdn_manager_config.conf), the device status will be Unknown.

#2

Thereafter, the device retains its previous status.

To Page Top

(9) Timing of device information collection

Device information is collected from online management agents according to a regular schedule determined by the monitoring interval in the agent configurations. When an online management agent detects that device information has changed, it reports the device information to the management server. No information is reported if the device information is unchanged.

The following table lists the device information reported to the management server.

Detected item		Reported information	Monitoring interval
Host ID		All device information^#1	Monitoring Interval (Others) (min)
Connection-target management server		All device information^#2	Monitoring Interval (Others) (min)
System information		All information for detected items	Monitoring Interval (Others) (min)^#3
Hardware information		All information for detected items	Monitoring Interval (Others) (min)
Installed software information		Information about additions, deletions, and changes among detected items	Monitoring Interval (Security) (min)^#4
Security information	Automatic update	All information for detected items	Monitoring Interval (Security) (min)
	Anti-virus product information	All information for detected items	Monitoring Interval (Security) (min)
	Service security settings	All information for detected items	Monitoring Interval (Security) (min)
	OS security settings	All information for detected items	Monitoring Interval (Security) (min)
Hibun information		All information for detected items	Monitoring Interval (Others) (min)
BitLocker drive encryption information		All information for detected items	Monitoring Interval (Others) (min)
Common management items	Entered by user	All device information for detected items	When the user finishes entering
Added management items	Entered by user	All device information for detected items	When the user finishes entering

#1: If a host ID is changed, the agent determines that the device on which it is installed has changed, and reports a full set of device information.

#2: When the connection-target management server changes, the agent reports a full set of information to the new connection-target management server. Any instructions received from the previous connection target are retained.

#3: The Free Space attribute of the System Drive item in the computer information is collected once every 24 hours.

#4: Changes to the software information discovered in a software search are detected once every 24 hours.

To Page Top

(10) Collecting software information

JP1/IT Desktop Management 2 also collects software information when it collects device information from the computers it manages. You can view software information arranged by product name and version in the Software Inventory view of the Inventory module. If the agent is an agent for UNIX or Mac, you can also collect software information by executing the Get software information from computer (UNIX) job in addition to the notification automatically issued when the software becomes the management target.

Tip

An event is generated whenever software is added to a managed computer. By configuring email notification, you can have the administrator notified by email when software is added.

When software that is not registered in JP1/IT Desktop Management 2 is found on a managed computer, its discovery is reported in the Topic panel of the Home module. You can view a list of newly discovered software in the New Software panel of the Dashboard view in the Overview view of the Inventory module. You can also display the New Software panel in the Home module by selecting Panel Layout in the View menu at the top of the module.

Tip: The software programs in Software List (which you can display from Software Inventory of the Inventory module) are displayed by obtaining software information from the computer on which agents are installed. Note that Installation Software Total in Software List indicates the number of management-target computers. As such, software information is obtained from the detected devices and exclusion-target devices but is not included in Installation Software Total.

There are following types of software. For details about the items that can be collected for each type, see (5) Installed software information.

In the case of a Windows agent

Software registered in Programs and Features

Information about the software registered in the Programs and Features section of the Windows Control Panel. This information is collected from computers with the agent installed, and from agentless computers using authentication to administrative shares.

Software registered in Software Search Conditions

Information about software not listed in the Programs and Features section of the Windows Control Panel. You can specify these conditions in the Software Search Conditions view of the Settings module. JP1/IT Desktop Management 2 uses these conditions to find and collect information about executable files (such as exe files) on computers that have the agent program installed.

A search for software is conducted when the computer starts, and every 24 hours thereafter. The agent searches every local drive on the computer for software, and collects information about software that matches the software search conditions. If you want to collect software information at any time, execute the softwaresearch command. For details about the softwaresearch command, see the manual JP1/IT Desktop Management 2 Administration Guide.

Operating system information

Information about the operating system installed on a computer. This information can be collected from computers with the agent program installed, and from agentless computers using authentication to administrative shares.

Important: Agent and Agentless computers (with Windows 7) cannot collect information about the software that is installed on Windows XP Mode.

