1.9.9 General procedure for investigating unauthorized changes to device information
In an organization, users might sometimes insert a flash drive into (or remove a flash drive from) a computer, or install (or remove) software without permission. These user activities might change the computer configuration. To determine whether a problem exists in the changes to device information like these, perform the procedures below to check the revision history of the device information acquired by using JP1/IT Desktop Management 2, and then investigate the unauthorized changes made to the device information.
- 1. In the operation view of JP1/IT Desktop Management 2, check the revision history of the device information.
-
In the Revision History view of the Inventory module, periodically check the changes to the device information.
- 2. Determine whether any unauthorized change exists in the device revision history.
-
For example, check the following to determine whether unauthorized changes exist:
-
If a hardware component has been changed: Check the ledger in which the change was recorded.
-
If software has been installed or removed: Display the tasks in the Distribution (ITDM-compatible) module of JP1/IT Desktop Management 2, and then check whether the software has actually been installed or removed.
-
- 3. If you find an unauthorized change, ask the person in charge of device management to investigate further.
-
If you find an unauthorized change, contact the person is in charge of device management and that person's manager. Ask the person in charge of device management to identify the device and to investigate the actual device.
- 4. Take action based on the results of the investigation by the person in charge of device management.
-
If the results of the investigation by the person in charge of device management indicate that a problem exists, take action to solve the problem.