2.4.1 Perform Terminal Initial Settings

Set the conditions of prohibiting client (CT) operation and collected logs in the terminal initial settings.

In a 3-level system structure, please perform terminal initial settings in each the Management Server (even if the terminal initial settings is performed in the Master Management Server, it cannot be reflected to a Management Server).

The procedure is as follows:

Start [Management Console]

Select [Terminal Initial Settings] from the [Operation Settings]menu.

→The [Terminal Initial Settings] window is displayed.

Item Name	Description
[Apply Group Policy]	When registering a new CT or creating a user, set whether to apply the policy of the group to which it belongs as its CT policy or user policy . When it is selected: The group policy of the group to which it belongs will be applied . . When it is not selected: (Initial Value) The group policy of the group to which it belongs will not be applied. For the CT or user under the Root directory, the settings are invalid.

Item Name

Description

[Apply Group Policy]

When registering a new CT or creating a user, set whether to apply the policy of the group to which it belongs as its CT policy or user policy .

When it is selected:
The group policy of the group to which it belongs will be applied . .

When it is not selected: (Initial Value)
The group policy of the group to which it belongs will not be applied.

For the CT or user under the Root directory, the settings are invalid.

After setting policy for each tab, click the [Set] button.

When modifying the set terminal initial settings value (when setting the policy item added because of version upgrade/edition upgrade, or modifying the terminal initial settings value in the operation process), the policy should be updated for the CT after clicking the [Set] button.
Please refer to “Modify CT Policy” or “3.4.2 Modify User Policy” for the policy reflection operation.

The following Department describes the settings in each tab.

Whether to collect various logs can be set in the [Log Switches] tab. When it is set to “Yes”, the operation logs in the client (CT) will be collected.

The settings in [Log Switches] tab are described.

Item Name		Description
[Application Startup Log]		Application startup logs will be collected. Initial Value: [No] is selected.
[Application Termination Log]		Application termination logs will be collected. Initial Value: [No] is selected.
[Window Title Obtaining Log]		Window title logs at startup of window application will be collected. Initial Value: [No] is selected.
[E-mail Sending Log]		E-mail sending logs will be collected. Initial Value: [No] is selected.
	[E-mail content can be viewed]	This can be set when [E-mail Sending Log] is “Yes”. When it is selected: When the E-mail sending log or E-mail sending interruption log is collected, the sent E-mail content and attachment will be saved. The authorized administrator can view the content of the sent E-mail and attachment. When it is not selected: (Initial Value) The content of the sent E-mail content and attachment will not be saved, so the contents of sent E-mail and attachment cannot be viewed.
[Command Log] (This function is not available)		The logs of command and command result input in the command prompt will be collected. Initial Value: [No] is selected.
[Device Configuration Change Log]		Device configuration change logs will be collected. Initial Value: [No] is selected.
[Printing Operation Log]		Printing logs will be collected. Initial Value: [No] is selected. When “Yes” is selected, input can be performed in the following tab: [Eco Monitoring Settings] Tab
[File Export Log]		Logs during file export with File Export Utility will be collected. Initial Value: [No] is selected.
	[Backup Original File]	This can be set when the [File Export Utility] option is “Yes”. When it is selected: The original file of the file exported by File Export Utility will be backed up. When it is not selected: (Initial Value) The original file of the file exported by File Export Utility will not be backed up.
[PrintScreen Key Operation Log]		PrintScreen key operation logs will be collected. This can be set when the [Disabling PrintScreen Key] of [Printing Prohibition] tab is “No”. Initial Value: [No] is selected.
	[Screen Capture]	This can be set when [PrintScreen Key Operation Log] is “Yes”. When it is selected: The screen capture at the time point when PrintScreen key operation logs are collected will be recorded. When it is not selected: (Initial Value) The screen capture at the time point when PrintScreen key operation logs are collected will not be recorded.
[Web Operation Log]		The following log will be collected: Web download log Initial Value: [No] is selected.
[FTP Operation Log]		The following logs will be collected: FTP upload log FTP download log Initial Value: [No] is selected.
[Clipboard Operation Log(Virtual Environment)]]		Clipboard operation logs will be collected. Initial Value: [No] is selected.
	[Backup Original File	This can be set when the [Clipboard Operation Log (Virtual Environment)] is set to "Yes". When it is selected: The information (text, image, file path) copied via clipboard can be backed up as original file. When it is not selected: (Initial Value) The information (text, image, file path) copied via clipboard will not be backed up as original file.
[File Operation Log]		File operation logs will be collected. Initial Value: [No] is selected. When “Yes” is selected, input can be performed in the following tabs: [File Operation Process] tab [File Operation Extension] tab
[Logon,Logoff Log]		The following logs will be collected: Logon log Logoff log PC startup log PC shutdown log PC sleep log PC restoration log PC connection log PC disconnection log Initial Value: “Yes” is selected, and it cannot be modified. In the Server Settings Tool, when [Not Manage] is selected in the [Connection information between Terminals] of [System Settings], the item can be Modified to [Yes] or [No].
[Linkage Application Log]		External application logs will be collected. Initial Value: [No] is selected.
[All]		Select to collect all logs.
[None]		Select not to collect all logs.

Note

About settings of [Printing Operation Log]

During the installation of the client (CT), when [Monitoring the printing of local printer only] is selected, it is assumed that the printing operation of the client (CT) is performed via the printer servers that are registered to the same Master Management Server or Management Server. (The client (CT) should also be installed on the printer sever.)
At the moment, printing logs will be collected from the printer server. Therefore, in the client (CT) that is not the printer server, even if the [Printing Operation Log] is set to [Yes], the printing log will not be collected. However, if [Printing Operation log] in the print sever is set to [Yes], the printing operation log can be collected.

In the [File Export Prohibition] tab, the conditions of prohibiting the export and reading of files or folders from disk drive, removable device, DVD/CD drive or network drive of the client (CT) PC will be set.
Though the reading prohibition is effective when the Explorer is used, it will become invalid while the File Export Utility is being used.

In addition, the limiting conditions for export to the allowed USB device will be set by the administrator.

The following section describes the settings of the [File Export Prohibition] tab.

[File Export Utility]

Item Name		Description
[Export using File Export Utility]	[Not Allowed] (Initial Value)	The File Export Utility cannot be used.
	[Allowed]	The File Export Utility can be used. Even for the drive with export prohibition, the File Export Utility can be used.
	[Only encryption export is allowed]	This function is not available. When it is selected: The export is allowed only when the file is encrypted by the File Export Utility. When it is not selected: No matter whether the file is encrypted or not, the File Export Utility can always be used for export.
[File Export Utility function setting]		The [Setting of File Export Utility function] is displayed. (Set the conditions when File Export Utility is used)

[Explorer]

Set the control when operation is performed via Explorer .etc.

