A.14 Version changes

Maximum of 300,000 devices can be managed.

Agents can now be installed on computers running the following OSs:

• macOS 10.15

• macOS 11

Software information can now be searched for at any time with the softwaresearch command.

Operation Date/Time (UTC) was added to the information items to be collected in the operation log.

The All Assets Cost report, which totals the cost values of hardware assets, software license, and other, was added to Asset Detail Reports.

Devices on which network monitors are enabled can now be forcibly deleted.

A new network monitor setting can allow events to be issued whenever unauthorized devices access the network.

Asset association information can now be imported and exported.

Agents can now be installed on computers running the following OSs: CentOS 8.1, Red Hat Enterprise Linux(R) Server 8, and Oracle Linux 8.

Windows Server 2019 was added as an applicable operating system for the following products:

• JP1/IT Desktop Management 2 - Manager

• JP1/IT Desktop Management 2 - Agent

• JP1/IT Desktop Management 2 - Network Monitor

• JP1/IT Desktop Management 2 - Asset Console

• JP1/IT Desktop Management 2 - Internet Gateway

• Remote Install Manager

The Hardware Assets Cost report and the Software License Cost report can now display the total cost calculated based on the contract information valid at the time the report is displayed. Furthermore, the Other Cost report was added.

Devices can now be managed from an external system via the API.

Shared VDI-based virtual computers can now be managed.

Windows updates and a feature update to Windows 10 can now be packaged for distribution by using Remote Install Manager.

The management window was changed to HTML5. Furthermore, Adobe Flash Player is no longer a prerequisite for an administrator's computer.

The check box beside Automatic update of components, which is one of the parameters used to set up the management server, is now not selected by default.

MobileIron 10 was added as a version that supports MDM linkage configurations.

Windows Server 2008 R2 was removed from applicable OSs for the following products:

• JP1/IT Desktop Management 2 - Manager

• JP1/IT Desktop Management 2 - Network Monitor

• JP1/IT Desktop Management 2 - Asset Console

• Remote Install Manager

Computers can now be managed via the Internet.

Improvements were made to the security judgment for cumulative updates and Security Monthly Quality Rollup for Windows.

Added the following OSs in a computer on which an agent will be installed requires one of the OSs:

• macOS 10.13

• macOS 10.14

Added the NAT Environment Configuration.

A security policy can now be set for offline-managed devices.

HIBUN logs can now be imported into JP1/IT Desktop Management 2.

When importing hardware asset information, users can now select whether to register the information as new hardware asset information if it is not associated.

Remote Install Manager can now distribute a file larger than 2 gigabytes.

For agents for Mac, the distribution of software and files (remote installation) is now enabled. Additionally, these agents are judged for security status based on security policies.

The managed software information now includes information on which operating system the software program is installed on. This enables the licenses of a software program to be managed for each operating system.

The information on BitLocker drive encryption is now available.

Account information and screen saver information, which can be collected as part of security information that constitutes device information, can now be collected for a maximum of 60 users.

The following products were added to the list of products whose purchasing status and GUID can be collected as part of installed software information:

• Microsoft Office Professional Plus 2016

• Microsoft Office Standard 2016

• Microsoft Skype for Business 2016

• Microsoft Access 2016

• Microsoft Excel 2016

• Microsoft Outlook 2016

• Microsoft PowerPoint 2016

• Microsoft Project Professional 2016

• Microsoft Project Standard 2016

• Microsoft Publisher 2016

• Microsoft Visio Professional 2016

• Microsoft Visio Standard 2016

• Microsoft Word 2016

You can now use a command to control network access of devices.

You can now install an agent on the server on which Citrix XenApp and Microsoft RDS have been installed and manage it with JP1/IT Desktop Management 2.

Assets that are allowed to use a USB device can now be limited based on the department, location, or associated asset.

A list of update programs registered with a management server can now be exported to a CSV file. Additionally, the exported CSV file containing patch information can now be imported to the source management server or other management servers.

Supported anti-virus products were added.

Windows Server 2016 was added as an applicable operating system for the following products:

• JP1/IT Desktop Management 2 - Manager

• JP1/IT Desktop Management 2 - Agent

• JP1/IT Desktop Management 2 - Network Monitor

• JP1/IT Desktop Management 2 - Asset Console

• Remote Install Manager

An agent can now be managed after being installed on a computer running Mac OS. (The device type will be PC.)

Provided functionality

• Acquisition of system information and software information

• Remote control via RFB connections (already provided for agentless management)

• Network control (enabling or disabling network access on demand)

Unavailable functionality (including functionality in development)

• Software and file distribution (remote installation)

• Collection of files (remote collection)

• Agent settings and agent deployment

• Security management (security judgments, automated countermeasures)

• Operation logs

• Device control

By linking with JP1/Base, you can now log in to JP1/IT Desktop Management 2 by using JP1 authentication.

The device status can now be set when device information is acquired for the first time from computers managed offline.

Information about Windows Store apps can now be collected as installed software information.

Supported antivirus products were added.

The following product was added as an applicable OS for JP1/IT Desktop Management 2 - Agent:

Red Hat Enterprise Linux 5

As files that are to be executed automatically during installation, ZIP files for installers of related products, such as Hibun, can now be set.

A maximum of 50,000 devices can now be managed.

JP1/IT Desktop Management 2 - Operations Director was added as a relevant program product.

Windows 10 was added as an applicable operating system for JP1/IT Desktop Management 2 - Network Monitor.

You can now specify detection conditions for duplicate or idle devices in order to detect devices suggested for deletion, and then delete them automatically or manually.

You can now specify whether the agents to be deployed include remote control agents.

The asset status of the associated hardware assets can now be automatically changed when a device is deleted.

The Windows OS version can now be acquired.

The description of the kernel version that can be collected as system information was amended.

The description of the installed software information collected for a Windows agent was amended.

You can now collect information about version 11 of Hibun products (Hibun DC, Hibun DE, and Hibun DP).

You can now manage smart device software.

The description of the remote control function for UNIX agents was removed.

Supported anti-virus products were added.

The description of the tooltip displayed when an operation log backup file for an earlier product (JP1/IT Desktop Management) is stored in the operation log backup folder was amended.

In the setup for distribution with Remote Install Manager, you can now specify the maximum transfer rate for sending packages from the management server to agents.

A description of the port numbers used on the administrator's computer (Remote Install Manager) and relay systems was added.

You can now use the file for connection destinations (itdmhost.conf) to specify the connection destination of an agent.

You can now select which menu items are to be displayed in the start menu of an agent.

A description about continuity with lower versions was added to 11-01. Notes on a security policy for restricting prohibited operations were added to the table showing the connectivity between an agent and a manager.

Site by site management and central management can now be achieved by operating JP1/IT Desktop Management 2 in a multi-server configuration system.

A description about when a network control list is updated was added.

A description that the network connection information can be imported and exported was added.

Windows 10 was added as an applicable OS for the following products:

• JP1/IT Desktop Management 2 - Agent

• JP1/IT Desktop Management 2 - RC Manager

• Remote Install Manager

Windows Server 2003 and Windows Server 2008 (excluding Windows Server 2008 R2) were removed from applicable OSs for the following products:

• JP1/IT Desktop Management 2 - Manager

• JP1/IT Desktop Management 2 - Agent

• JP1/IT Desktop Management 2 - Network Monitor

• JP1/IT Desktop Management 2 - RC Manager

The following Web browsers and email clients were removed from operation log collection target:

• Internet Explorer 7

• Internet Explorer 8

• Microsoft Outlook Express 6

• Windows Mail 6

MobileIron 7.5 was added as a version that supports MDM linkage configurations.

A description was added to include the source of the device information that can be acquired from JP1/IT Desktop Management 2 - Smart Device Manager when linked with a MDM system.

