For a built-in disk identified as a removable drive by the OS, logs will be collected and prohibition will be performed by considering the disk as a removable drive instead of a local drive.
When multiple logon is enabled on a Windows Server(R) 2008, the email recipient confirmation window or the E-mail attachment prohibition window will not be displayed during the E-mail sending. The Systemwalker Desktop Keeper performs the following operations during the E-mail sending:
This does not apply when email is sent from Microsoft(R) Outlook(R) 2007, Microsoft(R) Outlook(R) 2010, or Microsoft(R) Outlook(R) 2013.
For the E-mail of which the recipient address is only the address of an exclusion domain, the information will not be displayed while the E-mail is sent, so there is no change.
For E-mails of which the recipient address contains addresses apart from the exclusion domain, execute judgment for the E-mail attachment prohibition. Perform the following operations according to the judgment result of the E-mail attachment prohibition:
When the prohibited file has been added, the E-mail sending will be terminated without showing the E-mail attachment prohibition window.
When the prohibited file is not added, the E-mail will be sent without showing the recipient prohibition window.
When multiple users are logged on, messages displayed during process control and service control will be sent to a specific user only. The display conditions are as follows:
When there is a locally logged-on user, messages will be displayed to that user.
When there is no locally logged-on user, messages will be displayed to one of the remotely logged-on users.
The policy status when multiple users are logged on is shown in the table below.
With smart devices (Android and iOS devices), only one user is logged on, so operation conforms to the CT policy.
"Multiple users logged on" means that at least two active users are logged on. For example, both local and remote users are logged on or at least two remote users are logged on. This does not apply to multiple local users logged on through switching, because in this case there will be only one active user.
Function | Valid Policy | |
---|---|---|
Log (recording function) | Application startup/termination | User policy. |
Window title obtaining log | User policy. | |
E-mail sending | CT policy. | |
E-mail sending interruption | CT policy. | |
Command operation | User policy. | |
Device configuration change | (*1) | |
Printing operation | User policy. | |
File export | User policy. | |
PrintScreen key operation | User policy. | |
Web operation | User policy. | |
FTP operation | User policy. | |
File operation | CT policy. | |
Logon/Logoff | CT policy. | |
Clipboard operation | User policy. | |
Linkage application | User policy. | |
Web access log (Android device) | CT policy | |
SD card mount/unmount log (Android device) | CT policy | |
SIM card mount/unmount log (Android device) | CT policy | |
Wi-Fi connection log (Android device) | CT policy | |
Bluetooth connection log (Android device) | CT policy | |
Incoming/outgoing calls log (Android device) | CT policy | |
Application usage log (Android device) | CT policy | |
Application configuration change log (Android device) | CT policy | |
Prohibition function | Application startup prohibition | User policy. |
Printing prohibition | User policy. | |
PrintScreen key prohibition | User policy. | |
Logon prohibition | CT policy. | |
E-mail attachment prohibition | CT policy. | |
File export prohibition | (*2) | |
File reading prohibition | (*2) | |
URL access prohibition | User policy. | |
FTP server connection prohibition | User policy. | |
Web download operation prohibition | User policy. | |
Web upload operation prohibition | User policy. | |
Clipboard operation prohibition | User policy. | |
Wi-Fi access prohibition (Android device) | CT policy | |
Bluetooth connection prohibition (Android device) | CT policy | |
Application usage prohibition (Android device) | CT policy | |
Device Functionality usage (iOS device) | CT policy | |
Application usage (iOS device) | CT policy | |
iCloud usage (iOS device) | CT policy | |
Security and privacy settings (iOS device) | CT policy | |
Content Ratings settings (iOS device) | CT policy |
*1: The policy status for the device configuration change log depends on the settings in the File Export Prohibition - USB Device Individual Identification Function - Detailed Settings window.
When operating according to the CT policy
When Allow to use all USB devices registered in Management Server is Yes
When operating according to the user policy
When Allow to use all USB devices registered in Management Server is No
In addition, the device configuration change log, which records the mounting of USB devices, operates according to the CT policy.
*2: The policy status for file export prohibition and file reading prohibition depends on the policy setting in File export/read.