In the case of an agent for UNIX

The software information that can be collected depends on how the search is performed:

Software installed by remote install: Information on the software installed by JP1/IT Desktop Manager 2. This includes Hitachi program products and UAP.
All software: Information on the Hitachi program products (other than software installed by JP1/IT Desktop Manager 2), third party software, OS patch information, and the search result based on a search list. A search list can be used to search for information on any software that you set as a search target.

For details on software information collection for an agent for UNIX, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

In the case of an agent for Mac

This applies to applications that are installed in a Mac OS and for which All software can be selected as a search method. By using a search list, you can find information about any software that you set as the search target. For details about how to collect software information from a Mac agent, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

Setting software search conditions

As software search conditions, specify the executable file names you want to find.

You cannot create multiple software search conditions with the same execution file name. In a multi-server configuration, search conditions can overlap with those in other management servers.

If software that matches the search conditions is also present in the Programs and Features section of the Windows Control Panel, software information found by the search is not registered for that item.

If the search finds software with the same file name in different folders, information is collected for each piece of software, and several sets of software information are registered for software with the same name. You can distinguish between each piece of software by its installation path.

If a software program matches multiple search conditions, the information on the software program is obtained as separate software programs.

You can define software search conditions directly from the Settings module, or you can import conditions as a list. The search conditions you define apply to all computers with the agent installed. You cannot define separate sets of software search conditions for individual computers. For details about how to set software search conditions, see (11) Defining search conditions for software information.

Displaying computers with software installed

After collecting software information from managed computers, you can view a list of computers with a particular piece of software installed. This list appears on the Installed Computers tab of the Software Inventory view.

The following table lists the items shown on the Installed Computers tab.

Item	Description
Host Name	The host name of the managed computer with the software installed.
Manufacturer	The manufacturer of the computer with the software installed.
IP Address	The IP address of the computer with the software installed.
OS	The OS on the computer with the software installed.
User Name	The name of the user of the computer with the software installed.
Registered Date/Time	The date and time when the computer with the software installed was registered.
Installation Date	The date and time when the software was installed on the managed computer.

Acquiring software information from an agent for UNIX or Mac based on a search list

To search for software installed in an agent for UNIX or Mac with a search list, create a Get software information from computer (UNIX) job with All software set as search target software. Either the software search list stored in the manager or software search list stored in the agent is used.

Search list that exists in the agent

A search list saved in the agent when you searched for software using a search list last time.
User-specified search list

A search list saved in the manager where you can register any software you want to search for. You can create multiple search lists, for example, by the range of agents for UNIX or Mac, or by OS of the agent for UNIX or Mac to be searched for.

For how to create a user-specified search list, see the JP1/IT Desktop Management 2 Distribution Function Administration Guide.

Notes on Windows Store apps

Agent computers collect information about Windows Store apps that are installed in initial state of the OS.
- Some Windows store apps that are installed in initial state of the OS are not displayed on the Windows Start menu or tile. But JP1/IT Desktop Management 2 collects those information.
- Even if you uninstall Windows store apps that are installed in initial state of the OS, JP1/IT Desktop Management 2 collects the information.
In the same machine, even if one user updates Windows store apps, in the case that the other user does not update it, JP1/IT Desktop Management 2 collects information before and after update.
The software name of Windows Store apps displayed on JP1/IT Desktop Management 2 may not be the same as the name displayed on the Windows Start menu or tile. When you manage asset or perform security judgment of Windows Store apps, register the name of the Windows Store apps that is displayed on JP1/IT Desktop Management 2 - Manager.
The software name of Windows Store apps may change depending on language settings in the OS. When you manage asset or perform security judgment of Windows Store apps, register a proper name of the Windows Store apps.

To Page Top

(11) Defining search conditions for software information

By collecting software information from managed computers, you can see how software licenses are being used, monitor whether prohibited software and mandatory software are installed in keeping with a security policy, and gain a clear understanding of what software is installed on the computers in your organization.

The process for collecting software information depends on the type of software, as follows:

Software and Windows Store apps registered in the Programs and Features section of the Windows Control Panel: Software information is collected automatically from computers with the agent installed, and from agentless computers that support authentication by administrative shares.
Software not registered in the Programs and Features section of the Windows Control Panel: You can collect software information from computers with the agent installed by defining software search conditions.

