This function is not available.
To reduce the risk of information disclosure, the USB devices that can be used can be restricted individually when exporting files and folders using the File Export Utility and Explorer, etc.
The permitted USB device requires policy setting in the Management Console.
Please refer to “Register USB device” and “Set USB devices permitted to be used in policy setting.” for these steps.
The information exported by File Export Utility, used media, export date and time and export person, etc., can be collected as a file export log.
The information exported by Explorer, used media, export date and time and export person, etc., can be collected as a file operation log.
In addition, if the use of a USB device is restricted individually, and when the USB devices that are not permitted (it is limited to those identified as removable devices) are inserted, ”Violation” will be recorded in the device configuration change log. This information can be sent to the administrator by E-mail. In addition, it can be recorded as an event log.
The registered USB device information includes the method of registering using the window and registering using a CSV file.
For the registration procedure, please refer to “Register USB device” and “Register USB device information using CSV file”.
In addition, the registered USB device information can be output to a CSV file. The functions are as follow:
Confirm the USB device that has been registered.
Transfer the registered USB device information to another Management Server.
Change the registered USB device information.
Delete the registered USB device information.
For the procedure, please refer to “Export registered USB device information as CSV file.” and “Modify the registered USB device information”.
Point
Conditions of [Individual Identification Function of USB Device] can be set.
When the [File Export Prohibition] tab is set to the following patterns, the [Individual Identification Function of USB Device] can be set.
Pattern 1
When [Export using File Export Utility] is set to [Yes]
Pattern 2
When [File Access Control] is set to [Yes]
When [Read Prohibition] is set to [Removable], Or
When [Specify Drive Type] is set to [Removable]
Application example
This describes the application example when the file export and reading are performed using only the USB devices that are permitted by the administrator.
Exporting any file to the USB device is prohibited; Access can occur when files saved in the permitted USB device are expected to be viewed or imported as a business requirement.
This application can be achieved through the following settings:
Export using File Export Utility is prohibited. In addition, export by Explorer (Not Export Utility) is also prohibited. Only reading by Explorer (Not Export Utility) is permitted.
For policy setting, please refer to “Policy Setting of Application Example 1”.
File export is allowed only after encryption using the Export Utility. In addition, exporting (copying) from the outside through the software (unless done by the administrator) is prohibited, while access to the USB device through Explorer (Not Export Utility) is also prohibited.
This application can be achieved through the following settings.
File export is allowed only after encryption using the Export Utility. Exporting and reading using Explorer (Not Export Utility) are prohibited.
Please refer to “Policy Setting of Application Example 2” for policy setting.
File export is allowed only after encryption using the Export Utility. At this time reading is only permitted by Explorer (Non-File Export Utility).
This application can be achieved through the following settings.
File export is allowed only after encryption using the Export Utility. Reading through Explorer (Not Export Utility) is permitted, but the export is prohibited.
Please refer to “Policy Setting of Application Example 3” for policy setting.
As the USB device with lock and encryption function has security functions, considering the convenience, it is expected to export using Explorer (Not Export Utility) (the File Export Utility will not be used and the accompanied security function of USB device will be used).
In addition, it is expected to connect the permitted USB with an external HDD to obtain backup files.
In the application example 4, files can be copied to the USB device by Explorer (Not Export Utility) instead of File Export Utility. However, since File Export Utility is not used, the file export logs cannot be collected and the original of exported files cannot be backed up. Access to the USB device can be confirmed by collecting file operation logs.
When collecting the file export logs and backing up the original of export files, please set File Export Utility and export files through File Export Utility.
This application can be achieved through the following settings.
Export and reading by Explorer (Not Export Utility) are permitted.
*Though related settings of File Export Utility are not needed, the condition of the file export log expected to be collected and the original file exported by the backup file also need to be considered, and become the set example in the above picture.
Please refer to “Policy Setting of Application Example 4” for policy setting.