Item Name				Description
[File access control]			[Yes]	[Reading Prohibition] and [Export Prohibition] can be set. The [Display message when prohibition] checkbox can be selected when this item is selected. After it is selected, messages will be displayed when the prohibition operation is performed.
[File access control]			[No] Initial Value	Reading of removable drive and export of files can be performed freely (files can be accessed in the same way as if Systemwalker Desktop Keeper is not installed). When this item is selected, [Reading Prohibition] and [Export Prohibition] cannot be set.
[Display message when prohibited]				After setting this item, the following message will be displayed when inserting the prohibited device into the client (CT). The above message will be displayed when “Violation” of device configuration change log occurs. Initial Value: Not selected Please refer to “8.2.7 Device Configuration Change Log” for ”Violation” of device configuration change log.
Detailed Settings				Settings can be performed when the [File Access Control] is "Yes". The [File access control - Detailed Settings] window will be displayed. (Set the conditions of folders excluded from network drive access prohibition)
[Reading Prohibition]				Set the targets for reading prohibition.
	[Removable]			Reading of the following devices that are identified as drive letter are prohibited. Initial Value: Not selected Floppy disk External hard disk (removable hard disks such as USB, IEEE1394, PCMCIA connection) MO USB memory Compact flash memory
	[DVD/CD]			Reading of DVD/CD is prohibited. Initial Value: Not selected
	[Network]			Reading of network drive is prohibited. Initial Value: Not selected
[Export Prohibition]				Set the targets for exporting prohibition.
	Please select the drive to be prohibited(export destination).			Select the drive that is the target for export prohibition. Initial Value: All are not selected The drive that becomes the prohibited target by specifying the drive letter should satisfy all the following conditions. The prohibited targets do not include the drive or C drive apart from the following conditions (infrared connection): Drive identified as a drive letter in the PC. Drive apart from the network drive. When F drive is a removable drive, even if the [Removable] (not regarded as the prohibited target) is not selected, when [F] (regarded as prohibited target) is selected, F drive will also be prohibited. Note About network drive The network drive cannot be prohibited by specifying the drive letter. Please prohibit it by selecting the [Network] checkbox.
	[Specify drive type]	[Removable]		Export to the following devices that are identified as drive letter is prohibited. Initial Value: Not selected Floppy disk External hard disk (removable hard disks connected by such as USB, IEEE1394, PCMCIA connection) MO USB memory Compact flash memory
		[DVD/CD]		Export to DVD/CD is prohibited. Initial Value: Not selected
		[Network]		Export to network drive is prohibited. Initial Value: Not selected
	[Clear All]			Clear all the selections for the settings of the prohibited drive (export destination) and [Specify drive type].
	[Select All]			Select all for the settings of the prohibited drive (export destination) and [Specify drive type].

Note

Please do not set the target drive for saving log files.

If the target drive for saving log files set during the installation of the client (CT) is regarded as the prohibited target, logs cannot be collected from the client (CT).

[USB Device Individual Identification Function]

This function is not available.

Item Name	Description
[Use]	When exporting files and folders using File Export Utility, they can only be exported to the USB device specified by the administrator among the USB devices registered in the [USB Device Registration] window of the Management Control. In addition, when the writing and reading with Explorer, etc. (Not File Export Utility) is prohibited, files and folders can only be exported to the USB device specified by the administrator among the USB devices registered in the [USB Device Registration] window of the Management Control. Please refer to “Register USB device” of “7.5 Export Files to Specified USB Device Only” for the method of adding USB devices.
[Do not Use] Initial Value	When exporting files and folders using File Export Utility, follow the policies set in [File Export Utility]. In addition, the writing and reading with Explorer, etc. should follow the policies set in [Explorer].
[Detailed Settings]	The [File Export Prohibition - Individual Identification Function of USB Device - Detailed Settings] window window will be displayed. (Set the access condition for the administrator to use the allowed USB device, as well as adding and deleting the allowed USB device.)

[File Export Utility function setting] window

The conditions of using File Export Utility can be set.

[Setting of File Export Utility function]

Item Name	Description
[Unable to start the format function]	When this is selected: The following content will not be displayed when selecting the [File] menu. The data in the drive and CD-RW/DVD-RW cannot be deleted. [Format Drive] [Erase CD-RW/DVD-RW] When it is not selected: (Initial Value) The data in the drive and CD-RW/DVD-RW can be deleted.
[Display only removable device and DVD/CD as export destination]	When this is selected: During file export, only removable device and DVD/CD will be displayed as export destinations. When it is not selected: (Initial Value) During file export, all export destinations will be displayed.
[IEnter the reason for export]	When this is selected: The input field for entering the reason for export will be displayed in the [File Export Utility] window. The reason for export must be input during file export. Up to 10 reasons can be saved by each CT/client. At the next export, the information input previously can be selected from the pull-down menu. When it is not selected: (Initial Value) The input field for entering the reason for export will not be displayed in the [File Export Utility] window.

Item Name

Description

[Unable to start the format function]

When this is selected:
The following content will not be displayed when selecting the [File] menu. The data in the drive and CD-RW/DVD-RW cannot be deleted.

[Format Drive]
[Erase CD-RW/DVD-RW]

When it is not selected: (Initial Value)
The data in the drive and CD-RW/DVD-RW can be deleted.

[Display only removable device and DVD/CD as export destination]

When this is selected:
During file export, only removable device and DVD/CD will be displayed as export destinations.

When it is not selected: (Initial Value)
During file export, all export destinations will be displayed.

[IEnter the reason for export]

When this is selected:
The input field for entering the reason for export will be displayed in the [File Export Utility] window. The reason for export must be input during file export.
Up to 10 reasons can be saved by each CT/client. At the next export, the information input previously can be selected from the pull-down menu.

When it is not selected: (Initial Value)
The input field for entering the reason for export will not be displayed in the [File Export Utility] window.

[Set the date on which File Export Utility can be started]

Item Name		Description
[Limit period for use]		When this is selected: The period in which the startup is allowed will be set. The File Export Utility can be used in the set period only. The scope of input value is as follows: 1st, January, 2000 ~ 31st, December, 2037 When it is not selected: (Initial Value): The File Export Utility can be used all the time.
[Limit time for use]		When this is selected: The hours in which the startup is allowed will be set. The File Export Utility can be used in the set period only When it is not selected: (Initial Value): The File Export Utility can be used 24 hours.
[The day of a week on which it can be used]		The day in a week when the startup is allowed will be set. (Initial Value): All are selected.
[Date and Time Confirmation Method]	[Inquire Management Server] (Initial Value):	The date and time when the File Export Utility can be started is based on the date and time of the Management Server. In addition, set the operations when the client is offline or the Management Server gives no response. [Use Date and time of CT when it is unable to obtain]: The date and time of CT will be used as the date and time when the File Export Utility can be started. [Unable to start when it is unable to obtain] (Initial Value): The File Export Utility cannot be started.
[Date and Time Confirmation Method]	[Date and Time when CT is used]	The date and time when the File Export Utility can be started is based on the date and time of the CT.

[Detailed Settings of Encryption Export]

This function is not available.