By defining software search conditions, you can search computers for software that matches the conditions, and collect software information for discovered software. A search is conducted when the computer starts, and every 24 hours thereafter.

You can edit software search conditions when software is renamed or upgraded and its parameters change.

You can update several software search conditions at once by exporting, editing, and then importing the conditions. In a multi-server configuration, the search conditions applied by the higher management server are excluded from the export operation.

You can delete the software search conditions associated with software that no longer needs managing.

To Page Top

(12) Collecting user information

You can collect user information from computers with the agent installed by displaying an input window in which the user can enter the required information. This allows you to collect information like department names and asset numbers that JP1/IT Desktop Management 2 cannot collect automatically, which reduces the administrator's workload in data entry.

There are two types of user information you can collect:

Shared management items for asset information and device information: Information common to device information and hardware asset information.
Added management items for hardware asset information: Custom asset management items added to hardware asset information by an administrator.

You can use the Settings module to specify the date and time to allow users to start entering user information. If you specify the date and time, user information cannot be entered until the specified date and time is reached. When the local time of a user's computer reaches the specified date and time, a balloon tip appears and user information can be entered. Whether to display balloon tips can be selected in the User notification settings view for the agent configuration.

You can also set a schedule to collect user information on a regular basis from online-managed computers with the agent installed.

To Page Top

(13) Collecting registry information

You can collect registry information for computers as shared management items for hardware asset and device information, and as added management items for hardware asset information. By collecting registry information, you can use JP1/IT Desktop Management 2 to manage information specific to users and proprietary information defined by applications. Registry information can only be acquired from computers with the agent installed.

To collect registry information, you need to change the data source for the relevant items in the Asset Field Definitions view of the Settings module.

You must specify the root key and path of the registry entries that you want to collect. You can specify the following root keys:

HKEY_CURRENT_USER^#
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_CONFIG

#: When you specify a registry value under the HKEY_CURRENT_USER root key, the value is for the user who initiated the console session.

The formats of registry values are converted according to their data type. The following table shows how registry values of each data type are collected.

Data type	Collection method
REG_SZ, REG_EXPAND_SZ	The character string is not converted.
REG_MULTI_SZ	Information is collected in the form of several character strings connected by commas (,). For example: xxx,yyy,zzz
REG_DWORD^#1	The numerical value is collected as a decimal character string.
REG_BINARY, REG_QWORD^#2	Each byte of the binary value is converted to a hexadecimal character string, and the resulting strings are connected by spaces. For example: xx yy zz

#1: Not collected when the data type is REG_DWORD_BIG_ENDIAN.

To Page Top

(14) Updating device information

The device information on the management server is updated based on the information collected from managed computers.

The relative priority of device information depends on how the information is collected. For example, because device information for a computer with the agent installed is updated with information supplied by the agent, device information is not updated using information supplied by SNMP. The order of priority when updating device information is as follows:

Device information collected by the agent^#1
Device information collected via a Windows administrative share
Device information collected via the API^#3
Device information collected by SNMP
Device information collected from Active Directory
Device information collected by MDM linkage
Device information collected by ARP
Device information collected by ICMP (limited to confirming device presence)
Device information entered by an administrator^#2

#1: Includes device information for offline-managed computers (excluding agents for UNIX or Mac) supplied via an online-managed computer.

#2: Information entered by an administrator always takes priority for the Device Type item. In a multi-server configuration, device information might be collected from a device at almost the same time as an administrator manually updates the device information. In this case, the device information might be inconsistent between the management server that manages the device information and the higher management server, and you must manually update the device information again.

#3: You can change the priority for updating device information collected via the API by editing the value set for the RestAPIInventoryUpdatePriorityLow property in the configuration file (jdn_manager_config.conf). For details about the RestAPIInventoryUpdatePriorityLow property, see A.5 Lists of properties.

The factors that determine whether device information is updated are how the new information was collected, and how the information already in the database was collected. The following table shows whether device information is updated for each combination of these factors.