By setting the period for use of the USB device, the USB device is permitted to be used within a set time only. The USB device that exceeds the period of use cannot be used. By setting the period for using the USB device again, the USB device that exceeds period of use can continue to be used.
This application can be achieved through the following settings.
Set the period for use of the USB device, and permit exporting and reading.
※ It can also be limited to use by File Export Utility only or set to read only.
For policy setting, please refer to “Policy Setting of Application Example 5”.
When a large number of USB devices exist, it is difficult to set permissions of USB devices for each client (CT) and user. In this case, the problem can be solved by using USB devices registered on the Management Server/Master Management Server.
This application can be achieved through the following settings.
Permit the use of all USB devices registered on the Management Server/ Master Management Server, and permit exporting and reading.
※ It can also be limited to use by File Export Utility only or set to read only.
Please refer to “Policy Setting of Application Example 6” for policy setting.
The registration can be performed by the system administrator or epartment administrator.
It is required to set the authority of [Register/Update/Delete USB Device] in [Detailed Authority] in the [Administrator Information Settings] window of the Server Settings Tool.
The registration can be performed through the Management Console.
In the case of a 3-level system structure, the registration can be performed through the Management Console that is connected to the Master Management Server. It has nothing to do with the execution of collective management of user information.
The number of USB devices that can be registered is 10,000.
The USB device that satisfies all the following conditions can be registered:
It has a USB interface.
The manufacturer ID/product ID/internal serial number can be obtained from the USB device.
An example of a USB device that can be registered is shown as follows:
USB Device | Description and Notes |
|---|---|
USB Flash Memory | It can also be registered via USB-HUB. |
USB Hardware | It can also be registered via USB-HUB. |
SD Card via USB Card Reader .etc | Identify the device itself as the USB device that can be registered. The inserted memory media cannot be identified separately. |
USB Floppy Disk Device | Identify the device itself as the USB device that can be registered and the inserted floppy media cannot be identified separately. |
USB MO Device | Identify the device itself as the USB device that can be registered and the inserted MO media cannot be identified separately. |
USB DVD/CD-R/RW Device | Sometimes, USB device information cannot be obtained through the [Get USB Device Information] button. In this case, please check the USB device information through device manager, etc., and manually input [USB Device Information]. |
After the registered device information has been set to “Permitted Device” in policy, it can be distributed as CT policy or user policy.
Register one by one in the [Register USB Device] window. One USB device will be registered as one item.
The procedure is as follows:
Start [Management Console].
Select [USB Device Registration] in the [Operation Settings] menu.
→ The [USB Device Registration] window is displayed.
Item Name | Description | |
|---|---|---|
[USB Device Screening] | Screen the USB devices displayed in the [List of Registered USB Device]. The following items can be selected:
| |
[Keyword] | Specify the search condition of displayed USB device. Up to 128 single-byte characters (64 double-byte characters) can be entered. | |
[Search] | Perform the USB device search according to the conditions specified in [USB Device Screening] and [Keyword]. | |
[List of Registered USB Devices] | Display the content of registered USB device. Display the following information:
| |
[Drive Name] | When reading USB device information through the [Get USB Device Information] button, select the drive to load this device. | |
[Get USB Device Information] | After clicking, information will be read from the USB device inserted into the specified drive. | |
[Setting Item] | [USB Device Name] | Up to 80 single-byte characters can be entered. However, the following characters cannot be entered: Please make sure to enter this item. |
[Notes] | Up to 128 single-byte characters can be entered. However, the following characters cannot be entered: | |
[USB Device Information] | [Manufacturer ID] | When clicking the [Get USB Device Information] button, the read USB device information will be displayed. When registering USB device manually, please enter the following items:
|
[Last User Information] | [Last Used User Name] [Last Used Computer Name] [Last Connection Date] | Display the information of the last user of USB device. |
[Identification Method of USB Device] | When exporting files to the USB device using the Export Utility and Explorer, etc., this is a method to identify whether it is a permitted USB device. | |
[Complete match] | Identify according to manufacturer ID + product ID + internal serial number. | |
[Serial number match] | Identify according to manufacturer ID + internal serial number. When registering USB device attached with authentication function and the product ID before authentication is different from that after authentication (*), select this item. | |
[Product match] | Identify USB device according to manufacturer ID + product ID. | |
[Not available] | The registered USB device can be set as temporarily not available. In the [List of Registered USB Devices], all items of this line will be displayed in gray. | |
[Period for use of USB Device] | When [Set Period for Use of USB Device] is selected in the [Operation Settings of USB Device], set the period for use of the USB device. Only the single-byte digits can be entered, and the input scope is as follow.