The following products were added as supported anti-virus products:

Japanese version of anti-virus products

• ウイルスバスター クラウド 8.0

• ウイルスバスター コーポレートエディション 11.0

• ウイルスバスター ビジネスセキュリティサービス 5.7.1193

• ESET NOD32 Antivirus 8.0

• Sophos Endpoint Security and Control for Windows 10.3.11, 10.3.13

• Symantec Endpoint Protection 12.1.5

English version of anti-virus products

• Avira Professional Security 14.0.4, 14.0.7

• Kaspersky Endpoint Security 10 for Windows 10.2

• McAfee SaaS Endpoint Protection 6.0

• OfficeScan Corporate Edition 11.0

• Sophos Endpoint Security and Control for Windows 10.3.7, 10.3.11

• Symantec Endpoint Protection 12.1.4, 12.1.5

• Titanium Internet Security 2015

The judgment conditions for whether the Japanese version of the following anti-virus products are resident or non-resident were added:

• ESET Endpoint Antivirus

• ESET File Security for Microsoft Windows Server

• Kaspersky Endpoint Security 8 for Windows

• Kaspersky Endpoint Security 10 for Windows

• Sophos Endpoint Protection - Advanced

• Sophos Endpoint Protection - Basic

• Sophos Endpoint Protection - Enterprise

• Sophos Endpoint Security and Control for Windows

The judgment conditions for whether the products ウイルスバスター and ウイルスバスタークラウド are resident or non-resident were reviewed.

Anti-virus product information can now be acquired from the support service site.

The list of limit values was updated.

A description was added about the operation when the setting for Detection of change in JP1/IT Desktop Management 2 - Agent is disabled.

A description on 11-00 was added about connectivity with a lower version.

The description on performance and estimates was updated.

Restriction imposed when asset is managed using Asset Console is added.

A link regarding device information collection was removed.

The Host ID was added to a list of asset fields in the asset information.

The Host ID was added to a list of fields that can be used to identify devices and hardware assets.

The Host ID was added to a list of hardware asset information fields that can be imported. Its description format was also added.

An agent can now be installed on a computer running UNIX to manage the UNIX computers (the device type is Server).

In the description about the browsers that can display the operation windows, the version of Firefox was changed to 31 or later.

The version of Adobe Flash Player required to display the operation windows was changed to 13.0 or later.

An explanation was added to indicate that, if the restoration scope covers data that is already restored, all operation logs are overwritten when they are restored.

A description was added about how to calculate the maximum number of days for which operation logs can be restored to the database when manually restoring operation logs.

An explanation was added to indicate that, if automatic restoration of operation logs is enabled when an operation log backup folder is not set, operation logs are automatically restored to the operation log database without being stored in an operation log backup folder.

The name of the add-on for Web access monitoring in the operation log is changed to JP1/IT Desktop Management 2 BHO.

The name of the add-on for file upload monitoring in the operation log is changed to JP1/IT Desktop Management 2 FUO.

The following explanation was added to the notes on restricting the use of devices: If you reconnect a device (other than a USB device) that connected to a computer and was then restricted by the computer, restriction messages cannot be displayed, and connection, disconnection, and restriction logs, as well as restriction events, cannot be acquired.

The following explanation was added to the notes on restricting the use of USB devices: A USB device must be registered as both a normal and a UASP asset when the USB device is recognized as a normal device and a UASP device, even though it is the same device.

Help information for JP1/IT Desktop Management 2 was deleted from the Help menu.

(Changes from only this manual (3021-3-368(E))) The software, purchasing status, product ID, GUID, and software type for some software can now be managed.

The functionality of the site server configuration system was deleted. The relay system was added as a system required for distribution using Remote Installation Manager.

By using the functionality of distribution using Remote Installation Manager, the user can now specify, in detail, the required conditions for the managed computers and their actions.

Integrated management of hardware information (including network devices), software information, and contract information is now available in a database.

Batch collection of files stored in the managed computers is now available.

The user can now suppress the use of the following devices:

• Bluetooth devices

• Imaging devices

• Windows Portable Devices

The user was able to suppress the use of the devices below as removable disks in Windows 8, Windows Server 2012, Windows 7, Windows Server 2008, and Windows Vista. The user can now suppress the use of each type of the following devices:

• USB devices

• IEEE1394 devices

• Internal SD cards

The user can now select whether to obtain a list of files stored in a USB device that are allowed to be used.

The user can now specify whether to display on users' computers the message indicating that the use of a device has been suppressed.

By using the Getting Started Wizard, the user can now manage devices by installing agents on them.

The functionality of the multi-server configuration system was deleted. One management server can now manage up to 30,000 devices.

The user can now set the conditions for collecting operation logs regarding the following operations:

• File operations

• Startup and stop of programs

• Window operations

The user can now collect operation logs for device connection permission.

The user can now set the interval of sending notifications about prohibited-operation suppression events and operation logs to the higher system, and the maximum period the user's computer can retain such events and logs.

The user can now set the number of consecutive login failures allowed before the account is locked, and the number of days until the password expires.

Settings during installation, setup, and agent setup were changed due to the change in the product structure.

Windows 8.1 and Windows Server 2012 R2 were added to the supported OSs for the following products:

• JP1/IT Desktop Management 2 - Manager

• JP1/IT Desktop Management 2 - Agent

• JP1/IT Desktop Management 2 - Network Monitor

• JP1/IT Desktop Management 2 - RC Manager

Windows 8 and Windows 7 are now excluded from the supported OSs for the following product:

• JP1/IT Desktop Management 2 - Manager

Windows 2000 is now excluded from the supported OSs for the following product:

• JP1/IT Desktop Management 2 - Agent

JP1/IT Desktop Management 09-50 or later, and JP1/IT Desktop Management 2 10-50 were added to the versions that can use Remote Control Agent.

A description that the AMT version required to use AMT functions is version 9.5 or earlier was added.

The following products were added to the supported anti-virus products:

• Kaspersky Endpoint Security 10 for Windows

• Sophos Endpoint Security and Control for Windows

Among the supported anti-virus products, the supported versions of the following products were changed:

• Norton AntiVirus

• Symantec Endpoint Protection

• McAfee SaaS Endpoint Protection

• ウイルスバスター クラウド

• ウイルスバスター ビジネスセキュリティ

• Forefront Client Security

• Kaspersky Endpoint Security 10 for Windows

• ESET NOD32 Antivirus

• F-Secure Client Security

The supported Internet Explorer versions were changed.

The supported MobileIron versions were changed.

Microsoft Cluster Service was deleted from the list of supported cluster software products.

A part of port numbers was changed.

Services and processes were added and changed.

Memory requirements, disk space requirements, and required CPUs were changed.

Collection of print operation logs and suppression of print operations are now unavailable for network shared printers.

SLL was deleted from the security-protected connection methods used for communication with the SMTP server.

The function of enabling SSL communication was deleted from the Active Directory settings.

A description that a fixed IP address must be used for the global IP address of the management server was added.

A description about the following was added: A software name is judged by partial match, and a version is judged by Starts-with match during determination of the prohibited software and mandatory software.

A description about the following was added: Only software that exactly matches the specified software name and version is uninstalled from the Tasks view.

A description about the following was added: If the distributed package has the same name as an existing file in the distribution destination, the access permissions for the existing file is inherited to the distributed package.

A description that the assessment levels in Category Assessment Status and Assessment and # of Target Trend are possibly different was added.

The descriptions of the View and Exclusive connection modes in Agent Configuration for remote control sessions were replaced, and the explanation of determining the connection mode was changed.

A description that OneDrive cannot be used for file transfer in remote control sessions was added.

A description about connectivity with lower versions was added.

Host description was added to the device information that can be collected.