Method of device information collection		Existing information
Method of device information collection		Entered by administrator	Collected from device	Not collected
Entered by administrator		Y^#1	Y	Y
Collected from device	Data collected	Y^#2	Y	Y
	Collected with empty value	N	Y^#3	Y^#3
	Not collected or value unchanged	N	N	N

Legend: Y: Device information is updated. N: Device information is not updated.

#1: An administrator can enter the Host Name, IP Address, Subnet Mask, Operating System, and Device Type items.

#2: Values of Device Type entered by an administrator always take priority, and are not replaced with information collected from a device.

#3: If the Host Name field is collected with an empty value, the device information is updated with the host ID.

Tip: When you collect device information from a device with more than one set of network information, the device information sometimes appears to relate to more than one device. In this case, to ensure that the number of devices is accurately tracked, only the device that matches the first set of network information is updated. Devices that match the other sets of network information are deleted. When this occurs, the date and time of agent deployment is aggregated in the remaining device information.

To Page Top

(15) Information collected when updating device information

The following device information is collected when you update device information manually or as part of a regular search for devices:

Device type
System information
Hardware information
Installed software information
Windows Update information
Anti-virus product information
Service security settings
OS security information
Hibun information
BitLocker drive encryption information
Common Fields (Hardware Assets and Device Inventory)
Custom Fields (Hardware Assets)

To Page Top

(16) Events generated when updating device information

When an update to device information results in particular items being changed, added, or deleted, an event is generated and appears in the Events module.

The following table describes what actions cause events to be generated.

Item of device information		Event	Event trigger
Hardware information	Memory capacity	Changed	The new data differs from the existing data.
Hard disk	The following items of hard disk information: Disk name Capacity Interface	Added	No part of the existing data exactly matches the new data.
Hard disk		Deleted	No part of the new data exactly matches the existing data.
Installed software information	Software name	Added	No part of the existing data exactly matches the new data, with the exception of Windows Update information.
	Software name	Deleted	No part of the new data exactly matches the existing data, with the exception of Windows Update information.
	Version	Changed	When data for a given Software Name differs in the new and existing data, with the exception of Windows Update information.
Security information	Automatic update	Changed	The new data differs from the existing data.
	Service security settings	Added	The new data is not found in the existing data.
	Service security settings	Deleted	The existing data is not found in the new data.
	Account name in OS security settings	Added	The new data is not found in the existing data.
	Account name in OS security settings	Deleted	The existing data is not found in the new data.
	The following items for an account name in OS security settings: Days since last password change Password strength Password never expires	Changed	The value of any of these items for a given account name differs in the existing and new data.
	Power on password in OS security settings	Changed	The new data differs from the existing data.
	Guest account in OS security settings	Changed	The new data differs from the existing data.
	Auto logon in OS security settings	Changed	The new data differs from the existing data.
	Shared folder in OS security settings	Changed	The new data differs from the existing data.
	Administrative share in OS security settings	Changed	The new data differs from the existing data.
	DCOM in OS security settings	Changed	The new data differs from the existing data.
	Anonymous access in OS security settings	Changed	The new data differs from the existing data.
	The following items of screen saver information in the OS security settings Screen saver Password Startup time	Changed	The value of any of these items differs in the existing and new data.
	Firewall in OS security settings	Changed	The new data differs from the existing data.
	Remote desktop in OS security settings	Changed	The new data differs from the existing data.

To Page Top

(17) Collecting the device revision history

Users in an organization might change the computer configuration by, for example, inserting and removing a memory card, or installing or uninstalling software. It is not easy for the system administrator to find problems that are caused by changes, such as the theft of a memory card, or installation of software not permitted in the organization.

If information for devices managed by JP1/IT Desktop Management 2 changes, information before and after the change can be collected in the revision history. The revision history allows you to check only the device information that has changed, helping you find problematic changes easily. Check the revision history on a regular basis to confirm that no suspicious changes have been made.

To collect the revision history of a device, you must specify the collection of revision history in the Settings module on the management server that manages the device.

Process for collecting the revision history

If device information changed, the new device information is saved in the database. The new device information is compared with the old one at 0:00 everyday, and any differences are collected as the revision history for the day.

How to check the revision history

You can use the following two methods to check the collected revision history.