Item Name		Instruction
[Password Length]	[Minumum number of characters]	This is the minimum number of characters for a password when the encrypted file export is set. 1-128 can be set. Initial Value: 1
[Password Length]	[Maximum number of characters]	This is the maximum number of characters for a password when the encrypted file export is set. 1-128 can be set. Initial Value: 8
[Decryption Restriction]	[Number of Password Attempts ]	When this is selected: The number of password attempts can be set. The range of 1-5 times can be set. (5 times will be displayed at the beginning.) If the times of password input exceeds the set value, the encrypted files will be deleted. However, if an encrypted file is exported to the following media, the encrypted file will not be deleted: DVD/CD Write-protected floppy disk and USB memory When it is not selected (Initial Value); There is no limit for the number password attempts, and the encrypted files will not be deleted.
[Decryption Restriction]	[Nubmer of day to decrypt]	When this is selected: The time (number of days) when the encrypted file can be decrypted can be set. The days include the day of encryption. 1-999 days can be set. (30 days will be displayed initially.) If the decryption operation is still performed after the set days has passed, the encrypted files will be deleted. However, if the encrypted files are exported to the following media, the encrypted files will not be deleted: DVD/CD Write-protected floppy disk and USB memory When it is not selected: (Initial Value): There is no limit for the number of password attempts, and the encrypted files will not be deleted.
[Extension of encrypted file]	[exe] (Initial Value)	The “exe” will be automatically added as the extension of encrypted files. The relationship between the [Encrypted File Name] of the [Settings of Encrypted Files] window and the file name after encryption is shown as follows: Specify “Encryption” in the encrypted file name→ The created file name is “Encryption.exe” Specify “Encryption.txt” in the encrypted file name→The created file name is “Encryption.exe” Specify “Encryption.exe” in the encrypted file name→The created Create file name is “Encryption.exe.exe” Specify “Encryption.ex_” in the encrypted file name→The created Create file name is “Encryption.ex_.exe” The encrypted file can be presented by the private icon for an encrypted file of File Export Utility.
[Extension of encrypted file]	[Specify an extension]	The extension of encrypted file can be set. 16 digits of single-byte alpha-numeric characters symbols (except “.”) can be used. But the following characters are not allowed: “.”, “\”, “/”, “:”, “*”, “?”, ““”, “<”, “>”, “\|” Even if the extensions of compressed files such as “zip”, “lzh”, etc. have been set, they will not be compressed. Initial Value: “ex_” The relationship between the [Encrypted File Name] of the [Settings of Encrypted Files] window and the file name after encryption is shown as follows: The specified extension is “ex_”. Specify “Encryption” in the encrypted file name→The created file name is “Encryption.ex-_” Specify “Encryption.txt” in the encrypted file name→The created file name is “Encryption.txt.ex_” Specify “Encryption.exe” in the encrypted file name→The created file name is “Encryption.exe.ex_” Specify “Encryption.ex_” in the encrypted file name→The created file name is “Encryption.ex_” When the extension relating to the file has been specified for the encrypted file, it will be displayed with the icon of the related file.
[Set]		Confirm the input contents and return to the “File Export” tab.
[Cancel]		Do not save the settings and close the window.

[File access control - Detailed Settings] window

Item Name		Description
[Set excluded folder for network drive access prohibition]		The folder excluded from network drive access prohibition can be set.
	[Folder Name]	The folder excluded from network drive access prohibition can be set. The folder name can only be specified to “Path described by UNC”. (Example: \\192.168.0.1\shared, \\nas-server\public) The drive which is allocated with a network drive cannot be specified. (Example: Z:\) The following characters cannot be specified: “/”, “:”, “*”, “?”, “"”, “<”, “>”, “\|” In addition, “\” cannot be specified at the end of path. Initial Value: No specification
	[View]	The dialog for selecting the excluded folder can be displayed.
	[Notes]	Enter the information such as memo. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: No specification
	[Add/Update]	Add an excluded folder. Up to 50 cases can be added. In addition, all folder paths cannot exceed 500 bytes altogether. After modifying the selected [Notes] in the folder list, the information will updated ([Folder Name] cannot be updated).
	[Delete]	Delete the selected lines in the folder list.
[Set]		Confirm the input contents and return to the “File Export” tab.
[Cancel]		Do not save the settings and close the window.

[File Export Prohibition - Individual Identification Function of USB Device - Detailed Settings] window

Item Name			Description
[Allow to Use All USB Devices Registered in Management Server]			Select whether the used of all USB devices registered in the Management Server is allowed. Yes: All USB devices registered in the Management Server can be used. Whether each USB device can be used or not cannot be set. No: (Initial Value) Whether each USB device can be used or not can be set. When Management Server cannot communicate with the client (CT), the USB device used before can be used.
[List of Available USB Devices]			The USB device that is allowed to be used by the administrator will be displayed. When setting and modifying the access condition and canceling the usage permission, select the line corresponding to the USB device.
[Access Settings]			Set the conditions for accessing to the USB device allowed to be used.
	[Read Only] (Initial Value)		The selected USB device in [List of Available USB Devices] can be read only.
	[Read and Write]		The selected USB device in [List of Available USB Devices can be read and written. Only one can be selected among the [Read and Write by File Export Utility Only] checkbox and the [Write by File Export Utility Only] checkbox. When neither is selected, the registered USB devices can be read and written using File Export Utility and Explorer, etc. (Not File Export Utility).
		[Read and Write by File Export Utility Only]	When it is selected: Only File Export Utility can be used to read and write (file export). Explorer, etc. (Not File Export Utility) cannot be used to read and write.
		[Write by File Export Utility Only]	When it is selected: Only File Export Utility can be used to read (file export). Any tool can be used to read.
	[Update]		The settings can be displayed in [List of Available USB Devices].
[Add Device]			The [File Export Prohibition - Detailed Settings of USB Device Individual Identification Function - Select a USB Device] window window can be displayed and the available USB devices can be added. Up to 100 cases can be added.
[Delete Device]			The usage permission of the selected USB device can be canceled in [List of Available USB Devices] and the USB device can be deleted from [List of Available USB Devices].
[Close]			Shutdown the window.

When setting (modifying) the access conditions of available USB devices

Select the line corresponding to the USB device in [List of Available USB Devices].
Set conditions in [Access Settings].
Click the [Update] button.

When canceling the usage permission of USB devices

Select the line corresponding to the USB device in [List of Available USB Devices].
Click the [Delete Device] button.

When adding an available USB device: Click the [Add Device] button.

[File Export Prohibition - Detailed Settings of USB Device Individual Identification Function - Select a USB Device] window

The content registered in the [USB Device Registration] window of the Management Console can be displayed.
The line of the available USB device can be selected. After clicking the [OK] button, the corresponding USB Device will be added to the [List of Available USB Devices] in the [File Export Prohibition - Individual Identification Function of USB Device - Detailed Settings] window window.

The conditions for prohibiting printing on the PC with the client (CT) installed (specify the application allowed to print) and the prohibition of using PrintScreen key to collect screen hard copy can be set in the [Printing Prohibition] tab.

The following section describes the settings of the [Printing Prohibition] tab.

[Printing Prohibition]

Item Name		Description
[Printing Prohibition]	[Yes]	Printing that uses applications apart from the [EXE Name of application] displayed in the [List of Applications that Allow Printing] is prohibited.
[Printing Prohibition]	[No] (Initial Value)	Printing is not prohibited.
[List of Applications that Allow Printing]		The set [EXE Name of Application that Allow Printing] will be displayed. Initial Value: No specification will be made.
[List of EXE names of Applications that Allow Printing ]		Enter the EXE names including the extensions of Applications allowed to print. (For example: Enter EXCEL.EXE in case of Microsoft® Excel) Up to 254 single-byte characters (127 double-byte characters) can be entered. (For alphabets, it is case-sensitive.) However, if the following symbols are used, error will occur. “\”“/”“:”“*”“?”“"”“<”“>”“\|” Initial Value: No specification will be made.
[Notes]		Enter the application name and memo information. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: No specification will be made.
[Add/Update]		Add the EXE name of application allowed to print. Up to 100 cases can be added. After modifying the [Notes] of selected lines in the [List of Applications Allowed to Print], the information will be updated (The [EXE Name of Application that Allow Printing] cannot be updated.).
[Delete]		The selected lines in the [List of Applications that Allow Printing] can be deleted.