The structure of folders created under JP1/IT Desktop Management 2 - Manager was changed due to a change in the product structure.

By linking with JP1/NETM/NM - Manager, the user can now use JP1/IT Desktop Management to control the network connections monitored by an appliance product on which JP1/NETM/NM is running.

In the Security module and Device module, the user can now create a group that can be used to automatically assign managed computers according to the specified conditions.

The differences in operation windows when administration scopes are assigned were corrected.

The following description was added: To conduct an intensive search for devices in the network by specifying a discovery period, specify 50,000 or less IP addresses in the discovery range.

The explanation of the total free space in the computer information was changed as follows:

• A description that the type of logical drive is Local Disk was added to the explanation about the hard disk.

• A description that, if the total amount of free space on the local disk exceeds 9,223,372,036,854,775,807 bytes, 9,223,372,036,854,775,807 (bytes) is displayed, was added.

The user can now select whether to display on the user's computer the balloon tip on the JP1/IT Desktop Management icon in Taskbar, and a window for entering user information.

Among the device information that can be obtained from the MDM system, the explanation about the system information was changed. The explanation for when an underscore (_) is used in the host name for MDM server linkage was deleted.

A workaround for the problem that ten IP addresses leased by the DHCP server are reserved by the Remote Access function of RRAS (Routing and Remote Access Service), was added.

The user can now specify whether to enable all automatic updates on the network filter list or to enable automatic updates only for add operations.

Among the supported anti-virus products, the supported versions of the following products were changed:

• ウイルスバスター コーポレートエディション

• ウイルスバスター コーポレートエディション アドバンス

• ウイルスバスター コーポレートエディション サーバ版

• ウイルスバスター コーポレートエディション サーバ版 アドバンス

• ESET Endpoint Antivirus

• ESET File Security for Microsoft Windows Server

• OfficeScan Corporate Edition

Also, a note on when the anti-virus product is ServerProtect for Windows NT/NetWare was added.

The minimum values that can be entered for the judgment values in User-Defined Security Settings were added.

A description about the following was added: If version information for the executable file of the target software program is corrupted or contradicted, the program might not be blocked. This might occur even if the Formal file name or Original file name settings in Windows Explorer matches the File name setting for the program.

Firefox was deleted from the Web browsers that can be used to collect operation logs for Web access, upload of files, and download of files.

An explanation about the required conditions for the managed files was added.

A description about the following was added: If the processing is forcibly terminated after operation logs are sent from a computer running an agent to the management server, operation logs might be duplicately collected until the operation logs on that computer are deleted.

A description that operation logs for uploading files might not be collected in Internet Explorer 10 was added.

A description that the access permissions for the distribution-destination folder are inherited to the distributed package was added. Also, a description that the user needs to operate on the distribution-target computer to change the access permissions for the distributed package was added.

The description about reducing the load caused by distribution was corrected.

Notes on distribution were added.

Android was added to the required OSs for smart devices that are managed with linkage with the MDM system.

The description about the versions of the JP1 Smart Device Management service in a MDM linkage configuration system was changed.

When the free space of individual data folders on the site server is insufficient, the following actions might be now taken: Events are output according to the free space size, or a part of the JP1/IT Desktop Management functions is automatically stopped.

The guideline of the disk capacity required for the operation log database was changed.

The guideline of the recommended disk capacity was changed.

The explanation about port setting was corrected. An explanation about the network between JP1/IT Desktop Management - Remote Site Server and an agentless computer was added.

The values that can be specified for the following items in the Settings module were corrected:

• Items under Protection settings for registering USB devices of Agent Configuration Items that can be opened from the Agent Configurations view under Agent

• Items in the AMT view under Inventory

• Items in the Active Directory view under General

• Items in the MDM Linkage Settings view under General

The memory usage on the following servers was changed:

• Management server in a single-server configuration system

• Database server in a multi-server configuration system

By linking with Job Management Partner 1/NETM/NM - Manager, the user can now use Job Management Partner 1/IT Desktop Management to control the network connections monitored by an appliance product on which Job Management Partner 1/NETM/NM is installed.

In the Security module and Device module, the user can now create a group that can be used to automatically assign managed computers according to the specified conditions.

In the Software License Status view, software licenses can now be managed for each management software.

Revision history for device information can now be collected.

The information on software licenses and contracts that will be displayed can now be limited according to the administration scope set for the user account.

The differences in operation windows when administration scopes are limited were corrected.

The following description was added: To conduct an intensive search for devices in the network by specifying a discovery period, specify 50,000 or fewer IP addresses in the discovery range.

The following descriptions were added about the maximum number of devices that can be managed in a basic configuration system:

• When operation logs are collected: 3,000

• When operation logs are not collected but the distribution function is used: 5,000

• When operation logs are not collected and the distribution function is not used: 10,000

The following description was added: The Agentless Management (Authentication Successful) icon indicates a device that was successfully authenticated via a Windows administrative share or via SNMP.

For the computer name and computer description in the computer information, descriptions for SNMP authentication and smart devices were added. In addition, the description on the free space for the computer information was changed as follows:

• A description stating that the type of logical drive for the hard disk is Local Disk hard disk was added.

• The following description was added: If the total amount of free space on the local disk exceeds 9,223,372,036,854,775,807 bytes, 9,223,372,036,854,775,807 (bytes) is displayed.

The following products were added the products for which purchasing status and GUID can be collected as installation software information:

Japanese version of Microsoft Office products

• Microsoft Office Access 2003

• Microsoft Office Excel 2003

• Microsoft Office FrontPage 2003

• Microsoft Office Outlook 2003

• Microsoft Office Personal Edition 2003

• Microsoft Office PowerPoint 2003

• Microsoft Office Professional Edition 2003

• Microsoft Office Professional Enterprise Edition 2003

• Microsoft Office Project Professional 2003

• Microsoft Office Project Standard 2003

• Microsoft Office Publisher 2003

• Microsoft Office Standard Edition 2003

• Microsoft Office Visio 2003 Professional

• Microsoft Office Visio 2003 Standard

• Microsoft Office Word 2003

Japanese versions, English versions, and Chinese versions of Microsoft Office products

• Microsoft Access 2013

• Microsoft Excel 2013

• Microsoft InfoPath 2013

• Microsoft Lync 2013

• Microsoft Office Professional Plus 2013

• Microsoft Office Standard 2013

• Microsoft OneNote 2013

• Microsoft Outlook 2013

• Microsoft PowerPoint 2013

• Microsoft Project Professional 2013

• Microsoft Project Standard 2013

• Microsoft Publisher 2013

• Microsoft Visio Professional 2013

• Microsoft Visio Standard 2013

• Microsoft Word 2013

Notes on software that are only displayed in the Programs and Features list of the Windows Control Panel were added.

The user can now select whether to display on the user's computer the balloon tip on the JP1/IT Desktop Management icon in Taskbar, and a window for entering user information.

In the Settings module, a system administrator can now specify the date and time on which a user can start entering user information.

Groups shown in the menu area that correspond to the layers that have been deleted from department and location definitions can be deleted in a batch.

A description stating the following was removed: When a computer which was authenticated only via SNMP is managed, the computer can be authenticated by specifying Windows administrative shares later.

Among the device information that can be obtained from the MDM system, the explanation about the system information was changed. The explanation for when an underscore (_) is used in the host name for MDM server linkage was deleted.

Notes on remote control were changed.

Cases where exclusive communication settings are required and examples of Exclusive Communication Destination for Access-Denied Devices settings were added. Also, a workaround for the problem that ten IP addresses leased by the DHCP server are reserved by the Remote Access function of RRAS (Routing and Remote Access Service), was added.

A note on when network connection was allowed for a device disconnected from network was added.