| |
[Export/Import of Setting Contents] | [File Export] | Display the [Specify the File for Exporting USB Device Information] window. |
[File Import] | Display the [Specify the File for Importing USB Device Information] window. | |
[Add] | Register a USB device. | |
[Update] | Update USB device information. | |
[Delete] | Delete a registered USB device. | |
[Operation Settings] | Perform operation settings of USB device. | |
* It is recommended to confirm that the registration is performed before/after authentication in advance.
Please click the [Get USB Device Information] button before/after authentication, and confirm that only the [Product ID] displayed in the [USB Device Information] has modified.
Click the [Operation Settings] button.
→ The [Operation Settings of USB Device] window is displayed.
Item Name | Description | ||
|---|---|---|---|
[Set Period for Use of USB Device] | Set the period for use of the USB device. | ||
| [Not Set] (Initial Value) | The USB device can be used at any time. | |
[Set] | Set the period in which the USB device can be used. Please specify the time to be extended when the period for use of USB device has been exceeded. 1-999 can be specified. | ||
| [The period for use will be reset with the initial value when the USB device is connected] | Set whether the period for use will be automatically extended when the period for use of USB device is exceeded. The extended time is to add days specified in [Initial Value] of [Set Period for Use of USB Device]. | |
Click the [Settings] button.
Insert the USB device that requires registration into the PC of Management Console.
Select the drive identified by the PC selected in [Drive Name] and click the [Get USB Device Information] button.
→ The information of the inserted USB device is displayed in [USB Device Information].
The registration cannot be performed when the USB device information cannot be read from the media.
Point
USB device with lock function
When using a USB device with a lock function, please click the [Get USB Device Information] button after unlocking.
Point
About DVD/CD-R/RW devices of USB interface
DVD/CD-R/RW devices with a USB interface. etc., can be registered by manually entering the manufacturer ID/product ID/internal serial number.
Select [Identification Method of USB Device].
Enter [USB Device Name] and [Notes].
In the case of a 3-level structure, the registration information will be saved on the Master Management Server; in the case of a 2-level structure, the registration information will be saved on Management Server and the information of multiple subordinating departments will co-exist. Therefore, when setting policy, it is expected that the USB devices permitted by the local department will be selected from a large number of registration information. Though each items displayed in [List of Registered USB Devices] can be sorted, it is recommended to set the identification information such as department and user name, etc., in [Notes] to facilitate selection.
click the [Add] button.
→The registration content is displayed in [List of Registered USB Devices].
Start [Management Console], and the [USB Device Registration] window is displayed.
Select the USB device that requires update in [List of Registered USB Devices].
→ The registered content is displayed.
Update the corresponding items and click the [Modify] button.
→The update will be reflected to [List of Registered USB Devices].
Start [Management Console], and the [USB Device Registration] window is displayed.
Select the USB device that requires deletion in [List of Registered USB Devices].
→ The registered content is displayed.
When deleting the information, please refer to the identification information such as department and user name, etc., in [Notes] and execute after confirming that is the USB device information of the local department.
click the [Delete] button.
→ The information is deleted from the [List of Registered USB Devices].
The computer name, user name and use date of last used USB device can be confirmed in the [USB Device Registration] window. Whether or not the USB device that has not been used for a long time due to reasons such as lost USB devices exists can be confirmed.