[PrintScreen Key Prohibition]

Item Name		Description
[Disabling PrintScreen Key]		When the [PrintScreen Key Operation Log] option in the [Log Switches] tab is [No], settings can be performed.
	[Yes]	The use of PrintScreen key is prohibited. Even if the PrintScreen key is pressed, the hard copy of screen cannot be collected.
	[No] (Initial Value)	The use of PrintScreen key is not prohibited.
[Capture Screen]		When the option of [PrintScreen Key Prohibition] is “Yes”, settings can be performed When it is selected: When the use of PrintScreen key is prohibited, the screen capture when PrintScreen key is pressed can be recorded. When the [Prohibiting PrintScreen Key] option is “No”, it will be changed to not selected automatically. When it is not selected: When the use of PrintScreen key is prohibited, even if the PrintScreen key is pressed, the screen capture will not be recorded.

[When adding the EXE name of applications that Allow Printing ]
Enter the above settings items and click the [Add/Update] button.
Up to 100 cases can be added.

[When updating the existing information]
Select the lines to be updated from the [List of Applications that Allow Printing], modify the [Notes] information and click the [Add/Update] button.
The [EXE Name of Application that Allow Printing] cannot be updated.

[When deleting information]
Select the lines to be deleted from the [List of Applications that Allow Printing], and click the [Delete] button.

This function is not available.

The group prohibited from logon can be set in the [Logon Prohibition] tab. After setting the [Logon Prohibition], logon with the user name that belongs to the set group can be prohibited when logging on to the PC with the client (CT) installed.

The groups for which logon prohibition can be set are as follows:

Administrators
Backup Operators
Debugger Users
Power Users
Guests
Replicator
Users
Domain Admins
Domain Guests
Domain Users
Enterprise Admins
Group Policy Creator Owners

In addition, when one user name belongs to multiple groups, it will become an target of logon prohibition when it satisfies all the following conditions:

The user name entered during logon to the Windows PC belongs to multiple groups.
Logon prohibition is set for any one group in the multiple groups to which the user name belongs.

Note

About the creation of system administrator user under the Windows® XP system

Under Microsoft® Windows® XP Home Edition, the user names belong to the Administrators group and the Users group will be created automatically when the system administrator user is created. If either the Administrators group or the Users group is prohibited, the policy set in Systemwalker Desktop Keeper will prohibited logon.

The set contents will be operated as CT policy.
When only one person logs on to the PC, prohibition can be performed through the settings in the [Logon Prohibition] tab.
When 2 or more users log on to the same PC, it will have nothing to do with the settings in the [Logon Prohibition] tab and it will be logged off.

The following section describes the settings of the [Log Filtering Condition] tab.

Item Name	Description
[List of Logon Prohibition Groups]	The set logon prohibition group will be displayed. Initial Value: Not specified.
[Logon Prohibition Group]	Select the logon prohibition group from the pull-down menu. Please refer to Windows manual for the details of each group. Initial Value: Not specified.
[Set]	When prohibiting the target group from logon, the processing in the client (CT) can be specified. [Logoff] Logoff by force. Under Windows Server® 2008, Windows Server® 2003 or Windows® 2000 Server, please set [Logoff] when users with User authority are not expected to use. [Shutdown] (Initial Value) Shutdown by force. However, under Windows Server® 2008 or Windows Server® 2003, the User authority cannot shut down the computer. The time from logon prohibition being detected from the client (CT) to logoff or shutdown can be set in the “Terminal Operation Settings”. Please refer to “2.4.2 Perform Terminal Operation Settings” for “Terminal Operation Settings”.
[Add/Update]	The name of group that is prohibited from logon and the processing during logon will be added. After modifying the [Set] of selected lines in the [List of Logon Prohibition Groups], the information will be updated (The [Logon Prohibition Group] cannot be updated.).
[Delete]	The selected lines in the [List of Logon Prohibition Groups] will be deleted.

[When adding a logon prohibition group]
After entering the above set items, click the [Add/Update] button.

[When updating the existing information]
Select the lines to be updated from the [List of Logon Prohibition Groups], modify the [Settings] information and click the [Add/Update] button.
The [Group Name] cannot be updated.

[When deleting information]
Select the lines to be deleted from the [List of Logon Prohibition Groups] and click the [Delete] button.

In the [Application Startup Prohibition] tab, the name of the application that is prohibited from startup in the PC with the client (CT) installed can be set.

The following section describes the settings of the [Application Startup Prohibition] tab.

Item Name	Description
[List of Applications of startup prohibition]	The set EXE name of the application prohibited from startup will be displayed. Initial Value: Not specified.
[EXE name of application of startup prohibition]	Enter the EXE name including extension of the application prohibited from startup. (For example: Enter EXCEL.EXE in case of Microsoft® Excel) Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) However, error will occur if the following symbols are used. “\”“/”“:”“*”“?”“"”“<”“>”“\|” Initial Value: Not specified.
[Notes]	Enter the application name and memo information. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: No specified.
[Add/Update]	The EXE name of the application prohibited from startup will be added. Up to 100 cases can be added. After modifying the [Notes] of the selected lines in the [List of Applications Prohibited from Startup], the information will be updated (The [EXE Name of Application Prohibited from Startup] cannot be updated.).
[Delete]	The lines selected in the [List of applications of startup prohibited] will be deleted.

[When adding an EXE name of the application prohibited from startup]
Enter the above set items and click the [Add/Update] button.
Up to 100 cases can be added.

[When updating the existing information]
Select the lines to be updated from the [List of applications of startup prohibited], modify the [Notes] information and click the [Add/Update] button.
The [EXE Name of application of startup prohibited] cannot be updated.

[When deleting information]
Select the lines to be deleted from the [List of applications of startup prohibited ], and click the [Delete] button.

The screening conditions for obtaining file operation logs can be set in the [File Operation Process] tab. Set the file location for log collection during access, and the process of log collection during startup. As the file operation logs can be selected and collected according to objectives, the search efficiency after collection can be improved.

When the [File Operation Log] option in the [Log Switches] tab is [Yes], the set items of the [File Operation Process] tab can be set.

Note

Please do not register the software with many disk accesses.

Since the output of a large amount of logs will cause insufficient database capacity, please do not register software that has significant access to disks such as antivirus software, disk check and repair software, etc.
In addition, as the software related to the OS may also output too many logs, please register after confirming the performance and OS operation state on the test machine.

Initial Value Displayed in [File Operation Process]

EXE Name of Process	Select Record Operation	Select based on extension	Is it OK to delete?	Notes
[Cmd.exe]	[Except view]	[Get all extensions]	[Not Allowed]	[Command Prompt]
[Explorer.exe]	[Except view]	[Get all extensions]	[Not Allowed]	[Explorer]
[fsw00ej2.exe]	[Except view]	[Get all extensions]	[Not Allowed]	[Command Prompt (DTK)]
[xcopy.exe]	[Except view]	[Get all extensions]	[Not Allowed]	[Copy Command]
[dllhost.exe]	[Except view]	[Get all extensions]	[Not Allowed]	[Explorer]

[File Operation Log Filter Operation Settings]

Item Name		Description
[File Operation Log Filter Operation Settings]		Select the drive type as the targets for collection of file and folder operation logs can be selected.
	[Get All] (Initial Value)	Record the operations of all drives.
	[Get file access on removable drives only.]	Record the operation for the drive, the drive type of which is removable disk.
	[Get file access on network and removable drive only]	Record the operation for the drive, the drive type of which is network and removable disk.
[Detailed Settings]		The [File Operation Process - Detailed Settings] window window will be displayed. Set the folder in which the file operation logs are not collected. (When [No] is selected in [File Operation Log] of the [Log Switches] tab, it cannot be selected.)