Windows 8 and Windows Server 2012 were added as applicable OSs for the following programs:

• Job Management Partner 1/IT Desktop Management - Manager

• Job Management Partner 1/IT Desktop Management - Remote Site Server

• Job Management Partner 1/IT Desktop Management - Network Monitor

The user can now specify whether to enable all automatic updates on the network filter list or to enable automatic updates only for add operations.

A description stating the following was deleted: A network monitor agent must be installed on a computer registered for Exclusive Communication Destination for Access-Denied Devices.

You can now add any security policy regarding security settings on the computer, and judge the security status based on desired judgment conditions.

Descriptions of the supported anti-virus products were changed as follows:

The following products were added as supported anti-virus products:

• ESET Endpoint Antivirus (32-bit, 64-bit)

• ESET File Security for Microsoft Windows Server (32-bit, 64-bit)

• English version of Symantec Endpoint Protection 12.1 (32-bit, 64-bit)

Among the supported anti-virus products, the supported versions of the following products were added:

• Japanese version of Forefront Client Security

• English version of Forefront Client Security

Among the supported anti-virus products, the supported versions of the following products were changed:

• ウイルスバスター コーポレートエディション

• ウイルスバスター コーポレートエディション アドバンス

• ウイルスバスター コーポレートエディション サーバ版

• ウイルスバスター コーポレートエディション サーバ版 アドバンス

• Japanese version of Forefront Client Security

• OfficeScan Corporate Edition

• English version of Forefront Client Security

A description was added stating that when a complete scan is performed on the following products, the last scanned date and time can be collected only when all hard disks, system memory, and startup objects are scanned:

• Japanese versions of anti-virus products

  - Kaspersky Open Space Security Server (32-bit, 64-bit)

  - Kaspersky Open Space Security Workstation (32-bit, 64-bit)

  - Kaspersky Endpoint Security 8 for Windows (32-bit, 64-bit)

• English versions of anti-virus products

  - Kaspersky Open Space Security Server 6.0.4 (32-bit, 64-bit)

  - Kaspersky Open Space Security Workstation 6.0.4 (32-bit, 64-bit)

A note on when the anti-virus product is ServerProtect for Windows NT/NetWare was added.

The minimum values that can be entered for the judgment values in User-Defined Security Settings were added.

A description about the following was added: If version information for the executable file of the target software program is corrupted or contradicted, the program might not be blocked. This might occur even if the Formal file name or Original file name settings in Windows Explorer matches the File name setting for the program.

Firefox was removed from the Web browsers from which operation logs for Web accesses, file upload, and file download can be collected.

Windows Internet Explorer 11 was added to the supported web browsers.

Microsoft Office Outlook 2013 and Windows Live Mail 2012 were added to email clients for which operation logs can be collected.

An explanation about the required conditions for the monitored files was added.

A description about the following was added: If the processing is forcibly terminated after operation logs are sent from a computer running an agent to the management server, operation logs might be duplicately collected until the operation logs on that computer are deleted.

A description that operation logs for uploading files might not be collected in Internet Explorer 10 was added.

A description that the access permissions for the distribution-destination folder are inherited to the distributed package was added. Also, a description that the user needs to operate on the distribution-target computer to change the access permissions for the distributed package was added.

The description about reducing the load caused by distribution was corrected.

Notes on distribution were added.

A description stating that, when Job Management Partner 1/IM is linked, error events that occur on managed computers can be monitored on the Job Management Partner 1/IM event console, was changed to include a description that major events can also be monitored.

Definitions of common fields and custom fields can now be exported and imported in a CSV file format.

Prerequisites for computers on which an agent is installed were changed.

Android was added to the required OSs for smart devices that are managed with linkage with the MDM system.

A description was added to indicate that a site server configuration must be used for the following cases:

• When operation logs are collected and more than 3,000 devices are managed.

• When operation logs are not collected but the distribution function is used and more than 5,000 devices are managed.

A description was added to indicate that the maximum number of devices that can be managed by a single site server is as follows:

• When operation logs are collected: 1,000

• When operation logs are not collected: 3,000

MobileIron 5.8 was added to MDM systems that can be linked.

When the free space of individual data folders on the site server is insufficient, the following actions might now be taken: Events are output according to the free space size, or some of the JP1/IT Desktop Management functions are automatically stopped.

The guideline of the disk capacity required for the operation log database was changed.

The guideline of the recommended disk capacity was changed.

The explanation about port setting was corrected. An explanation about the network between JP1/IT Desktop Management - Remote Site Server and an agentless computer was added.

The values that can be specified for the following items in the Settings module were corrected:

• Items under Protection settings for registering USB devices of Agent Configuration Items that can be opened from the Agent Configurations view under Agent

• Items in the AMT view under Inventory

• Items in the Active Directory view under General

• Items in the MDM Linkage Settings view under General

Memory usage for the following servers were changed:

• A management server in a single-server configuration system

• A database server in a multi-server configuration system

A description stating the following was deleted: Update confirmation of an agent is automatically performed.

A revision history for the device information can now be acquired.

In the Software License Status view, software licenses can now be managed for each management software.

The information on software licenses and contracts that will be displayed can now be limited according to the administration scope set for the user account.

The table that shows the differences in operation windows when administration scopes are limited was corrected.

Descriptions were added to indicate that a maximum of following number of devices can be managed in a basic configuration system:

• When operation logs are collected: 3,000

• When operation logs are not collected but the distribution function is used: 5,000

• When operation logs are not collected and the distribution function is not used: 10,000

A description stating the following was added: The Agentless Management (Authentication Successful) indicates a device that has undergone successful authentication via a Windows administrative share or via SNMP.

For the computer name and computer description in the computer information, descriptions for SNMP authentication and a smart device were added

The following products are added to products of which purchasing status and GUID can be collected as installation software information:

• Microsoft Office Personal Edition 2003

• Microsoft Office Professional Edition 2003

• Microsoft Office Professional Enterprise Edition 2003

• Microsoft Office Professional Plus 2013

• Microsoft Office Standard Edition 2003

• Microsoft Office Standard 2013

• Microsoft Lync 2013

• Microsoft Office Access 2003

• Microsoft Access 2013

• Microsoft Office Excel 2003

• Microsoft Excel 2013

• Microsoft Office FrontPage 2003

• Microsoft InfoPath 2013

• Microsoft OneNote 2013

• Microsoft Office Outlook 2003

• Microsoft Outlook 2013

• Microsoft Office PowerPoint 2003

• Microsoft PowerPoint 2013

• Microsoft Office Project Professional 2003

• Microsoft Project Professional 2013

• Microsoft Office Project Standard 2003

• Microsoft Project Standard 2013

• Microsoft Office Publisher 2003

• Microsoft Publisher 2013

• Microsoft Office Visio 2003 Professional

• Microsoft Office Visio 2003 Standard

• Microsoft Visio Professional 2013

• Microsoft Visio Standard 2013

• Microsoft Office Word 2003

• Microsoft Word 2013

Notes on software that are only displayed in the Programs and Features list of the Windows Control Panel were added.

In the Settings module, a system administrator can now specify the date and time on which a user can start entering user information.

Groups shown in the menu area that correspond to the layers that have been deleted from department and location definitions can be deleted in a batch

A description stating the following was removed: When a computer which was authenticated only via SNMP is managed, the computer can be authenticated by specifying Windows administrative shares later.

Notes on remote control were changed.

Cases where exclusive communication settings are required and examples of Exclusive Communication Destination for Access-Denied Devices settings were added.

A note on when network connection was allowed for a device disconnected from network was added.

Windows 8 and Windows Server 2012 was added as applicable OSs for the following programs:

• JP1/IT Desktop Management - Manager

• JP1/IT Desktop Management - Remote Site Server

• JP1/IT Desktop Management - Network Monitor

A description stating the following was deleted: A network monitor agent must be installed on a computer registered for Exclusive Communication Destination for Access-Denied Devices.