Start [Management Console] and the [USB Device Registration] window is displayed.
→ Confirm the usage status of USB device through the [Last Used User Name], [Last Used Computer Name] and [Last Connection Date].
Set USB devices permitted to be used in policy setting.
The policy setting is performed by the system administrator or department administrator.
This section describes by Application example including policy setting from application example 1 to application example 4.
In the [File Export Prohibition] tab, set as follows:
[File Export Utility]
Select [No] in the [Export using File Export Utility].
[Explorer]
Select [Yes] in [File Access Control].
Select [Disable] in [Read Prohibition] ([Read of Removable Drive]).
Select [Removable] in [Specify Drive Type] of [Export Prohibition].
[Individual Identification Function of USB Device]
Select [Use].
Select [Read Only] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window.
In the [File Export Prohibition] tab, set as follows:
[File Export Utility]
Select [Yes] in [Export using File Export Utility].
Select [Export after Encryption Only].
[Explorer]
Select [Yes] in [File Access Control].
Select [Disable] in [Read Prohibition] ([Read of Removable Drive]).
Select [Removable] in [Specify Drive Type] of [Export Prohibition].
[Individual Identification Function of USB Device]
Select [Use].
Select [Read and Write] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window.
Select [Write using File Export Utility Only] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window.
In the [File Export Prohibition] tab, set as follows:
[File Export Utility]
Select [Yes] in [Export using File Export Utility].
Select [Export after Encryption Only].
[Explorer]
Select [Yes] in the [File Access Control].
Select [Disable] in [Read Prohibition] ([Read of Removable Drive]).
Select [Removable] in [Specify Drive Type] of [Export Prohibition].
[Individual Identification Function of USB Device]
Select [Use].
Select [Read and Write] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window.
Select [Read and Write by File Export Utility Only] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window.
In the [File Export Prohibition] tab, set as follows:
[File Export Utility]
Select [Yes] in the [Export using File Export Utility].
Select [Export Only after Encryption].
[Explorer]
Select [Yes] in the [File Access Control].
Select [Disable] in the [Read Prohibition] ([Read of Removable Drive]).
Select [Removable] in the [Specify Drive Type] of [Export Prohibition].
[Individual Identification Function of USB Device]
Select [Use].
In the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window, select [Read and Write]. Do not tick any of subordinate check boxes.
In the [Operation Settings of USB Device] of [USB Device Registration], set as follows:
Select [Set Period for Use of USB Device].
In the [USB Device Registration] window, set as follows:
Select the USB device required to set period for use in [List of Registered USB Devices], and set the permitted date of use in [Period for Use of USB Device].
In the [File Export Prohibition] tab, set as follows:
[Individual Identification Function of USB Device]
Select [Use].
Select the permitted access settings of use in [File Export- Individual Identification Function of USB Device-Detailed Settings] window.
In the [File Export Prohibition] tab, set as follows:
[Individual Identification Function of USB Device]
Select [Use].
Select [Yes] in [Use of all USB devices registered on the Management Server are permitted] of [File Export- Individual Identification Function of USB Device-Detailed Settings] and select the permitted access settings of use.
In addition, when the individual identification function of the USB device is used, the device configuration change log can be collected as “Violation” in the following patterns.
The following only explains the condition when the device configuration change log is collected as “Violation” and does not correspond to the above-mentioned application examples from 1 to 6.
Pattern 1
When the [Identification Method of USB Device] of [USB Device Registration] is a USB device connection of [Not Available]
Pattern 2
When the period for use set in [Period for use of USB Device] of the [USB Device Registration] window is exceeded
Pattern 3
When the [Use of all USB devices registered on the Management Server are permitted] in the [File Export Prohibition- Individual Identification Function of USB Device-Detailed Settings] window is set to [Yes] and the Management Server cannot be connected to the client (CT).
Click the [Update at Next Startup] or [Update Immediately] button, and set policies.
The CT policy will be reflected when the client (CT) is started, and the user policy will be reflected when logging on to the client (CT).