[List of File Operation Log Obtaining Process]

Item Name	Description
[List of File Operation Log Obtaining Process]	The processes and conditions during the obtaining of file operation logs are displayed in lists. Initial Value: “Initial Value Displayed in [File Operation Process]” will be displayed.
[Process EXE Name]	Enter the EXE name of a process regarded as the target for the collection of file and folder operation logs. Up to 254 single-byte characters can be entered. (Alphabets are not case-sensitive) In addition, [.com] or [.exe] can be entered in the extension of a process. However, if double-byte characters or the following symbols are used, error will occur. “\”“/”“:”“*”“?”“"”“<”“>”“\|” Initial Value: Not Specified.
[Select Record Operation]	Select the operation that is recorded as a log. [Get all] The operations of all files and folders will be recorded. [Except view] (Initial Value) The operations of files and folders apart from viewing will be recorded. [Do not get] Operations of all files and folders will not be recorded.
[Select according to Extension]	Select the extension of the file name that is recorded as a log. [Get all extensions] Select when collecting the file operation logs of all files (extensions) accessed by the process (application). In these files, in addition to data files, execution modules and temporary files indicated by the following extensions are also included: exe dll ini tmp lnk inf [Select extension] (Initial Value) This is selected when collecting only the necessary file operation log. The operations of entering extensions in the [File Operation Extension] tab will be recorded. * When operating the process (application of files or folders in the similar way as Explorer and [Get all extensions] is selected, a large amount of [View] logs will be collected. Therefore, it is recommended to select [Select extension] when collecting only the necessary operation logs, such as data files.
[Notes]	Enter the memo information of process name. Maximum128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]	Add the entered information to the list. Up to 30 cases of information can be registered including the number of processes that are preset in the system. In addition, the changed information shall also be set.
[Delete]	Delete the selected information of [List of File Operation Log Obtaining Processes].

[When adding a process]
Enter the above set items and click the [Add/Update] button.
Up to 30 cases of information can be registered including the number of processes that are preset in the system.

[When updating the existing information]
Select the lines to be updated from the [List of File Operation Log Obtaining Processes], modify the following information and click the [Add/Update] button.
The [EXE Name of Process] cannot be updated. If the [Can be Deleted or Not] of a certain line is set to [No], the [Select Record Operation] cannot be set to [Get All].

[Select Record Operation]
[Select according to Extension]
[Notes]

[When deleting information]
Select the lines to be deleted from the [List of File Operation Log Obtaining Processes], and click the [Delete] button.

But If the [Is it OK to delete?] of a certain line is set to [No], the line cannot be deleted.

[File Operation Process - Detailed Settings] window

[Set excluded folder for file operation log obtaining]

Item Name		Description
[OS Installation Folder]		Select this checkbox when accessing the files on the OS installation folder but when the file operation logs are not to be obtained. When it is selected, the file operation logs of folders and subfolders under the OS installation folder will become excluded targets. (Initial Value): Selected (*)
[Folder of Temporary Internet Files]		Select this checkbox when accessing the files on the folder of Temporary Internet Files, but when the file operation logs are not to be obtained. (Initial Value): Selected (*)
[Temp Folder]		Select this checkbox when accessing to the files on the following folders, but the file operation logs are not to be collected. The folder specified according to the user environment variable TEMP and TMP. The folder a specified according to the system environment variable TEMP and TMP. (Initial Value): Selected (*)
[List of Arbitrary Folder]		The fixed disk folder excluded from the acquisition of file operation logs can be set and deleted.
	[Folder Name]	Specify the fixed disk folder excluded from the acquisition of file operation logs with full path. Up to 254 bytes can be specified. It is not case-sensitive. A maximum of 100 folder names can be registered. Specify the folder by adding “\” or “/” after the drive’s name + colon (:), Specifying the drive name only is also allowed (“D” .etc). When only the drive’s name is specified, the file operation log under the D drive cannot be obtained. When the drive specified in this window is the network drive or removable drive in the client (CT), it cannot become an excluded folder for obtaining file operation log. [Example] When the “D:\temp” in the window is specified as the excluded folder, When the D drive of “Client (CT) A” is the fixed disk, it will become an excluded folder. Even if the files in the D:\temp folder is deleted, the file operation logs will not be obtained. When the D drive of “Client (CT) B” is the removable drive that can use the USB memory, it will not become an excluded folder. After deleting the files in the D:\temp folder, the file operation logs can be obtained. The same folder name cannot be registered more than once (“D:\aaa” and “D:\aaa\bbb” can be registered at the same time.). The folder with an extension should be distinguished from the folder without extension. (When “d:\data” is specified as the excluded folder, “d:\data.tmp” will not become the excluded folder.) To make “d:\data.tmp” into the excluded folder, please register “d:\data.tmp”. Initial Value: Not Specified.
	[Notes]	Enter the memo information, etc. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
	[View]	The folder structure of the PC with the Management Console installed can be viewed. When the excluded folder is set in the client (CT) with a different folder structure from that of the PC with the Management Console installed, please enter the full path in [Folder Name].
	[Add/Update]	Add the folder excluding the acquisition of file operation log to the list. In addition, update the notes of the registered folder (The folder name cannot be updated.).
	[Delete]	Delete the folder excluding the acquisition of the file operation log from the list. Select the correspondent lines in the [List of Aribitray Folder], and click the [Delete] button.
[Set]		Confirm the input content and return to the “File Operation Process” tab.
[Cancel]		Do not save the set information and close the window.

*)When it is upgraded from the version earlier than Systemwalker Desktop Keeper V13.2.0, all the items are unselected.

For the file (extension) accessed by the process set in the [File Operation Process] tab, when the file operation log is collected, the extension can be set in the [File Operation Extension] tab.

When [File Operation Log] in the [Log Switches] tab is [Yes], the set items in the [File Operation Extension] tab can be set.

Item Name	Description
[List of File Operation Log Obtaining Extension]	Display the extension of the registered and obtained file operation log. When the number of registered extensions is 0, even if the [Select Extension] has been set in [Select According to Extension] of the registered process in the [File Operation Process] tab, the log of that process will not be collected. Initial Value: Not Specified.
[Extension]	Enter the extension as the target for the collection of file and folder operation logs. The “.” of extension is not required. (It cannot be entered.) Up to 16 single-byte characters (Alphabets are not case-sensitive) can be entered. Error will occur if the following symbols are used. “\”“/”“:”“”“?”“"”“<”“>”“\|” If the wildcard () is used, “” should be put at the beginning or at the end of the extension. When forward matching is specified. Enter “Extension”. [Example] xl When backward matching is specified Enter “Extension”. [Example] ls The wildcard “” cannot be entered in other locations. In addition, the wildcard “*” cannot be entered alone Please enter it in combination with characters. Initial Value: Not Specified.
[Notes]	Enter the extension and memo information. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]	Add the entered information to the list. Up to 20 cases can be registered. In addition, the modified information should be set.
[Delete]	Delete the information selected in the [List of File Operation Log Obtaining Processes].

[When adding an extension]
Enter the above set items and click the [Add/Update] button.
Up to 20 cases can be registered.
[When updating the existing information]

Select the lines to be updated from [List of File Operation Log Obtaining Extension], modify the [Notes] information and click the [Add/Update] button.
The [Extension] cannot be updated.

[When deleting information]
Select the lines to be deleted from [List of File Operation Log Obtaining Extension], and click the [Delete] button.

This function is not available.

The following settings can be performed in the [E-mail Sending] tab:

Allow or prohibit to add E-mail file attachment
Whether or not to confirm the recipient address for E-mail sending.
Settings of the exclusion domain of file attachment prohibition and recipient address confirmation.