You can now add any security policy regarding security settings on the computer, and judge the security status based on desired judgment conditions.

The following products were added as supported anti-virus products:

• ESET Endpoint Antivirus (32-bit, 64-bit)

• ESET File Security for Microsoft Windows Server (32-bit, 64-bit)

A description was added stating that when a complete scan is performed on the following products, the last scanned date and time can be collected only when all hard disks, system memory, and startup objects are scanned:

Japanese versions of anti-virus products

• Kaspersky Open Space Security Server (32-bit, 64-bit)

• Kaspersky Open Space Security Workstation (32-bit, 64-bit)

• Kaspersky Endpoint Security 8 for Windows (32-bit, 64-bit)

English versions of anti-virus products

• Kaspersky Open Space Security Server 6.0.4 (32-bit, 64-bit)

• Kaspersky Open Space Security Workstation 6.0.4 (32-bit, 64-bit)

Microsoft Office Outlook 2013 and Windows Live Mail 2012 were added to email clients for which operation logs can be collected.

A description stating that, when JP1/IM is linked, error events that occur on managed computers can be monitored on the JP1/IM event console, was changed to include a description that major events can also be monitored.

Definitions of common fields and custom fields can now be exported and imported in a CSV file format.

A description was added to indicate that a site server configuration must be used for the following cases:

• When operation logs are collected and more than 3,000 devices are managed.

• When operation logs are not collected but distribution function is used and more than 5,000 devices are managed.

A description was added to indicate that the maximum number of devices that can be managed by a single site server is as follows:

• When operation logs are collected: 1,000

• When operation logs are not collected: 3,000

A description stating the following was deleted: Update confirmation of an agent is automatically performed.

The offline management function can now be used to manage computers that are not connected to the management server via a network.

Information about JP1/IT Desktop Management can now be updated by acquiring support service information including anti-virus product information.

During asset management, the license types, product IDs, and GUIDs of some purchased software products, as well as software types, can now be managed. In addition, to manage software type, information about JP1/IT Desktop Management can now be updated by acquiring support service information including SAMAC software dictionary file for offline updates.

A description stating the following was added: Suspicious file transfer operations and suspicious printing operations are displayed and investigated in different manners.

Differences in the Home module and Assets module when administration scopes are limited were corrected.

Software can now be added to the managed-software list by from the Software Inventory view of the Device module.

Improved the description of the case in which a site server is deployed within the network search range.

A description stating the following was added: To discover networked devices in an environment with site servers deployed, the management server and the site server must be mutually accessible by their IP addresses.

A cautionary note about when a discovery range includes a loop-back address or broadcast address was added.

Windows 8 and Windows Server 2012 were added as applicable OSs for JP1/IT Desktop Management - Agent.

The explanation of the legend of the table indicating the system information that can be acquired from Active Directory was improved.

A description stating the following was added: SNMP: NG(No credential) might appear if not enough information was collected to identify a device.

The Host Name entry was added in the computer information that can be collected as system information.

A description stating that the Workstation service of the OS of a managed computer must be running to collect the following information was added:

• Automatic Windows Update in Windows Update Details

• Windows Service Details

• OS Security Details

The description of Registered Date/Time shown on the Installed Computers tab was corrected.

The conditions that must be met to control the power status of a computer were corrected.

The time when the computer is restarted can now be set in the Add Agent Configuration dialog box and the Edit Agent Configuration dialog box. Accordingly, the descriptions of the Shutdown Computer and Computer Restart settings dialog boxes that appear on a computer with the agent installed were changed.

Notes on when the discovery range or authentication information for any agentless managed device is deleted, or Active Directory setting for any agentless managed device is deleted were converged into 4.2.7.

Whether system information can be collected from an MDM system was added. The explanation of the legend was improved.

A description stating the following was added: When you use the remote control feature, if there is no mouse connected to a computer with the agent installed, the mouse pointer will always be shaped as an arrow regardless of context.

A description of how to specify the settings to control network connections so that newly discovered devices are automatically permitted to connect to the network was added.

The settings you need to enter in the network control list for devices used in particular ways were added.

A description stating that the computers for which network monitor is enabled are not judged for Windows firewall was added.

The following products were added as supported anti-virus products:

• Norton AntiVirus (32-bit, 64-bit)

• ウイルスバスター クラウド (32-bit, 64-bit)

• ウイルスバスター ビジネスセキュリティ 7.0 (32-bit, 64-bit)

• Kaspersky Endpoint Security 8 for Windows 8.1 (32-bit, 64-bit)

• ESET NOD32 Antivirus 5.2 (32-bit, 64-bit)

• F-Secure Client Security 9.32 (32-bit, 64-bit)

Notes on configuring security policy were converged into 2.9.4(2). Also, a note that applies when a security policy (for which Block Printing or Acquisition of Operations Logs is set) is assigned to a computer, and actions to be taken were added.

A note that applies when both JP1/IT Desktop Management and another program restrict startup of the same software program was corrected.

A note that applies when Restrict reading/writing is enabled for USB devices in a security policy was added.

A condition on which update programs are automatically acquired from Microsoft website and distributed was corrected.

Notes on configuring operation log collection were converged into 2.10.8(1). Also, a note on computers running a 64-bit edition of an OS and with VMWare Server installed was added.

Windows Internet Explorer 10 and Firefox 5 were added as Web browsers for which operation logs can be acquired.

The description of Original File Created Date/Time acquired in an operation log was corrected.

The note on the recreatelogdb command was corrected.

It is now stated that ReFS is also applicable to the notes on acquiring source information of incoming files when files are moved or copied to a drive that uses a file system other than NTFS.

The description of how devices and hardware assets are identified was corrected.

Information about unconfirmed software can now be displayed in the Software Inventory view of the Device module.

A description stating the following was added: Computers with the network monitor enabled cannot be configured in a cluster configuration.

The description of a server on which the ioutils exportoplog command can be executed was corrected.

A note for users operating a computer was added.

Windows Internet Explorer 10 was added as a software product required for a computer on which the agent will be installed.

The site server prerequisites were corrected.

The prerequisites for a computer on which the network monitor is enabled were corrected.

The prerequisites for linking with JP1/IM were added.

A description on the versions of the JP1 Smart Device Management service that can be linked were changed.

The maximum disk space requirements are now separately described for the management server in a single-server configuration system, for the management server and database server in a multi-server configuration system, and for a site server.

The list of services was changed as described below.

• The JP1/IT Desktop Management - Manager services and the site server services were described separately.

• Descriptions of the network monitor services and agent services were added.

• An entry showing whether the service starts automatically was added.

An entry showing whether the process is resident was added to the list of processes.

The port numbers used for JP1/IT Desktop Management - Manager were described separately for a single-server configuration and for a multi-server configuration.

Descriptions of the values set for the setup parameters and agent setting parameters when JP1/IT Desktop Management is upgraded from a version 10-00 or earlier were added.

In accordance with the addition of the following event numbers, the range of values that can be specified for events not subject to notification was changed to 0 to 1124.

1117, 1118, 1123, 1124

The host name of the MDM server automatically entered with linkage with the JP1 Smart Device Management service was changed to www.jp1sdm.hitachi.jp.

The default value of the start time of the acquisition schedule that can be specified in the MDM linkage settings was changed to (Blank).

Memory requirements for each system component of the product were changed.

Disk space requirements for each system component of the product were changed.

Prerequisite CPUs for each system component of the product were changed.

The list of limit values was updated.

The description of automatically obtaining information from an MDM system and the time at which information is collected were corrected.

A description of the Windows menu names used in this manual was added.

The offline management function can now be used to manage computers that are not connected to the management server via a network.

Information about JP1/IT Desktop Management can now be updated by acquiring the support service information.