Checking the revision history displayed in the operation window: The Revision History view of the Inventory module allows you to check the latest revision history. This view displays a maximum of 600,000 entries in the revision history. If the number of entries exceeds 600,000, the oldest information is overwritten by the latest information.
Checking the revision history archive output to a CSV file: You can output the revision history archive to a CSV file. The output revision history archive allows you to retain information about the changes even if the revision history contains more than 600,000 entries. To output the revision history archive, you must specify the output settings during the setup.

Important: If you delete device information, the host name of the deleted device is not displayed in the Revision History view of the Inventory module. If you need to check the host name of the deleted device, check the revision history archive output to a CSV file.

The following figure shows an overview of collecting and checking the revision history.

[Figure]

To Page Top

(18) Device information which can be collected in revision history and the conditions to detect changes

The following table describes the device information items whose changes can be collected in the revision history, and when JP1/IT Desktop Management 2 detects changes in device information.

Device information item	Changes collected in revision history	Conditions to detect changes
Mode	Changes to the management mode (Discovered, Managed, or Ignored) are collected.	The management mode is changed as follows: Discovered is changed to Managed. Managed is changed to Ignored. Ignored is changed to Managed. Device information indicated as Managed is deleted.
Management Type	Changes to the following management types are collected: Agent Management Agentless Management (Authentication Successful) Agentless Management (Authentication Failed) MDM Linkage Management API Management	The device information has changed since the last time it was collected.
Host Name^#1	Changes to the host name collected as computer information in the system information are collected.	The device information has changed since the last time it was collected. The host was changed in the operation window. Case usage of the case-sensitive host name of an agent for UNIX or Mac is changed.
UUID (Computer Details)	Changes to the UUID collected as computer information in the system information are collected.	The device information has changed since the last time it was collected. Note, however, that changes to only the case of hexadecimal alphabetic letters (A to F or a to f) are ignored.
Total Memory (Computer Details)	Changes to the amount of memory collected as computer information in the system information are collected.	The device information has changed since the last time it was collected.
External Storage Capacity (Smart Device Information)	Changes to the external storage capacity collected as smart device information in the system information are collected.	The device information has changed since the last time it was collected.
IMSI (Smart Device Information)	Changes to the IMSI collected as smart device information in the system information are collected.	The device information has changed since the last time it was collected.
IP Address (Network Details)^{#1, #2, #3}	Changes to an IP address collected in Network Details in the system information are collected.	The device information has changed since the last time it was collected. An IP address has changed in the operation window.
MAC Address (Network Details)^#2	Changes to the MAC address collected in Network Details in the system information are collected.	The device information has changed since the last time it was collected. Note, however, that changes to only the case of hexadecimal alphabetic letters (A to F or a to f) are ignored.
Processor Name (Processor Details)^#2	Changes to the processor collected in Processor Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Disk Name (Hard Disk Details)^#2	Changes to the disk name collected in Hard Disk Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Hard Disk Capacity (Hard Disk Details)^#2	Changes to the hard disk capacity collected in Hard Disk Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Drive Name (CD-ROM Drive Details) ^#2	Changes to the drive name collected in Drive Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Chip (Video Controller Details)^#2	Changes to the video chip collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Chip VRAM Capacity (Video Controller Details)^#2	Changes to the video chip VRAM capacity collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Video Driver (Video Controller Details)^#2	Changes to the video driver collected in Video Controller Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Sound Card Product Name (Sound Card Details) ^#2	Changes to the sound card product name collected in Sound Card Details in the hardware information are collected.	The device information has changed since the last time it was collected.
Installed Software Details	Changes to the following items in Installed Software Details are collected: Software Name Version Product ID	The device information has changed since the last time it was collected.
Department (Common Fields)	Changes to Department, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The department has changed in the operation window. The information is changed by importing a CSV file.
Location (Common Fields)	Changes to Location, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The location has changed in the operation window. The information is changed by importing a CSV file.
User Name (Common Fields)	Changes to User Name, which is a shared management item for asset information and device information, are collected.	The device information has changed since the last time it was collected. The user name has changed in the operation window. The information is changed by importing a CSV file.