According to the set conditions, the message for confirming the recipient address will be displayed when an E-mail is being sent. Attaching permitted or prohibited files to an E-mail for sending can be permitted or prohibited.

The following section describes the settings of the [E-mail Sending] tab.

[Recipient Address Confirmation during E-mail Sending]

This item has nothing to do with the acquisition policy of [E-mail Sending Log] in the [Log Switches] tab.

Item Name	Description
[Unconfirmed] (Initial Value)	It has nothing to do with the recipient address at E-mail sending and the warning message will not be displayed.
[Confirmed]	When the user is sending an E-mail to the domain apart from the domains set in the [List Exclusion Domains], the warning message will be displayed. The user will confirm whether the E-mail address of the warning domain is correct or not in the warning message window, and the E-mail can be sent only after the checkbox is selected.

[E-mail Attachment Prohibition]

This item has nothing to do with the acquisition policy of [E-mail Sending Log] in the [Log Switches] tab.
In addition, even if there is only one prohibited file in the attachment, the E-mail (E-mail text and all file attachments) cannot be sent.

Item Name	Description
[Do not Prohibit] (Initial Value)	Sending or saving the E-mail after adding the file attachment is prohibited.
[Prohibit (Prohibit the specified extension only)]	Sending or saving the E-mail after adding the file with the specified extension is prohibited. The following describes the E-mail software: In the case of port monitoring mode: the E-mail software that uses SMTP protocol will be used. In the case of V12.0L20-V13.0.0 compatible mode: the following E-mail software will be used: Microsoft® Outlook® Express 5.5 Microsoft® Outlook® Express 6.0 Microsoft® Outlook® 2000 Microsoft® Outlook® 2002 Microsoft® Outlook® 2003
[Prohibit (Permit the encrypted files only)]	Only the files encrypted by the following software can be added to E-mail for sending and saving: The files encrypted by all versions of Systemwalker Desktop Keeper The files encrypted by Systemwalker Desktop Encryption V12.0L10/L20, V13.0.0 The self-decrypting files of SecureBOX V2.0 The files encrypted by FENCE-PRO V5/V6
[Prohibit (Permit the specified extension only)]	Sending or saving the E-mail after adding the file with the specified extension is permitted. The settings are valid when all the following conditions are satisfied: When setting policy for the client (CT) is V14.2.0 or later; When the [Settings of E-mail Control Mode] is set to [Port Monitoring Mode]; When the version of the client (CT) is V13.0.0 or later, or [12.0L20-V13.0.0 Compatible Mode], the specified extension that is permitted to be added will become invalid and any file can be added as the E-mail attachment.
[Extension Settings]	The [E-mail Sending - Set E-mail Attachment Prohibition Extension] window window will be displayed. (Set the extension name of file that is permitted or prohibited in an E-mail attachment.)

[List of Exclusion Domains]

Item Name	Description
[List of Exclusion Domains]	It is not necessary to confirm the recipient address when sending an E-mail to the domain displayed in the list, and file attachment will not be prohibited.
[Domain]	Enter the domain that allows E-mail sending. Up to 254 single-byte characters (Alphabets are not case-sensitive) can be entered. Error will occur if the following symbols are used. “`”, “~”, “!”, “@”, “#”, “$”, “^”, “&”, “*”, “(”, “)”“=”, “+”, “[”, “]”, “{”, “}”, “\”, “\|”, “;”, “:”, “'”, “"”, “,”, “<”, “>”, “/”, “?”, “%” Initial Value: Not Specified.
[Notes]	Enter the memo information related to the domain. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]	Add the domain that allows E-mail sending. Up to 100 domains can be added. After modifying the [Notes] of selected lines in [List of Exclusion Domains], the information will be updated (The domain name cannot be updated).
[Delete]	The selected lines in [List of Exclusion Domains], will be deleted.

[E-mail Sending - Set E-mail Attachment Prohibition Extension] window

Set the file extension permitted or prohibited to be added.

[List of Extensions]

Item Name	Description
[List of Extensions]	The extension name of the file that is permitted or prohibited in E-mail file attachment will be displayed in a list. Initial Value: Not Specified.
[Extension]	Enter the extension name of the file that is permitted or prohibited in E-mail file attachment. The “.” of extension is not required. (It cannot be entered) A maximum of 16 single-byte characters (Alphabets are not case-sensitive) can be entered. Error will occur if the following symbols are used. “\”“/”“:”“*”“?”“"”“<”“>”“\|” Initial Value: Not Specified.
[Notes]	Enter the extension and memo information. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]	Add the permitted or prohibited extension of E-mail file attachment. Up to 100 cases can be added. After modifying the [Notes] of selected lines in the [List of Extensions], the information will be updated (The [Extension] cannot be updated).
[Delete]	Delete the lines selected in the [List of Extensions].
[OK]	Confirm the input content and return to the [E-mail Sending] tab.
[Cancel]	Do not save the set information and close the window.

The conditions for collecting the window title obtaining log can be set in the [Log Filtering Condition] tab.
Though a large number of window title obtaining logs can be collected in order to record all operations on the PC, there will be many repeated logs. Therefore, to avoid collecting the repeated logs, the filtering condition should be set.

The log filtering condition involves two aspects, and two conditions can be specified at the same time.

Settings of Repeated Log Screening:
Only the first log will be collected for the same process and same window title.
Keyword Screening:
By specifying the process names and keywords, the window title logs including the specified process names and keywords can be collected or excluded.

When [Yes] is selected in [Window Title Obtaining Log] of the [Log Switches] tab, the [Log Filtering Condition] tab can be set.

The following describes the settings in the [Log Filtering Condition] tab.

[Repeated Log Filter Setting]

Item Name	Description
[Repeated Log Screening Settings]	Select the method of obtaining repeated logs. When it is selected: The first log will be collected for the same process and same window title. When it is not selected (Initial Value): All window title obtaining logs will be collected.

Item Name

Description

[Repeated Log Screening Settings]

Select the method of obtaining repeated logs.

When it is selected: The first log will be collected for the same process and same window title.
When it is not selected (Initial Value): All window title obtaining logs will be collected.

[Keyword Screening]

Item Name	Description
[Screening condition is not set] (Initial Value)	The window title logs will not be screened according to process name and keyword.
[Obtain matched logs only]	Only the logs belong to the specified process name and the window title log partially matches with the keyword specified in screening conditions will be collected.
[Exclude matched Logs]	The logs belong to the specified process name, and the window title log that partially matches with the keyword specified in screening conditions will not be collected.
[Screening Condition]	Display the set conditions in a list. Initial Value: Not Specified.
[Process EXE Name]	Enter the EXE name of process that collects window title logs. When the [Exclude matched Logs] is selected in the Window Title Obtaining Log Screening Condition, specify the name of process that does not collect window title obtaining logs. Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) [.com] or [.exe] can be entered in the extension of process. Error will occur if the following symbols are used. “\”“/”“:”“*”“?”“"”“<”“>”“\|” When it is not specified, logs of all processes will be collected (or excluded). Initial Value: Not Specified.
[Keyword]	Enter the keyword for collecting window title obtaining logs. (When the window title includes(partially match)/does not include (partially match) the keyword specified here, window title logs will be collected.) When the Window Title Log Screening Condition is set to [Exclude matched Logs], specify the keyword for not to collect window title obtaining logs. [Example] Save as Print Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) When [Keyword] is not specified, all window title obtaining logs of processes specified in [Process EXE Name] will be collected (will not be collected). Initial Value: Not Specified.
[Add]	Add conditions in [Screening Conditions]. Up to 30 cases can be added.
[Update]	After modifying the information of lines selected in the [Screening Condition], the information will be updated.
[Delete]	Delete the lines selected in the [Screening Condition].

