9.3.10 Notes on using a security poricy
-
If you define two or more judgment conditions with the same user defined item names when specifying a user defined security settings for a security policy, the number of computers whose security settings are inappropriate (which is displayed in the Security - Security Policy list window - User Defined Security Settings tab) might not match the actual number of computers whose security settings are inappropriate. We recommend that you specify judgment conditions with a unique user defined item name in a user-defined security settings.
-
If you specify two or more judgment conditions with the same software name and version to configure Target Software in the Mandatory Software settings of a security policy, the number of # of Not Compliant Computers (which is displayed in Security Policies - Security Policy List - the Software Use tab) might not match the actual number of computers that are not compliant with the security policy. We recommend that you do not specify judgment conditions with the same software name and version in the Mandatory Software settings.
-
If you specify two or more judgment conditions with the same software name and version to configure Target Software in the Unauthorized Software settings of a security policy, the number of # of Not Compliant Computers (which is displayed in Security Policies - Security Policy List - the Software Use tab) might not match the actual number of computers that are not compliant with the security policy. We recommend that you do not specify judgment conditions with the same software name and version in the Unauthorized Software settings.
-
The compliance rate and the number of assigned computers displayed in the Security Policy List are calculated from the number of devices for which security judgment was executed. Therefore, the compliance rate shows the ratio of devices which do not violate a security policy among devices for which a security judgment was executed with the security policy. In addition, the number of assigned computers shows the number of devices for which a security judgment was executed with the security policy. Even if the security policy is assigned to devices, the devices in which a security judgment was not executed are not targeted for calculation of the compliance rate and the number of assigned computers. Also, devices are not targeted for calculation in the following cases because a security judgment is not executed:
-
A security policy in which only Other Access Restrictions and/or Operation Logs are enabled is assigned to devices.
-
All judgment items become "Out of target".
-
-
When you specify software which is not shown in Windows Add or Remove Programs or Unauthorized Software in a security policy, the uninstallation task for the software can be created, however the task cannot be executed. If you wish to uninstall software which is not shown in Windows Add or Remove Programs, create an uninstallation task in the Distribution (ITDM-compatible) view and execute the task.