1.6.5 Controlling network access of devices by using a command
By using a network control command provided by JP1/IT Desktop Management 2, you can block or enable network access of devices. The network control command can be executed from any environment other than that of the management server.
To control network access of devices by using a network control command:
- 1. Set up an environment to execute the network control command.
-
Set up an environment to execute the network control command.
- 2. Execute the network control command.
-
Execute the network control command to block or enable network access of the devices.
- Organization of this subsection
(1) Setting up an environment to execute the network control command
To set up an environment to execute the network control command:
- 1. Create a dedicated user for executing the network control command (recommended).
-
The network control command requires the execution user to be authenticated. The command must be executed while a user ID and password managed in JP1/IT Desktop Management 2 are specified in the command.
The user account to execute the network control command must be configured as described below. We recommend that you create a dedicated user for executing the network control command in an operational environment.
-
Permission: System Administrator
-
Task allocation: Security management and System settings management
-
Administration scope : All
-
- 2. Deploy the network control command.#
-
To execute the network control command in an environment other than that of the management server, copy the following files to any folder in that environment:
- Executable of the network control command
-
JP1/IT Desktop Management 2 -Manager-installation-folder\mgr\remote\jdnrnetctrl.exe
- Network control command configuration file (template)
-
JP1/IT Desktop Management 2 -Manager-installation-folder\mgr\remote\jdnrnetctrl.ini
The jdnrnetctrl.ini file (network control command configuration file) can be copied with any name you want.
In a multi-server configuration, you can create different network control command configuration files for different management servers you want to interact with.
- 3. Edit the network control command configuration file.
-
Edit the following values for your environment:
-
The host name or IP address of a management server
-
The connection port number on the management server
-
The ID of the JP1/IT Desktop Management 2 user who can execute the command
-
The password of the JP1/IT Desktop Management 2 user ID
-
#: To execute the network control command on a management server, use the executable and configuration file listed below. The network control command configuration file must be edited for your environment. Note that you must specify localhost for the host name.
- Executable of the network control command
-
JP1/IT Desktop Management 2 -Manager-installation-folder\mgr\bin\jdnrnetctrl.exe
- Network control command configuration file (template)
-
JP1/IT Desktop Management 2 -Manager-installation-folder\mgr\conf\jdnrnetctrl.ini
(2) Controlling network access of devices
- 1. Execute the network control command.
-
Execute the network control command (jdnrnetctrl command). When you execute the command, set an option to specify whether to block or enable network access. Specify either or both of the host name and IP address of the device whose network access you want to control. When both of the host name and IP address are specified, the system uses the AND condition to find a device that matches both of the host name and IP address. The command can control the network access of any devices that are managed in JP1/IT Desktop Management 2 (managed devices, discovered devices, and ignored devices).
Network access is blocked or enabled for the devices specified with the command.
For a multi-server configuration
In a multi-server configuration, the network control command must be issued to a management server that manages a device whose network access you want to control. A management server can control the network access of devices that are located directly under the management server. When you cannot identify which management server manages your target device, you can issue the same command to multiple management servers. To do so, ensure that the device information (host name and IP address) specified with the command does not conflict between management servers.
In a configuration where the primary management server works with JP1/NETM/NM - Manager to manage all network accesses, the network access of a device is controlled after the primary management server receives a notification from the management relay server. A notification to a higher server is sent at the specified interval (set to five minutes by default).