In [Filtering Condition], when [Process EXE Name] and [Keyword] are specified at the same time, the AND condition is used.
When [Process EXE Name] and [Keyword] are specified separately in lines, the OR condition is used.

[When adding a condition]
Enter the above set items and click the [Add] button.
Up to 30 cases can be registered.

[When updating the existing information]
Select the lines to be updated from the [Screening Condition], modify the information and click the [Update] button.

[When deleting information]
Select the lines to be deleted from the [Screening Condition], and click the [Delete] button.

The condition of collecting the screen capture can be set in the [Screen Capture Condition] tab.
Set the conditions for collecting the window title obtaining logs in the [Screen Capture Condition] tab.

When [Yes] is selected in [Window Title Obtaining Log] of the [Log Switches] tab, the [Screen Capture Condition] tab can be set.

The settings related to screen capture can be performed in the [Terminal Operation Settings] window (Settings item: [Attached data condition settings]). Please refer to “2.4.2 Perform Terminal Operation Settings” for details.

Note

Please backup or delete the screen capture data regularly.

According to the screen capture condition, storing a large amount of screen capture data on the server (the client (CT) according to terminal operation settings) will cause insufficient disk capacity. Therefore, please regularly confirm the capacity and backup and delete.

The following describes the settings in the [Screen Capture Condition].

Item Name	Description
[Screen capture function]	Select whether to obtain screen capture. [Use] Obtain screen capture. [Do not Use] (Initial Value) Do not obtain screen capture.
[List of screen capture object of window title log]	The conditions for obtaining screen capture are displayed in a list. Initial Value: Not Specified.
[Process EXE Name]	Enter the EXE name of screen capture. Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) [.com] or [.exe] can be input in the process extension. Error will occur if the following symbols are used. “\”“/”“:”“*”“?”“"”“<”“>”“\|” When the EXE name of process is set to blank, logs of all process will be collected (excluded). Initial Value: Not Specified.
[Keyword]	Enter the keyword for collecting screen capture. (When the window title includes (partially match)/does not include ((partially match) the keyword specified here, screen capture can be obtained.) [Example] Save as Print Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) When the EXE name of process is entered in the [EXE Name of Process], please make sure to input in [Keyword]. Initial Value: Not Specified.
[Obtain for second time after 5 seconds]	Set the second acquisition 5 seconds later after the screen capture has been obtained. When it is expected to obtain screen capture continuously to get further knowledge of operation status, please select [Yes]. [Yes] Obtain screen capture for the second time after 5 seconds. [No] Obtain screen capture once only. When selecting [Yes], the screen capture will be collected for the second time after 5 seconds. However, in the 5 seconds from the first collection to the second collection, even if a new window that satisfies the condition of screen capture collection exists, that screen capture will not be collected. As it is the second screen capture of the initial window, “2” which indicates two screen capture collections will be displayed in the [Additional] in the log list of Log Viewer.
[Add]	After selecting [Use] in the [Screen Capture Function], the condition of screen capture collection will be added to the list. Up to 10 cases can be registered.
[Update]	After modifying the information of lines selected in the [List of screen capture object of window title Log], the information will be updated.
[Delete]	Delete the lines selected in the [List of screen capture object of window title].

In [List of screen capture object of window title], when [Process EXE Name] and [Keyword] are specified at the same time, it is the AND condition.
When [Process EXE Name] and [Keyword] are specified separately in lines, the OR condition is used.

The settings in the [Screen Capture Condition] tab and [Log Filtering Condition] tab are set using the AND condition. Therefore, even if the policy of obtaining screen capture is set, the log screening condition will be considered as not set when screen capture cannot be obtained.

[When adding a condition]
Enter the above settings items and click the [Add] button.
Maximum10 cases can be registered.

[When updating the existing information]
Select the lines to be updated from the [List of screen capture object of window title], modify the information and click the [Update] button.

[When deleting information]
Select the lines to be deleted from the [List of screen capture object of window title], and click the [Delete] button.

By monitoring the printed pages, the conditions can be set in the [Eco Monitoring Settings] tab to reduce unnecessary printing.
In the [Settings of Printing Monitoring Mode] during the installation of CT, this function is effective when [Monitor the printing of all printers set in the terminal (Recommended)] is selected.
When [Yes] is selected in [Printing Operation log] of the [Log Switches] tab, the monitoring condition can be set.

When the set number of pages is reached and the printing is prohibited, a warning message will be displayed to the user of the client (CT), and the printing can be prohibited. At the same time, it will be recorded as a violation to the printing prohibition log.

The settings of the [Eco Monitoring Settings] tab will be processed as CT policy.

[Operations when the set number of pages to print is reached]

Item Name		Instruction
[Warning] (*)		When this is selected: When the set number of printed pages is reached, the warning message will be displayed. It will be recorded as a printing operation log. The actions of a document writer (Microsoft Office Document Image Writer, Adobe PDF, etc.) that does not print on paper will be counted as printed pages. [Set number of pages]: the set scope of the number of pages that triggers the display of message is 1-999999. The initial value is 1. When this is not selected (Initial Value): Though the printing pages can be counted, the messages cannot be displayed.
[Prohibit Printing](*)		When this is selected: When the set number of printed pages is reached, the printing will be prohibited. The application that allows printing specified in the [Printing Prohibition] tab cannot print. The printing for a document writer (Microsoft Office Document Image Writer, Adobe PDF, etc) cannot be performed either. It will be recorded as a violation to printing prohibition log. When this item is selected, the [Warning] will be selected automatically. When the number of printed pages reaches the value of prohibition at the beginning of printing, the printing cannot be performed (The message of printing prohibition will be displayed.). When the prohibited number of pages is reached in the process of printing, the printing will be interrupted. The following printing will be prohibited. When the administrator notification settings are performed, the administrator will be notified by E-mail. In addition, an event log will be recorded. [Set number of pages]: the set scope of the number of pages that triggers printing prohibition is 1-999999. The initial value is 1000. When this is not selected: (Initial Value) Though the printing pages will be counted, the printing will not be prohibited.
[Unit for aggregating number of printed pages]	[Daily] (Initial Value)	Monitor the number of printed pages in 24 hours. If the “Date” of PC time is changed, the number of printed pages will be reset to 0.
	[Weekly(Mon~Sun)]	Monitor the number of printed pages in a week. If the PC time is “12am of Monday”, the number of printed pages will be reset to 0.
	[Month]	Monitor the number of printed pages in a month If the “Month” of PC time is changed, the number of printed pages will be reset to 0.

*) When both [Warning] and [Prohibit Printing] are selected,
please input the set number of pages in [Warning] ≦ the set number of pages in [Prohibit Printing].

The clipboard operation prohibition can be set in the [Virtual Environment setup] tab.

Item Name		Description
[Prohibition of clipboard operation between different environments]		When the [Clipboard Operation Log (Virtual Environment)] option in the [Log Switches] tab is [No], settings can be performed.
	[Prohibit]	The clipboard operation is prohibited.
	[Do not Prohibit] (Initial Value)	The clipboard can be used to copy from the virtual environment to the physical environment or from the physical environment to the virtual environment.
[Backup Original File]		When the option of [Prohibition of clipboard operation between different environments] is [Prohibit], the item can be set. When this is selected: The information (text, image) copied from the clipboard will be backed up as the original file. When this is not selected: (Initial Value) The information (text, image) copied from the clipboard will not be backed up as the original file.