During asset management, the license types, product IDs, and GUIDs of some purchased software products can now be managed.

A description stating the following was added: Suspicious file transfer operations and suspicious printing operations are displayed and investigated in different manners.

Differences in the Home module and Assets module when administration scopes are limited were corrected.

Software can now be added to the managed-software list by using the Software Inventory view of the Device module

The description of the case in which a site server is deployed within the network search range was improved.

A description stating the following was added: To discover networked devices in an environment with site servers deployed, the management server and the site server must be mutually accessible by their IP addresses.

A cautionary note about when a discovery range includes a loop-back address or broadcast address was added.

Windows 8 and Windows Server 2012 were added as applicable OSs for JP1/IT Desktop Management - Agent.

The explanation of the legend of the table indicating the system information that can be acquired from Active Directory was improved.

A description stating the following was added: SNMP: NG(No credential) might appear if not enough information was collected to identify a device.

The Host Name entry was added in the computer information that can be collected as system information.

A description stating that the Workstation service of the OS of a managed computer must be running to collect the following information was added:

• Automatic Windows Update in Windows Update Details

• Windows Service Details

• OS Security Details

The description of Registered Date/Time shown on the Installed Computers tab was corrected.

The conditions that must be met to control the power status of a computer were corrected.

The time when the computer is restarted can now be set in the Add Agent Configuration dialog box and the Edit Agent Configuration dialog box. Accordingly, the descriptions of the Shutdown Computer and Computer Restart settings dialog boxes that appear on a computer with the agent installed were changed.

Whether system information can be collected from an MDM system was added. The explanation of the legend was improved.

A description stating the following was added: When you use the remote control feature, if there is no mouse connected to a computer with the agent installed, the mouse pointer will always be shaped as an arrow regardless of context.

A description of how to specify the settings to control network connections so that newly discovered devices are automatically permitted to connect to the network was added.

The settings you need to enter in the network control list for devices used in particular ways were added.

A description stating that the computers for which network monitor is enabled are not judged for Windows firewall was added.

The following products were added as supported anti-virus products:

• Norton AntiVirus 2012 (32-bit, 64-bit)

• Norton AntiVirus (32-bit, 64-bit)

• ウイルスバスター 2012 クラウド (32-bit, 64-bit)

• ウイルスバスター クラウド (32-bit, 64-bit)

• ウイルスバスター コーポレートエディション 10.6 (32-bit, 64-bit)

• ウイルスバスター ビジネスセキュリティ 7.0 (32-bit, 64-bit)

• Kaspersky Endpoint Security 8 for Windows 8.1 (32-bit, 64-bit)

• Kaspersky Endpoint Security 8 for Windows (32-bit, 64-bit)

• ESET NOD32 Antivirus 5.0 (32-bit, 64-bit)

• ESET NOD32 Antivirus 5.2 (32-bit, 64-bit)

• Sophos Endpoint Protection - Enterprise 10 (32-bit, 64-bit)

• Sophos Endpoint Protection - Advanced 10 (32-bit, 64-bit)

• Sophos Endpoint Protection - Basic 10 (32-bit, 64-bit)

• F-Secure Client Security 9.11 (32-bit, 64-bit)

• F-Secure Client Security 9.20 (32-bit, 64-bit)

• F-Secure Client Security 9.31 (32-bit, 64-bit)

• F-Secure Client Security 9.32 (32-bit, 64-bit)

The following products were removed from the supported anti-virus products:

• ウイルスバスター 2010 (32-bit, 64-bit)

• F-Secure Client Security 8.01 (32-bit, 64-bit)

A note that applies when a security policy (for which Block Printing or Acquisition of Operations Logs is set) is assigned to a computer, and actions to be taken were added.

A note that applies when both JP1/IT Desktop Management and another program restrict startup of the same software program was added.

A note that applies when Restrict reading/writing is enabled for USB devices in a security policy was added.

A note on operation log collection configuration on computers running a 64-bit edition of an OS and with VMWare Server installed was added.

Windows Internet Explorer 10 and Firefox 5 were added as Web browsers for which operation logs can be acquired.

The description of Original File Created Date/Time acquired in an operation log was corrected.

The note on the recreatelogdb command was corrected.

It is now stated that ReFS is also applicable to the notes on acquiring source information of incoming files when files are moved or copied to a drive that uses a file system other than NTFS.

The description of how devices and hardware assets are identified was corrected.

Information about unconfirmed software can now be displayed in the Software Inventory view of the Device module.

A description stating the following was added: Computers with the network monitor enabled cannot be configured in a cluster configuration.

The description of a server on which the ioutils exportoplog command can be executed was corrected.

A note for users operating a computer was added.

Windows Internet Explorer 10 was added as a software product required for a computer on which the agent will be installed.

The site server prerequisites were corrected.

The prerequisites for a computer on which the network monitor is enabled were corrected.

The prerequisites for linking with JP1/IM were added.

The maximum disk space requirements are now separately described for the management server in a single-server configuration system, for the management server and database server in a multi-server configuration system, and for a site server.

The list of services was changed as described below.

• The JP1/IT Desktop Management - Manager services and the site server services were described separately.

• Descriptions of the network monitor services and agent services were added.

• An entry showing whether the service starts automatically was added.

  An entry showing whether the process is resident was added to the list of processes.

The port numbers used for JP1/IT Desktop Management - Manager were described separately for a single-server configuration and for a multi-server configuration.

Descriptions of the values set for the setup parameters and agent setting parameters when JP1/IT Desktop Management is upgraded from a version 09-50 or earlier were added.

In accordance with the addition of the following event numbers, the range of values that can be specified for events not subject to notification was changed to 0 to 1123.

1117, 1118, 1123

The default value of the start time of the acquisition schedule that can be specified in the MDM linkage settings was changed to (Blank).

Memory requirements for each system component of the product were changed.

Disk space requirements for each system component of the product were changed.

Prerequisite CPUs for each system component of the product were changed.

The list of limit values was updated.

The description of automatically obtaining information from an MDM system and the time at which information is collected were corrected.

A description of the Windows menu names used in this manual was added.

A maximum of 50,000 devices can now be managed by using a multi-server configuration system.

The information that will be displayed and operations that can be performed can now be limited according to the task allocation set for the user account.

Suppression of only writes is now possible for floppy drives and removable disks.

JP1 event can now be reported by linkage with JP1/IM.

A description was added stating that the root OU settings in the information about connections to Active Directory domains are not case sensitive.

A description of the LDAP attribute name used for obtaining information such as Department, Country, and State from Active Directory was added.

A description stating the following was added: If security countermeasures are automatically enforced, you cannot change the settings of the managed computers back to the state before the countermeasures were taken even if you use the JP1/IT Desktop Management functions.

The following notes on network monitoring were added:

• Notes on the Routing and Remote Access service

• A wired LAN connection is recommended for computers for which the network monitor is enabled.

• A mission-critical server, such as a file server, should not be configured as the network monitoring computer with network monitor enabled.

• A note on using a DHCP server to monitor the network in which IP addresses are dynamically allocated

A description about when a network control list is updated was added.

A description stating the following was added: Maintenance of a network control list is performed automatically when device information is updated or deleted.

A description stating the following was added: The devices disconnected from the network by the network monitor can only communicate with computers with the network monitor enabled in the network segment or computers registered for Exclusive Communication Destination for Access-Denied Devices.

Descriptions of monitoring targets for the network monitor feature, including the networks, OSs on monitored computers, and protocols, were added.

A description stating the following was added: If a device discovered by the monitor feature is deleted, the device will not be discovered again unless it is disconnected and then reconnected to the network.

A description stating the following was added: A list populated with a MAC address and associated with a device can no longer be deleted from the network control list.

A description stating the following was added: Site servers are automatically registered for Exclusive Communication Destination for Access-Denied Devices.