When operating according to the CT policy
When Export using File Export Utility is Not Allowed
When Permission switch of all USB registered in Management Server in the File Export Prohibition - USB Device Individual Identification Function - Detailed Settings window is Yes
When operating according to the User policy
When Export using File Export Utility is Allowed and Access Settings in the File Export Prohibition - USB Device Individual Identification Function - Detailed Settings window is as follows:
- Reading and writing are limited to File Export Utility is selected
- Writing is limited to File Export Utility is selected
When Permission switch of all USB registered in Management Server in the File Export Prohibition - USB Device Individual Identification Function - Detailed Settings window is No
When operating according to both the CT policy and user policy
User policy setting
When Export using File Export Utility is Allowed and Permission switch of all USB registered in Management Server in the File Export Prohibition - USB Device Individual Identification Function - Detailed Settings window is Yes
When the above policy is used, startup of Export Utility operation is determined according to the user policy, and actual export is determined according to the CT policy.
Example: When the CT policy prohibits the export of removable media, you can start Export Utility. However, the CT policy prohibits export, so you cannot export a file.
When the OS of the client (CT) is Windows Vista(R), Windows Server(R) 2008, Windows(R) 7 Windows(R) 8, or Windows Server(R) 2012 OS, and the command prompt and File Export Utility are run by an administrator user, the message "Requested resource is in use" will be output sometimes and the application cannot be started. In this case, wait a moment and restart the application.
When using the Web console, do not click the Back button on the browser. If this button is used, errors may occur and it may not display properly.
Do not allow multiple users to log on the Windows OS at the same time using the same user ID. Otherwise, the logs cannot be differentiated.
In some cases the same log is sent by the client (CT) and smart device (agent) (Android) and stored in the Management Server. If this happens, the same log is displayed multiple times in the Log Viewer.
If you have logged on using the built-in Administrator account of the operating systems below, use Internet Explorer(R) in the Desktop application on Web Console. Internet Explorer(R) from Windows Store apps is not supported.
Windows(R) 8 Pro
Windows(R) 8 Enterprise
Windows(R) 8.1 Pro
Windows(R) 8.1 Enterprise
Microsoft(R) Windows Server(R) 2012 Datacenter
Microsoft(R) Windows Server(R) 2012 Standard
Microsoft(R) Windows Server(R) 2012 Essentials
Microsoft(R) Windows Server(R) 2012 Foundation
Microsoft(R) Windows Server(R) 2012 R2 Datacenter
Microsoft(R) Windows Server(R) 2012 R2 Standard
Microsoft(R) Windows Server(R) 2012 R2 Essentials
Microsoft(R) Windows Server(R) 2012 R2 Foundation
Communication between the Management Server or Master Management Server and a client (CT) is encrypted.
Therefore, there are restrictions on unencrypted communications, such as communication with a client (CT) of V14.3.1 or earlier to which the communication encryption update has not been applied.
You must apply the urgent updates that were released in and after September 2014 to clients of V13.3.0 to V14.3.1, or upgrade to V15.1.
You cannot use clients of V13.2.1 or earlier. Upgrade to V15.1.0.
After you upgrade the Management Server to V15.1.0, the clients that you can fresh install are V15.0.0 and V15. 1.0.
After logging on using a Microsoft account, the Microsoft account information is stored in the user name and domain name of the log.
For example, if the Microsoft account is "fujitsu.tarou@example.com", the user name will show "fujitsu.tarou" and the domain name will show "example.com".
However, if you switch from an existing account to a Microsoft one, the existing account information may be stored in the user name and domain name of the log until the operating system is restarted.
The log user name recorded is the one used for logon. The user name used for domain logon is neither case- nor width-sensitive, so the user name recorded may differ from the one used during registration.
Policies that can be set on client (CT) and smart device (agent)
The Management Console allows setting all policies for clients (CTs) and smart devices (agents), but which ones will take effect depend on the device. If a policy is set but does not take effect on a specific device, the recording feature or prohibition feature will not operate.