#1: For a device that has one or more IP addresses with DHCP enabled, if the host name or an IP address is changed as follows, the changes in step 2 cannot be collected in the revision history.

The system administrator uses the operation window to change the device's host name or IP address for which DHCP is disabled.
After the above change, only the IP addresses for which DHCP is enabled are changed automatically.

In this case, the values of the device information and revision history displayed in the operation window are temporarily inconsistent. When the device information is collected the next day, the revision history is also collected and the values become consistent.

#2: If a device information item has multiple values, changes are collected if at least one value has been added, changed, or deleted. However, changes to only the order of values are not collected. The following table uses an example of Disk Name (Hard Disk Details) that has multiple values to show whether the revision history is collected.

Device information value		Revision history collected?
Before the change	After the change	Revision history collected?
HDDModel1, HDDModel2	HDDModel2, HDDModel3	Y
HDDModel1, HDDModel2	HDDModel1	Y
HDDModel1, HDDModel2	HDDModel1, HDDModel2, HDDModel3	Y
HDDModel1, HDDModel2	HDDModel2, HDDModel1	N

Legend: Y: Collected. N: Not collected.

#3: If DHCP is enabled for both the new and old IP addresses, the revision history is not collected. If DHCP is disabled for either the new or old IP address, the revision history is collected. The DHCP setting cannot be acquired if device information is collected by using SNMP or ICMP. If the DHCP setting cannot be acquired, the IP addresses are compared while DHCP is assumed to be disabled.

To Page Top

(19) Behavior after managed computers are disconnected from the network

If a managed computer loses network connectivity, the system attempts to connect to the computer at the interval specified in the agent configurations as if the computer were still connected to the network.

In this scenario, the management server cannot determine whether the managed computer has disconnected from the network or was switched off. Therefore, an online-managed computer that has disconnected from the network is assumed to have been turned off if a length of time equivalent to the server connection interval plus 10 minutes has elapsed since the last alive confirmation date/time. An agentless device is assumed to be turned off as soon as the management server is unable to collect information from the device.

During search for devices connected to the network, a managed device is not assumed to be turned off even if the management server is unable to collect information from the device. To check the status of an agentless device, select Update Device Details in the Device list or check the status after the information is updated regularly.

The device information for a computer remains unchanged until the computer reconnects to the network and JP1/IT Desktop Management 2 is able to collect up-to-date information for the computer.

Behavior of online-managed computers when disconnected from the network

Computers that are disconnected from the network are still subject to security policies. As a result, the following occurs:

The user is prevented from starting restricted software.

Blocked attempts to start restricted software are recorded as events on computers with the agent installed.
The user is prevented from using devices if the security policy prohibits their use.
Operation log entries are recorded.

Operation logs are stored locally in the agent-installed computer.

Tip: These do not occur on agentless computers. This is because the security status of an agentless computer is judged by assessing its device information against the security policy on the management server, not as a result of sending a security policy to the computer itself.

Behavior when computers reconnect to the network

When a computer reconnects to the network after a period of isolation, it uploads security-related items and the latest device information according to the monitoring interval specified in the agent configurations, not immediately upon reconnection. Events that were saved locally while the computer was isolated from the network are uploaded when the computer next communicates with the management server.

A user's computer uploads operation logs to the management server. When the computer reconnects to the network, all the operation logs stored on the computer are uploaded at the next scheduled upload time.

Assessment of security status: While a computer is isolated from the network, its security status continues to be assessed based on the information in the database that was collected by the management server before the computer became isolated from the network.

Tip: In the case of an agent for UNIX or Mac, when the device is disconnected from the network, the management server does not try to reconnect to the device, determine whether the power is on or off, obtain the operation log, nor perform security status assessment.

To Page Top

(20) Creating groups

Groups are classified into system-sorted groups (Device type, Network, Department, and Location) that are automatically created by the system and user-defined groups created by the system administrator. Devices are automatically sorted into groups according to the device information and hardware asset information. The created groups are displayed in the menu area.

The following describes how each type of group is created.

Device type

Groups are created according to the device types (such as PC, server, or printer) collected from devices. When device information is collected from a computer with the device type PC or Server, subgroups are created for each OS.

Network

Groups are created for each network address based on the IP addresses and subnet masks of devices.