The URL prohibited from being accessed can be set in the [URL Access Prohibition] tab.

Item Name			Description
[URL access]	[Prohibit]		Access to URL is prohibited.
		[Prohibit access to registered sites]	Access to the URL specified in [List of Registered Sites] is prohibited.
		[Prohibit access to non-registered sites]	Access to the URL other than the one specified in the [List of Registered Sites] is prohibited.
	[Do not Prohibit] (Initial Value)		Any URL can be accessed.
[List of Registered Sites]			The URL that is prohibited or allowed to be accessed and the memo related to the URL will be displayed. Initial Value: Not Displayed.
[URL string]			Enter the character string that contains part of the domain name of the prohibited or allowed to be accessed URL. [Example] When fujitsu.com is set in the [URL string], the following address will be prohibited or allowed. http://www.fujitsu com/global/ Up to 254 single-byte alphanumeric characters and symbols () (127 double-byte characters) can be entered (Alphabets are not case-sensitive) ) The valid characters of URL are as follows: “'”“.”“-”“*”“)”“(”“_”“:”“%”“+” A multi-byte character domain name cannot be used. Up to 100 cases can be registered. Initial Value: Not Specified.
[Notes]			Enter the information such as the memo of URL. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]			URL will be added. Up to 100 cases can be added. After modifying [Notes] the lines selected in [List of Registered Sites], the information can be updated (The [URL string] cannot be updated.)
[Delete]			The lines selected in [List of Registered Sites] will be deleted.

Prohibition of the connection to the FTP server which is not permitted by the administrator can be set in the [FTP Server Connection Prohibition] tab.
To prohibit the connection to FTP server from Internet Explorer®, please set in the [URL Access Prohibition] tab.

Item Name		Description
[FTP Server Connection]	[Prohibit]	Prohibit the access to the servers that is not specified in the [List of servers allowed be connected].
[FTP Server Connection]	[Do not Prohibit] (Initial Value)	Any FTP server can be connected.
[List of servers allowed to be connected]		The IP address of FTP server allowed to be connected and the memo related to the server to be connected are displayed. Initial Value: Not Displayed.
[IP address]		Enter the IP address (IPV4 format) of the server to be connected. Up to 100 cases can be registered. Initial Value: Not Displayed.
[Notes]		Enter the memo information of the server allowed to be connected .etc. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]		The server allowed to be connected will be added. Up to 100 cases can be added. After modifying the [Notes] of lines selected in the [List of servers allowed to be connected ], the information will be updated (The [IP Address] and [Connecting Target port] cannot be updated.)
[Delete]		The lines selected in [List of servers allowed to be connected] will be deleted.

The Web upload and download operations permitted by the administrator can be set in the [Web Upload and Download Prohibition] tab.

Iten Name		Description
[Upload and Download]	[Prohibit]	The Web upload and download operations that are not in the [List of Sites Allow Upload and Download] tab will be prohibited.
[Upload and Download]	[Do not Prohibit] (Initial Value)	The upload and download operations can be performed on any website.
[List of sites allow uploading and downloading]		The URL of a Web site that allows upload and download, as well as the memo information related to the URL will be displayed. Initial Value: Not Displayed.
[URL string]		Enter the URL of the Web site that allows upload and download. The site that includes the entered character string will allow all the upload and download. [Example] When fujitsu.com is set in the [URL string], all the following addresses are permitted. http://www.fujitsu com/global/ Up to 254 single-byte alphanumeric characters and symbols () (127 double-byte characters) can be entered. (Alphabets are not case-sensitive) ) The valid characters of URL are as follows: “'”“.”“-”“)”“(”“_”“:”“/”“+” A multi-byte character domain name cannot be used. Up to 100 cases can be registered. Initial Value: Not Specified.
[Notes]		Enter the memo information of the URL that allows upload and download. Up to 128 single-byte characters (64 double-byte characters) can be entered. Initial Value: Not Specified.
[Add/Update]		The URL of the Web site that allows upload and download will be added. Up to 100 cases can be added. After modifying the [Notes] information of lines selected in the [List of sites allow uploading and downloading], the information can be updated (The [URL Character String] cannot be updated.).
[Delete]		The lines selected in the [List of sites allow uploading and downloading] will be deleted.

The method of sending operation logs from the client (CT) to the Management Server can be set in the [Other Settings] tab. The sent logs are operation logs, prohibition logs and attached data.

Note

About sending command operation log to the server

Command logs are always sent immediately after collection (not affected by this setting).

The method of sending can be set according to the following cases:

When the client (CT) is always connected to the server and network
When connecting to the server, the logs accumulated in the client (CT) due to the reasons such as a mobile application will be sent immediately.

Operation log sending method

Item Name			Description
[Send immediately when operation logs occur] (Initial Value)			Logs will be sent to the server immediately when they are generated.
	[Processing of logs accumulated in CT]		Set the method of sending the logs accumulated in the client (CT) due to reasons such as a mobile application immediately when the network connects to the server.
		[Send accumulated logs immediately after connection]	When changing from the network disconnection environment to the network connection environment (when the communication with the Management Server and Master Management Server is started), the accumulated logs will be sent to the server immediately from the client (CT).
		[Send operation logs accumulated in certain amount collectively after connection]	When changing from the network disconnection environment to the connection environment (when the communication with the Management Server and Master Management Server is started), the accumulated logs will be sent collectively to the Management Server after reaching to certain amount. The amount of logs to be sent at one time and the interval for sending are set in the [Terminal Operation Settings] window. Please refer to “2.4.2 Perform Terminal Operation Settings” for details.
[Send after collectiong logs for a certain period]			The logs accumulated in a period of time will be sent to the server. The number of logs to be sent at one time and the interval for sending are set in the [Terminal Operation Settings] window. Please refer to “2.4.2 Perform Terminal Operation Settings” for details.
[Send all logs in specified time]			Send logs to server in the specified time. [Start time of sending] of logs must be set. [About the Time Required for Completing Log Sending] The standards are as follows. The number of clients (CT number of sets) and amount of logs are basically in proportion to the time required for log sending. Example 1 The number of clients (CT number of sets): 1000 Number of daily logs: 1000 Time required for log sending: About 15 minutes at most Example 2 The number of clients (CT number of sets): 2000 Number of daily logs: 1000 Time required for log sending: About 30 minutes at most The number of logs to be sent at one time and the interval for sending are set in the [Terminal Operation Settings] window. Please refer to “2.4.2 Perform Terminal Operation Settings” for details.

2.4.1 Perform Terminal Initial Settings

2.4.1.1 Settings of [Log Switches] Tab

2.4.1.2 Settings of [File Export Prohibition] Tab

2.4.1.3 Settings of [Printing Prohibition] Tab

2.4.1.4 Settings of [Logon Prohibition] Tab

2.4.1.5 Settings of [Application Startup prohibition] Tab

2.4.1.6 Settings of [File operational process] Tab

2.4.1.7 Settings of [File operation extension] Tab

2.4.1.8 Settings of [E-mail Sending] Tab

2.4.1.9 Settings of [Log Filtering Condition] Tab

2.4.1.10 Settings of [Screen Capture Condition] Tab

2.4.1.11 Settings of [Eco monitoring settings] Tab

2.4.1.12 Settings of [Virtual Environment setup] Tab

2.4.1.13 Settings of [URL Access Prohibition] Tab

2.4.1.14 Settings of [FTP Server Connection Prohibition] Tab

2.4.1.15 Settings of [Web Upload and Download Prohibition] Tab

2.4.1.16 Settings of [Other Settings] Tab