A description stating the following was added: If a network monitor agent is installed, the service is automatically enabled and the firewall settings are automatically disabled.

A description stating the following was added: Serial numbers that can be used as mapping keys during imports are serial numbers specified in BIOS information.

A description stating the following was added: Installation and uninstallation of software by using the distribution function are performed with local system account permissions.

A description stating the following was added: If a connection between a computer and a management server fails, operation logs are temporarily saved in the computer.

A description stating the following was added: When you delete devices from the network control list, information for the devices with Permit specified for network connection is also deleted from the network control list. However, information for the devices with Not Permit specified remains in the list.

A description stating the following was added: Servers on which Citrix XenApp or Windows terminal service is installed cannot be managed even if you install an agent.

The description of the devices for which Windows administrative shares or SNMP authentication cannot be used was changed.

A description stating the following was added: The Workstation service of the OS must be running on a computer on which an agent will be installed.

A note was added on performance degradation in printer servers and network in an environment in which a network shared printer has been registered on a computer on which an agent will be installed.

The following descriptions about agentless management were added:

• Notes on using agentless management

• When device information is collected

• When executable programs for acquiring device information are sent

• Settings necessary for managing agentless computers

The settings required to acquire device information from agentless devices when Windows Administrative Share is enabled in Windows 7, Windows Vista, and Windows Server 2008 were changed.

A description stating the following was added: If you delete a hardware asset for which Asset Status is Unconfirmed, the device is deleted from the Device Inventory view of the Device module.

A description stating the following was added: A virtual environment configured by combining VMware vSphere and VMware View is not supported.

A description of how to set the user permissions required for remote control using Windows authentication was added.

A description stating the following was added: Devices manually registered in the network control list can also be deleted from the network control list.

A description stating the following was added: Devices that must always be connected to the network must be registered in the network control list as the devices permitted for network connection.

The following were added as timings when network connection is automatically updated: when the device information was updated or deleted; when the network connection device information was changed.

The descriptions of information and the judgement conditions used for judgement of unauthorized software and unauthorized Windows service were corrected.

Descriptions of user accounts not subject to security judgement were added.

The description of Other Access Restrictions in the items that can be set for security policies was corrected.

Supplementary notes on external media for which operation can be suppressed for each OS were added.

Prerequisites for acquiring the following types of operation logs were changed:

• Start and termination of programs

• File and folder operations

• Web accesses

A description stating the following was added: Operation logs for file deletion might not be acquired depending on the method of deleting the file.

Descriptions of the operation log information that is acquired when the user performs an undo operation (using the keyboard or Undo menu item) were added.

A description of the Content-type of MIME header of email that is not handled as an attached file was added to the notes on operation logs acquired by sending and receiving emails.

A description of the case in which files are moved or copied to a drive formatted by using other than NTFS, such as a FAT Drive, was added to the notes on acquiring source information of incoming files.

The CSV file coding format for importing the following hardware asset information was changed:

• Memory

• Storage capacity

• Free storage capacity

• Display size

The recommended disk space was corrected. The recommended disk space values when only operation logs related to suspicious operations are collected on the site server were added.

A description stating the following was added: To distribute packages to many devices, distribute them in several batches or use site servers.

The ioutils exportdevice command can now be used to export device information.

The ioutils exportdevicedetail command can now be used to export detailed device information.

The balloon tip message that appears when you apply a security policy that requires restarting of the computer was changed.

Network connection environments for each system component were added to the network prerequisites.

The condition required to use an RFB connection for starting a remote control session was changed. In addition, a caution stating that operation is not always guaranteed for remote control using the RFB connection was added.

Descriptions of the system environment for using a site server configuration and the number of devices that can be managed by a single site server were added.

mgr\definition was added as a folder that is created under the installation folder.

The explanations of automatic execution of the following functions and when they are executed were corrected:

• Collecting user information

• Regularly checking and updating support information

• Updating Scan Engine Version and Virus Definition File Version settings for anti-virus products

The descriptions in the list of processes were corrected.

Smart devices can now be managed by linkage with an MDM service.

The total number of installed devices (number of used licenses) is now displayed in managed software information.

The information that will be displayed and operations that can be performed can now be limited according to the administration scope set for the user account.

A description stating the following was added: Agentless devices cannot be managed in a NAT environment.

A description stating the following was added: You cannot use the network monitor feature to detect devices in network segments that are not directly accessible from the management server.

A description stating the following was added: You can monitor multiple network segments from one computer on which the network monitor is enabled and the agent is installed if the computer has access to several networks through a number of network cards.

Windows Server 2008 R2 Datacenter was added in the prerequisites for a management server, computers on which an agent will be installed, and site servers.

A description of the confirmation method when software is added to a managed computer was added.

A description of how departments and locations are defined was added. The name of a department and location can now be changed from the menu area.

A description stating the following was added: By configuring event notification by email, you can have the administrator notified by email when a network connection is blocked or permitted.

A description stating the following was added: If access to removable disks is suppressed, the use of USB-connected removable disks is not permitted even if they are registered as hardware assets.

A description stating the following was added: You can use automatic update distribution based on security policies and the Windows automatic update function (Windows Update and Microsoft Update).

If multiple instances of a managed software product are installed on one computer, they are now counted as one license used.

A description stating the following was added: If hyphens (-) are displayed in the information area, they are replaced by null strings when exported.

A description of the types of software that can be uninstalled by using the distribution function was added.

A command can now be used to delete operation logs on a site server.

Windows 7 was added in perquisites for computers for which the network monitor is enabled.

The description of network prerequisites was improved.

A description stating the following was added: The site servers specified to store operation logs must be placed in the same network segment as the management server in a NAT environment.

The guidelines for the required disk space for backing up operation logs for one year were changed.

The guidelines for the recommended disk space for all data (including operation logs) managed by JP/IT Desktop Management were changed.

Port number 31000 was added to the list of port numbers for site servers.

Descriptions of the rules for setting a user account password were added.

A description stating the following was added: If a domain user is authenticated by a Windows administrative share, the user ID must be in user-ID@FQDN (FQDN: fully qualified domain name) or in domain-name\user-ID format.

A description stating the following was added: For custom installation, at least 20 GB of disk space is required on the database storage folder drive to acquire operation logs.

A maximum of 50,000 devices can now be managed by using a multi-server configuration system.

The information that will be displayed and operations that can be performed can now be limited according to the task allocation set for the user account.

Suppression of only writes is now possible for floppy drives and removable disks.

Smart devices can now be managed by linkage with an MDM service.

JP1 events can now be reported by linkage with JP1/IM.

The following products were added to the supported anti-virus products:

• Norton AntiVirus 2012 (32-bit, 64-bit)

• ウイルスバスター 2012 クラウド (32-bit, 64-bit)

• ウイルスバスター コーポレートエディション 10.6 (32-bit, 64-bit)

• ESET NOD32 Antivirus 5.0 (32-bit, 64-bit)

• Sophos Endpoint Protection - Enterprise 10 (32-bit, 64-bit)

• Sophos Endpoint Protection - Advanced 10 (32-bit, 64-bit)

• Sophos Endpoint Protection - Basic 10 (32-bit, 64-bit)

• Kaspersky Endpoint Security 8 for Windows (32-bit, 64-bit)

• F-Secure Client Security 9.11 (32-bit, 64-bit)

• F-Secure Client Security 9.20 (32-bit, 64-bit)

• F-Secure Client Security 9.31 (32-bit, 64-bit)

In addition, the following products were removed from the supported anti-virus products:

• ウイルスバスター 2010 (32-bit, 64-bit)

• F-Secure Client Security 8.01 (32-bit, 64-bit)

A description was added stating that the root OU settings in the information about connections to Active Directory domains are not case sensitive.