Department

Groups are created based on the department information collected from devices. If an administrator has registered a department hierarchy in the Asset Field Definitions view of the Settings module, it is automatically reflected in the group hierarchy.

When linking with Active Directory, the OU hierarchy is reflected in the group hierarchy.

Location

Groups are created based on the location information collected from devices. If an administrator has registered a location hierarchy in the Asset Field Definitions view of the Settings module, it is automatically reflected in the group hierarchy. If you use SNMP to collect device information, the location values collected by SNMP are reflected in the created groups.

When linking with Active Directory, the location values collected for each computer are reflected in the created groups.

User-Defined

The system administrator adds groups in the Edit User-Defined List dialog box that opens from the menu area. The managed computers are automatically sorted into the corresponding groups according to the conditions specified for each group in the user definitions.

Related Topics:

2.4.3 Linking with Active Directory

To Page Top

(21) Process for definitions and groups for departments and locations

In the Settings module, you can edit definitions of departments and locations in device information collected from users. The definitions you added in the Settings module are automatically added as groups in the menu area of the Assets module and the Inventory module. You can also view a list of definitions that are deleted due to office reorganization or personnel changes and delete all these definitions at one time. To do this, use the Delete Hierarchies Used in Old Organization dialog box that opens from the menu area of the Assets module and the Inventory module.

Department and location groups can be edited in the menu area.

The following describes the available operations and results when editing definitions in the Settings module and when editing groups in the menu area.

When editing definitions in the Settings module

In the Settings module, you can do the following to edit information:

Add definitions
Delete definitions
Rename definitions
Change the position of a definition in the hierarchy

If you edit information in the Settings module, the changes are applied to the definitions, and not to the user information on the devices. If you add, rename, or rearrange a definition, a new group corresponding to the edited definition is added while the group for the definition before the change remains in the menu area. If you delete a definition, the group corresponding to the definition you deleted also remains in the menu area.

The following figure shows the results that are applied to the menu area and user information on the device when a definition is renamed and another definition is deleted in the Settings module.

[Figure]

When editing groups in the menu area

In the menu area, you can do the following to edit information:

Rename groups
Delete groups

If you edit groups in the menu area, the changes are also applied to the user information on the device registered in the group, in addition to the group definition.

The following figure shows the results that are applied to the definition and user information on the device when a group is renamed in the menu area.

[Figure]

Tip: Create department and location definitions that reflect how you intend to manage devices. If the definitions disagree with the user information, edit the user information so that devices are registered in the groups you defined, as intended. By doing so, an administrator can manage devices in groups aligned with his or her intentions.

Tip: This is automatically generated when information other than location names defined in the settings window is collected via a search.

Settings required after definitions and groups are edited

If definitions and groups are edited due to office reorganization or personnel changes, you must do the following.

If department definitions are added

Do the following for the added departments:

Assign security policies
Assign agent configurations
Add the department administrator to the administration scope

If department definitions are changed

Do the following for the changed departments, except for the case where you changed the definitions by using the ioassetsfieldutil import command:

Assign security policies
Assign agent configurations
Add the department administrator to the administration scope

In addition, delete the following asset information items associated with the department of the old organization, or associate them with another department:

Hardware asset information
Software asset information
Contract information

If a department definition is deleted

Delete the following asset information items associated with the deleted department, or associate them with another department:

Hardware asset information
Software asset information
Contract information

If a department group is deleted

Delete the following asset information items associated with the deleted department, or associate them with another department:

Hardware asset information
Software asset information
Contract information

To Page Top

(22) Overview of user-defined groups

User-defined groups, into which devices are sorted based on a given condition, can be edited in the menu area of the Security module and Inventory module.

You can assign security policies to user-defined groups. Unlike other groups, user-defined groups cannot be used for assigning agent configurations or reports.

Only one level of a user-defined group can be created. The name of a user-defined group can be a string with 256 or fewer ASCII characters other than control characters.

Devices are sorted according to the type of device information, target items, judgment condition, and judgment value specified in the user-defined group conditions. Therefore, you cannot directly sort devices into groups. A device that matches multiple user-defined groups is sorted into all the groups it matches. No devices are sorted into user-defined groups for which no conditions are set.