Policy | Device | |||
---|---|---|---|---|
Client (CT) | Smart device (agent) (Android) | Smart device (agent) (iOS) | ||
Log | Application startup | Y | N | N |
Application termination | Y | N | N | |
Window title obtaining | Y | N | N | |
E-Mail Sending/E-mail sending interruption | Y | N | N | |
Command operation | Y | N | N | |
Device configuration change | Y | N | N | |
Printing operation | Y | N | N | |
File export | Y | N | N | |
PrintScreen key operation | Y | N | N | |
Web operation | Y | N | N | |
FTP operation | Y | N | N | |
File operation | Y | N | N | |
Logon,Logoff | Y | N | N | |
Clipboard operation | Y | N | N | |
Linkage application | Y | N | N | |
Web access | N | Y | N | |
SD card mount/unmount | N | Y | N | |
SIM card mount/unmount | N | Y | N | |
Wi-Fi connection | N | Y | N | |
Bluetooth connection | N | Y | N | |
Incoming/outgoing calls | N | Y | N | |
Application usage | N | Y | N | |
Application configuration change | N | Y | N | |
Prohibition feature | File access control | Y | N | N |
Application startup prohibition | Y | N | N | |
Print prohibition | Y | N | N | |
PrintScreen key prohibition | Y | N | N | |
Logon prohibition | Y | N | N | |
Attachment prohibition | Y | N | N | |
URL access prohibition | Y | N | N | |
FTP operation prohibition | Y | N | N | |
Web operation prohibition | Y | N | N | |
Clipboard operation prohibition | Y | N | N | |
Wi-Fi connection prohibition | N | Y | N | |
Bluetooth connection prohibition | N | Y | N | |
Application usage prohibition | N | Y | N | |
Device Functionality usage | N | N | Y | |
Application usage | N | N | Y | |
iCloud usage | N | N | Y | |
Security and privacy settings | N | N | Y | |
Content Ratings settings | N | N | Y |
Y: The recording and prohibition features operate when this is set as a policy on Management Console.
N: The recording and prohibition features do not operate even when this is set as a policy on Management Console.
About character code that can be processed in Systemwalker Desktop Keeper
There are following two types of character code that can be processed in Systemwalker Desktop Keeper. Other character code will be converted to "?".
Local Character Code
It will be displayed correctly.
Unicode
It may be able to be displayed correctly or converted to "?".
Operation logs and prohibition logs collected by a client (CT) or smart device (agent) are stored using Unicode characters.
Any collected application log that cannot handle Unicode characters may be recorded as "?".
If the export source file or folder name contains Unicode characters when Export Utility exports a file or folder to a destination listed below, you cannot specify that file or folder as the export source.
In addition, if the export destination file or folder name contains Unicode characters, you cannot specify that file or folder as the export destination.
Export to a DVD or CD
Encryption export to a destination other than a DVD or CD
Entry and display operations in Management Console use Unicode characters.
However, if you have specified ShiftJIS for Encoding for I/O files in Server Settings Tool, any Unicode characters in an input file will not be displayed properly. If an output file contains Unicode characters, they will be converted to "?".
Entry and display operations in the Log Viewer use Unicode characters.
However, if you have specified ShiftJIS for Encoding for I/O files in Server Settings Tool, Unicode characters in the output file will be converted to "?".
Commands provided by Systemwalker Desktop Keeper and server-based tools such as Server Settings Tool do not support entry or display of Unicode characters.
Do not use the following tools and commands that are provided by Systemwalker Desktop Keeper because they may not operate properly:
Tools and commands that are installed in the Management Server or Master Management Server
Tools and commands that are installed in Smart Device Relay Server
The Policy Application Tool
You cannot perform encryption export to a DVD or CD by using the Export Utility.
In Systemwalker Desktop Keeper, halfwidth character, fullwidth character, and character count are defined as follows:
Halfwidth character: A character with an ASCII code in the range 0x20 to 0x7E
Space
Symbols: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Numeric characters: 0-9
Alphabetic characters: A-Z, a-z
Fullwidth characters: Characters other than halfwidth characters
Halfwidth katakana characters (the width that is generally used) are treated as fullwidth characters.
Character count: Each halfwidth character is counted as 1 character.
Each UTF-16 2-byte fullwidth character is counted as 1 character.
Each surrogate pair character uses 4 bytes to represent 1 character, so it is counted as 2 characters.
Each combining character uses n bytes to represent 1 character, so it is counted as n/2 or less characters, depending on the combining character.
Operating system updates after installation of Systemwalker Desktop Keeper
After upgrading to Windows(R) 8.1, it may temporarily not be possible to write to a CD or DVD.
If this happens, restart the operating system.