This wil be reflected by an immediate update of policy.
Register USB device information using CSV file
Create USB device list file.
For details of the USB device list file, please refer to “USB Device List File” of “Systemwalker Desktop Keeper Reference Manual”.
Start [Management Console], and the [USB Device Registration] window is displayed.
Click [Import File] button.
→ The [Specify the File for Importing USB Device Information] window is displayed.
[Import File] (Required): specify the USB device list file with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[Result log file] (Required): specify and save the file of execution results with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[When the result log file exists]: please make sure to set when the original result log file exists.
[Add]: select when the file is added to the original result log file.
[Overwrite]: select when the file overwrites the original result log file.
Set the above-mentioned information and click the [Start Import] button.
→ The [Display Import Status of USB Device Information] window is displayed.
After the import of the USB device information has completed, “Registration Completed” will be displayed in [Process Status]. Click the [OK] button.
Export registered USB device information as CSV file.
Start [Management Console] and the [USB Device Registration] window is displayed.
Click the [File Export] button.
→ The [USB Device Information Output File Specified] window is displayed.
[Output File] (Required): specify the CSV file for exporting USB device information with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[Result log file] (Required): specify the file for exporting execution results with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols that not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[When the result log file exists]: please make sure to set when the original result log file exists.
[Add]: select when the file is added to the original result log file.
[Overwrite]: select when the file overwrites the original result log file.
Set the above-mentioned information and click the [Start Export] button.
The message is displayed after export has completed, click the [OK] button.
Modify the registered USB device information
Use the CSV file that exports the registered USB device information to perform the following operations:
Modify the USB device name, notes or identification method of the registered USB device information.
Delete the registered USB device information.
Move the USB device information to another Management Server.
The procedure is as follows:
Click the [File Export] button to export the USB device information as CSV file.
For information on how to do so, please refer to “Export registered USB device information as CSV file.”.
Modify the contents of the CSV file if needed.
Please enter the CSV file as text file to edit. After editing with software such as Microsoft® Excel, some necessary information such as double quotation marks may be lost.
The first item of each line in the CSV file output by Step 1 is blank. Under this status, when importing USB device information to the same Management Server, the information will be added as “Newly Added” information. When “Product match” is specified in the identification method, the same information will be registered several times. Therefore, to avoid registering information repeatedly, it is recommended to delete the lines not to be modified or deleted before importing to Management Server.
For details of the CSV file, please refer to “USB Device List File” of “Systemwalker Desktop Keeper Reference Manual”.
Specify “U” in the first item (process flag).
Modify the USB device name, notes or identification method. When importing the CSV file, all items should be recorded. Please do not modify the item apart from the USB device name, notes or identification method.
Specify “D” in the first item (process flag).
Confirm that the second item (GUID) is specified.
When modifying the USB device information registered on the moved Management Server, please refer to “Modify USB device name, notes or identification method” or “Delete USB device information”.
Save the CSV file.
In the Management Server that imports USB device information, click the [Import File] button.
→ The [Specify the File for Importing USB Device Information] window is displayed.
[Import File] (Required): specify the USB device list file with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[Result log file] (Required): specify and save the file of execution results with full path.
Up to 218 single-byte characters can be entered. However, the following symbols are not allowed in file name.
The symbols not allowed: “\”“/”“:”“*”“?”“"”“<”“>”“|”
[When the result log file exists]: please make sure to set when the original result log file exists.
[Add]: select when adding to the original result log file.
[Overwrite]: select when overwriting the original result log file.
Set the above-mentioned information and click the [Start Import] button.
→ The [USB Device Information Import Status Display] window is displayed.
After the import of USB device information import has completed, “Registration Completed” will be displayed in [Process Status]. Click the [OK] button.
Note
The CSV file used for import cannot be used again.
The CSV file used for import cannot be used again. To modify the CSV file as modify USB device information, please perform the operation again using CSV file import in Step 1.