Type of device information: The type of device information of the target item. You can select Device list (sorted by system) (Device type, Network, Department, or Location) or Custom Field whose information is added by the system administrator.
Target items: The target item for the user-defined group conditions. If multiple target items are set, only the devices that meet the conditions for all the target items are sorted into groups.
Judgment conditions: The conditions used to compare the target item value with the judgment value. Devices are sorted into groups based on the result of the comparison.
Judgment value: The value that is compared with the target item according to the judgment condition.

The Devices for Which Conditions Do Not Apply group appears in the menu area by default. Devices that are not sorted into the user-defined groups created by the system administrator will be sorted into this group.

Judgment conditions and judgment values that can be specified for user-defined groups

Judgment conditions and judgment values that can be specified for a user-defined group vary depending on the type of device information. The following tables list the judgment conditions and judgment values that can be specified for each type of device information.

If Type of device information is Device list (sorted by system)

Judgment condition	Judgment value
Equals the judgment value	Hierarchy values displayed in the pull-down menu
Does not equal the judgment value
Equals the judgment value (including lower-hierarchy values)^#
Does not equal the judgment value (including lower-hierarchy values)^#

#: Cannot be specified if the target item is Network.

If Type of device information is Custom Field

Data type of judgement item	Judgment condition	Judgment value
Text	Equals the judgment value	Character string with 1 to 256 characters The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.
	Does not equal the judgment value
	Begins with the judgment value
	Ends with the judgment value
	Contains the judgment value
Number	Equals the judgment value	-2,147,483,647 to 2,147,483,647
	Does not equal the judgment value
	Equal to or greater than the judgment value
	Less than or equal to the judgment value
	Greater than the judgment value
	Less than the judgment value
Enumeration	Equals the judgment value	Value displayed in the pull-down menu The specified value is case sensitive. Single-byte characters are distinguished from double-byte characters during judgment.
Enumeration	Does not equal the judgment value

When devices are sorted into user-defined groups

Devices are sorted into groups according to the specified user-defined group conditions when one of the following occurs:

The name of a user-defined group is changed.
A user-defined group is deleted.
User-defined group conditions are edited.
A device that belongs to the system-sorted group specified for the target item by the user-defined group conditions moves to another group.
The Custom Field information specified for the target item by the user-defined group conditions is updated.
The Custom Field information specified for the target item by the user-defined group conditions is deleted.

To Page Top

(23) Deleting duplicate device information

If an action such as reinstalling the operating system causes the agent program to be removed from a computer, a situation might arise in which the same device is registered more than once in the database. To delete duplicate device information:

In the Device Inventory view of the Inventory module, delete the device whose Last Modified Date/Time is farther in the past.
In the Device Inventory view of the Inventory module, sort the list of devices by MAC address. If two devices have the same MAC address, remove one of the devices.

To Page Top

(24) Size of inventory information collected from devices with agents for UNIX or Mac installed

The following table describes the maximum sizes of inventory information collected from devices with agents for UNIX or Mac installed:

Inventory type	Maximum size
System information	When the size of information to be collected exceeds 200 bytes, up to 200 bytes of the information can be collected.
Hardware information	When the size of information to be collected exceeds 200 bytes, up to 200 bytes of the information can be collected. When the disk capacity or drive capacity exceeds 4 petabytes, the capacity is indicated as 4 petabytes.
Installed software information, software information	When the name of a software program exceeds 50 bytes, up to 50 bytes of the name can be collected. When the version description of a software program exceeds 8 bytes, up to 8 bytes of the description can be collected.

Inventory type

Maximum size

System information

When the size of information to be collected exceeds 200 bytes, up to 200 bytes of the information can be collected.

Hardware information

When the size of information to be collected exceeds 200 bytes, up to 200 bytes of the information can be collected.

When the disk capacity or drive capacity exceeds 4 petabytes, the capacity is indicated as 4 petabytes.

Installed software information, software information

When the name of a software program exceeds 50 bytes, up to 50 bytes of the name can be collected.

When the version description of a software program exceeds 8 bytes, up to 8 bytes of the description can be collected.

To Page Top