A description of the LDAP attribute name used for obtaining information such as Department, Country, and State from Active Directory was added.

A description stating the following was added: If security countermeasures are automatically enforced, you cannot change the settings of the managed computers back to the state before the countermeasures were taken even if you use the JP1/IT Desktop Management functions.

The following notes on network monitoring were added:

• Notes on the Routing and Remote Access service

• A wired LAN connection is recommended for computers for which the network monitor is enabled.

• A mission-critical server, such as a file server, should not be configured as the network monitoring computer with network monitor enabled.

• A note on using a DHCP server to monitor the network in which IP addresses are dynamically allocated

A description about when a network control list is updated was added.

A description stating the following was added: Update of a network control list is performed automatically when device information is updated or deleted.

A description stating the following was added: The devices disconnected from the network by the network monitor can only communicate with computers with the network monitor enabled in the network segment or computers registered for Exclusive Communication Destination for Access-Denied Devices.

Descriptions of monitoring targets for the network monitor feature, including the networks, OSs on monitored computers, and protocols, were added.

A description stating the following was added: If a device discovered by the monitor feature is deleted, the device will not be discovered again unless it is disconnected and then reconnected to the network.

A description stating the following was added: A list populated with a MAC address and associated with a device can no longer be deleted from the network control list.

A description stating the following was added: Site servers are automatically registered for Exclusive Communication Destination for Access-Denied Devices.

A description stating the following was added: If a network monitor agent is installed, the service is automatically enabled and the firewall settings are automatically disabled.

A description stating the following was added: Serial numbers that can be used as mapping keys during imports are serial numbers specified in BIOS information.

A description stating the following was added: Installation and uninstallation of software by using the distribution function are performed with local system account permissions.

A description stating the following was added: If a connection between a computer and a management server fails, operation logs are temporarily saved in the computer.

A description stating the following was added: When you delete devices from the network control list, information for the devices with Permit specified for network connection is also deleted from the network control list. However, information for the devices with Not Permit specified remains in the list.

A description stating the following was added: Servers on which Citrix XenApp or Windows terminal service is installed cannot be managed even if you install an agent.

The description of the devices for which Windows administrative shares or SNMP authentication cannot be used was changed.

A description stating the following was added: The Workstation service of the OS must be running on a computer on which an agent will be installed.

A note was added on performance degradation in printer servers and network in an environment in which a network shared printer has been registered on a computer on which an agent will be installed.

The following descriptions about agentless management were added:

• Notes on using agentless management

• When device information is collected

• When executable programs for acquiring device information are sent

• Settings necessary for managing agentless computers

The settings required to acquire device information from agentless devices when Windows Administrative Share is enabled in Windows 7, Windows Vista, and Windows Server 2008 were changed.

A description stating the following was added: If you delete a hardware asset for which Asset Status is Unconfirmed, the device is deleted from the Device Inventory view of the Device module.

A description stating the following was added: A virtual environment configured by combining VMware vSphere and VMware View is not supported.

A description of how to set the user permissions required for remote control using Windows authentication was added.

A description stating the following was added: Devices manually registered in the network control list can also be deleted from the network control list.

A description stating the following was added: Devices that must always be connected to the network must be registered in the network control list as the devices permitted for network connection.

The following were added as timings when network connection is automatically updated: when the device information was updated or deleted; when the network connection device information was changed.

The descriptions of information and the judgement conditions used for judgement of unauthorized software and unauthorized Windows service were corrected.

Descriptions of user accounts not subject to security judgement were added.

The description of Other Access Restrictions in the items that can be set for security policies was corrected.

Supplementary notes on external media for which operation can be suppressed for each OS were added.

Prerequisites for acquiring the following types of operation logs were changed:

• Start and termination of programs

• File and folder operations

• Web accesses

A description stating the following was added: Operation logs for file deletion might not be acquired depending on the method of deleting the file.

Descriptions of the operation log information that is acquired when the user performs an undo operation (using the keyboard or Undo menu item) were added.

A description of the Content-type of MIME header of email that is not handled as an attached file was added to the notes on operation logs acquired by sending and receiving emails.

A description of the case in which files are moved or copied to a drive formatted by using other than NTFS, such as a FAT Drive, was added to the notes on acquiring source information of incoming files.

The CSV file coding format for importing the following hardware asset information was changed:

• Memory

• Storage capacity

• Free storage capacity

• Display size

The recommended disk space was corrected. The recommended disk space values when only operation logs related to suspicious operations are collected on the site server were added.

A description stating the following was added: To distribute packages to many devices, distribute them in several batches or use site servers.

The ioutils exportdevice command can now be used to export device information.

The ioutils exportdevicedetail command can now be used to export detailed device information.

The balloon tip message that appears when you apply a security policy that requires restarting of the computer was changed.

Network connection environments for each system component were added to the network prerequisites.

The condition required to use an RFB connection for starting a remote control session was changed. In addition, a caution stating that operation is not always guaranteed for remote control using the RFB connection was added.

Descriptions of the system environment for using a site server configuration and the number of devices that can be managed by a single site server were added.

mgr\definition was added as a folder that is created under the installation folder.

The explanations of automatic execution of the following functions and when they are executed were corrected:

• Collecting user information

• Regularly checking and updating support information

• Updating Scan Engine Version and Virus Definition File Version settings for anti-virus products

CF was added to the list of acronyms used in this manual.

The descriptions in the list of processes were corrected.

Smart devices can now be managed by linkage with an MDM service.

The total number of installed devices (number of used licenses) is now displayed in managed software information.

The information that will be displayed and operations that can be performed can now be limited according to the administration scope set for the user account.

A description stating the following was added: Agentless devices cannot be managed in a NAT environment.

A description stating the following was added: You cannot use the network monitor feature to detect devices in network segments that are not directly accessible from the management server.

A description stating the following was added: You can monitor multiple network segments from one computer on which the network monitor is enabled and the agent is installed if the computer has access to several networks through a number of network cards.

Windows Server 2008 R2 Datacenter was added in the prerequisites for a management server, computers on which an agent will be installed, and site servers.

A description of the confirmation method when software is added to a managed computer was added.

A description of how departments and locations are defined was added. The name of a department and location can now be changed from the menu area.

A description stating the following was added: By configuring event notification by email, you can have the administrator notified by email when a network connection is blocked or permitted.

A description stating the following was added: If access to removable disks is suppressed, the use of USB-connected removable disks is not permitted even if they are registered as hardware assets.

A description stating the following was added: You can use automatic update distribution based on security policies and the Windows automatic update function (Windows Update and Microsoft Update).

If multiple instances of a managed software product are installed on one computer, they are now counted as one license used.

A description stating the following was added: If hyphens (-) are displayed in the information area, they are replaced by null strings when exported.

A description of the types of software that can be uninstalled by using the distribution function was added.

A command can now be used to delete operation logs on a site server.

Windows 7 was added in perquisites for computers for which the network monitor is enabled.

The description of network prerequisites was improved.

A description stating the following was added: The site servers specified to store operation logs must be placed in the same network segment as the management server in a NAT environment.

The guidelines for the required disk space for backing up operation logs for one year were changed.

The guidelines for the recommended disk space for all data (including operation logs) managed by JP/IT Desktop Management were changed.

Port number 31000 was added to the list of port numbers for site servers.

Descriptions of the rules for setting a user account password were added.

A description stating the following was added: If a domain user is authenticated by a Windows administrative share, the user ID must be in user-ID@FQDN (FQDN: fully qualified domain name) or in domain-name\user-ID format.

Changes were made to required amounts of memory for a management server, a computer on which the operation window is displayed, and a computer on which network monitor is enabled.

A description stating the following was added: For custom installation, at least 20 GB of disk space is required on the database storage folder drive to acquire operation logs.