The security information of CT that can be collected as inventory information can be confirmed.
The procedure is as follows.
Log in to the Main Menu, and click [PC Information].
→ The [PC Information] window will be displayed.
Click the [Security Information]
→The following window will be displayed.
Select the section to be displayed.
→The following window will be displayed.
Confirm the following security information.
System Security Info
User Security Info
Desktop Keeper Info
→The selected window will be displayed. For display window, please refer to the following description.
In addition, Desktop Keeper information will be displayed when the relevant product has been installed on CT.
The following window will be displayed. The number of PCs corresponding to the system security information can be confirmed.
The following items can be confirmed.
Category | Information | Description |
|---|---|---|
[Hardware] | [BIOS Startup Password] | Settings of startup password (password used by user) |
[BIOS Setup Password] | Settings of the setting password (password used by administrator) | |
[BIOS Hard Disk Password] | Settings of hard disk password | |
[OS] | [Automatic Logon] | Settings of automatic logon |
[Welcome Screen] | Settings of displaying the welcome window | |
[Last User Name] | Settings of displaying the user name that logged on at last | |
[Security of Guest Account] | Existence of password settings of Guest account and the inappropriate password | |
[Settings of Automatic Update] | Enable or disable the automatic update of WindowsUpdate | |
[User Account Control (UAC)] | Enable or disable the authority upgrade (UAC) of Windows Vista®, Windows® 7 and Windows Server® 2008 | |
[Insecure Shared Folder r] | Existence of shared folder that can be accessed by everyone authority | |
[Require a Password on Wakeup] | Set the password when restoring from standby | |
[Set Complicated Password Required] | Existence of complex password setting | |
[Application] | [Firewall] | Settings of firewall |
[Real-time Scan Status of Anti-virus Software] | Settings of real-time search of anti-virus software | |
[Scheduled scan status of Anti-virus software] | Status of scheduled scan of anti-virus software | |
[Scan Sope of Anti-virus Software] | Target scanning range of anti-virus software |
The meaning of content of items is as follows.
The version level of Systemwalker Desktop Patrol CT indicates the number of PCs of the version prior to V13.0.0 or the number of PCs that does not support collection of information on BIOS.
In addition, for settings items added in each version level, the Systemwalker Desktop Patrol CT lower than each version level will be displayed as “Unable to Collect”.
Indicates the number of PCs in which the security items are not set.
Indicates the number of PCs in which the security items have been set.
The following describes the point of auditing of system security information.
Hardware
When various passwords of BIOS are not set, it will be audited as in low security.
Based on the PC manufacturer/model, part of PC does not enable password settings or the set value of password cannot be adopted.
Display of “Automatic Logon” and “Last User Name” of OS
When displaying the logon name in the logon window, it will be audited as in low security.
When setting to automatic logon, it will be audited as in lower security.
In Windows® XP, in case of classic logon without using the “Welcome” window, audit this kind of content.
“Welcome” of OS
Audit Windows® XP only. The other OS will be included in “Unable to Collect”.
In Windows® XP, the use of “Welcome” will be audited with the same result as “Last User Name”, which is in low security.
In Windows Vista®, Windows® 7 and Windows Server® 2008, please make sure to set as “Use”.
“Security of Guest Account” of OS
When the Guest account is enabled, password is not set or an inappropriate password has been set (the password that is same as the user name), it will be audited as in low security.
In addition, it is allowed to not audit password, but to audit whether the Guest account is enabled.
To modify the auditing method, please use the CustomPolicy.exe (Modify Policy for Customized Settings) command. For information on how to use the CusttomPolicy.exe command, please refer to “Systemwalker Desktop Patrol Reference Manual”.
“Setting of Automatic Update” and “User Account Control (UAC)” of OS
When it is not set, it will be audited as in low security.
In the OS without UAC function, it will certainly be set as “Unable to Collect”.
“Unsafe Shared Folder” of OS
When the folder that can be accessed by the everyone authority, it will be audited as in low security.
“Setting that Requires Complicated Password” of OS
If no complex password is set in the logon account of Windows, it will be audited as in low security.
“Firewall” and “Real-time Search of Anti-virus Software” of application
When it is not set, it will be audited as in low security.
The [User Security Info] window will be displayed. The number of users registered to the PC corresponding to the user security information can be confirmed.
The following items can be confirmed.
Category | Information | Description |
|---|---|---|
[OS] | [Screen Saver] | Start screensaver or not |
[Screen Saver Password] | Whether password is required when restoring from screensaver | |
[Password of Logon User] | Whether the password of logon user has been set, and inappropriate password | |
[Internet Explorer] | [Internet Zone] | Settings of IE security zone |
[Application] | [Google Desktop “Search Across Computers”] | Enable/Disable the “Data Search on Multiple Computers” function |
The meaning of the content of items is as follows.
Indicates there is no number of logon users of the PC corresponding to the content.
Indicates the number of logon user of PC in which the security items are not set.
Indicates the number of logon user of PC in which the security items have been set.
The following describes the point of auditing of user security information.
“Screensaver” and “Screensaver Password” of OS
When not to start screensaver or no password for restoring from screensaver, it will be audited as in low security.
“Password of Logon User” of OS
When password is not set or an inappropriate password has been set (the password that is same as the user name), it will be audited as in low security.
“Internet Zone” of Internet Explorer
When the level of Internet zone is low, it will be audited as in low security.
“Google Desktop “Data Search on Multiple Computers“ function” of application
When the “Data Search on Multiple Computers“ function of Google Desktop is enabled, the index information of PC will be forwarded to the Google Desktop Server, so please audit according to the security policy.
Note
For the CT running on Windows XP, when auditing the setting of screensaver password, if the following conditions are satisfied, the setting of password should be disabled once in the [Properties of Window] window of Windows and enabled again.
When there are more than 2 users
Simple switch of user is enabled
The password check setting has never been changed
The [Desktop Keeper Info] window will be displayed. When Systemwalker Desktop Keeper is installed on client, the number of PC that corresponds to the security setting information of Systemwalker Desktop Keeper can be confirmed.
The meaning of the content of items is as follows.
Indicates the number of PCs without Systemwalker Desktop Keeper installed or the version level is the version prior to V13.0.0.
Indicates the number of PCs in which the security items of Systemwalker Desktop Keeper are not set.
Indicates the number of PCs in which the security items of Systemwalker Desktop Keeper have been set.
For each item, please refer to the manual of “Systemwalker Desktop Keeper”.
In addition, for the setting items added in each version of Systemwalker Desktop Keeper, since it is unable to collect from the Systemwalker Desktop Keeper of a version older than each version level, “Unable to Collect” will be displayed.
