After installing a Management Server/Master Management Server and creating the database, configure the server environment to use the Sever Setting Tool.

The Sever Setting Tool has the following functions:

[Setting at Installation]

This is the function of setting during the initial environment construction of a Management Server/Master Management Server.

• Construct, delete, or show information of database

• System setting

• Active Directory linkage setting

• Server information setting

• Other system linkage setting

Refer to "2.3.3 Construct Database" for details on the features to construct, delete and show information on the database.

[Operation Information Setting]

This is the function of registering an administrator and setting the content and the operation for notifying the administrator during the process of operation. Set at initial environment construction.

• Administrator information setting

• Administrator notification setting

For Administrator information setting, register the user of "Management Console and Log Viewer" with access authority at the time of installation.

[Environment Setup]

This is the function used at the communication environment setup and maintenance of the Management Server.

• Management Server setting

• Trace setting

• Folder/CT self version upgrade settings

For the setting of target folder in the folder/CT self version upgrade settings

, confirm there is no problem in the initial setting at the time of installation.

[Tool]

This is the function used during silent installation of the client (CT).

• Generate CT silent installation file

Refer to "2.6.1.2 Perform Silent Installation" for details on CT silent installation file generation function.

The startup method of the Sever Setting Tool is as follows:

1. Log in Windows with the user that belongs to the Administrators group or the user that belongs to the Domain Admins group.

2. Select Systemwalker Desktop Keeper > Server > Server Settings Tool from Start/Apps. The login window will be displayed.

3. Log in with the primary administrator's account, which is:

   • User ID: secureadmin

   • Password: Specify the password modified after installation of Management Server or Master Management Server.

   In addition, a user registered in the Sever Settings Tool (requesting access authority executable by the Management Console) can be used to log in, but the functions that can be used are limited to Administrator notification settings.

   The password is set to "secureadmin" immediately after installing the Management Server.

4. Click the OK button. The following window will be displayed.

   

   The following describes the menu bar in the Sever settings tool window.

   Menu bar			Function summary
   File	End		To exit Sever Setting Tool.
   Service	Confirm Service Status		To display the operation status of Level Control Service and Server Service on the target server.
   	Start Service		To start Level Control Service and Server Service on the target server.
   	Stop Service		To stop Level Control Service and Server Service on the target server.
   Settings	Execute Active Directory Linkage		To execute the processing of Active Directory Linkage.
   	Execute Systemwalker Desktop Patrol Linkage		To execute the processing of linking with Systemwalker Desktop Patrol.
   	Change Password		To modify the password of primary administrator; Specify the password within 32 single-bytes alphanumeric characters and symbols. The following symbols cannot be specified: & < > | \ " ~ ' ? : ^ Single-byte and double-byte spaces cannot be entered.
   	Trace Server Settings Tool	OFF	Trace of Sever Setting Tool will not be collected.
   		Summary	Trace of Sever Setting Tool will be collected in summary mode.
   		Details	Trace of Sever Setting Tool will be collected in details mode.
   Help	Online Help		To display the online manual of Systemwalker Desktop Keeper.
   	Version Information		To display copyright information and version information.

   To close the Sever settings , select End of the File menu.

The steps for configuring the server environment after the installation of a Management Server/Master Management Server and database construction are as follows:

How to start service

The method to start service of the Management Server is as follows:

1. Select Start Service from the Service menu of the Sever settings tool window.

2. After the service startup confirmation window is displayed, click the OK button.

Select Confirm Service Status from the Service menu of the Sever settings tool window to check if the service has been started.

Event ID: 3403s
Type: Error
Source: SWDTK_LC

Perform the settings related to overall system operation of Systemwalker Desktop Keeper Management Server.

The system setting procedure is as follows:

1. Click the System settings button from the menu of Sever Setting Tool.

   The System Setting window is displayed.

   

   [Set data linkage method]

   Item Name		Description
   Active Directory linkage		To set whether to perform Active Directory Linkage or not. The setting has been specified at installation of the Management Server. Therefore, the setting should be performed when changing the settings at installation of the Management Server. Execute Active Directory linkage When "Execute Active Directory linkage" is selected, the following information is created according to the information of Active Directory. Therefore, it is not necessary to set in Systemwalker Desktop Keeper. When linking with Active Directory, information of local management not linked can also be set. CT group and tree information CT group affiliation information of the client (CT) User group and tree information User name User group affiliation information of user name Not execute Active Directory linkage To select when it is not linked with Active Directory. When "Not execute Active Directory linkage" is selected, the configuration information of Systemwalker Desktop Patrol cannot be imported. In addition, the information of the product cannot be output to Systemwalker Desktop Patrol. After using Systemwalker Desktop Keeper and when changing the setting of active directory linkage, refer to the "Change Import Method of Configuration Information" in the Systemwalker Desktop Keeper User's Guide for Administrator.
   	Status when creating user	For a new user of Active Directory, select Do not Apply User Policy when importing under the Not apply user policy status.
   	Operation for CT/User who does not register to Active Directory	Specify the handling of client (CT) and user ID not registered to Active Directory. (Handle client (CT)/user ID under local management.) This setting has been specified at the installation of the Management Server. Therefore, set when changing the setting at the installation of the Management Server. Allow administrators of all departments This is selected when all department administrators are allowed to process the client (CT) and user ID that are not registered to Active Directory. Only limited to the specified department administrator Only the administrators specified in the Management Console are allowed to process the client (CT) and user ID that are not registered to Active Directory. When this is set to not link with Active Directory, it is limited to specified department administrators only. When the setting is "Only limited to the specified department administrator", the department administrators cannot set local group affiliation, CT and user directly that belong to the local group will not be displayed. In this case, the system administrator should move the CT and user to the group that can be processed by department administrators.
   	View CT registered location	Select whether to acquire client (CT) location information through Active Directory or through corresponding files. Match with the computer location of Active Directory To select when acquiring location information of CT from Active Directory. Specify the computer responding to user name in the file Select this when acquiring the location information of the client (CT) from the "List of Correspondence between Computer and User". (In Active Directory, when computer information is not managed under level composition, association can be performed separately.) When this item is selected, click the Browse button to import corresponding files (in CSV format) that have already been created. The maximum length of the absolute path that can be specified is 255 single-byte characters (127 fullwidth characters). However, the following symbols should not be used in the file name. The following symbols cannot be specified: \ / : * ? " < > | For information on how to create corresponding files, refer to "Reference File of Active Directory Linkage" in Systemwalker Desktop Keeper Reference Manual.
   Manage user information		In a 3-level system structure, the setting of whether to perform collective management of the user policy information in the Master Management Server or not will be configured. Because this setting has been specified when the Management Server is installed, perform the setting when changing the setting at the time of Management Server installation. Manage collectively on Master Management Server (recommended) To select when managing the user policy information in the Master Management Server. When this is set as linked with Active Directory, it is unconditionally set as the Master Management Server. Manage on each Management Server(compatible with version earlier than V13.0) Select this when managing user policy information in each Management Server.

   [Same CT determination condition when registering CT]

   Item Name	Description
   MAC Address	Set whether the MAC address will also be taken as the judgment item for client (CT) consistency at client (CT) registration (re-registration) apart from computer name. Use Select this when MAC address is used as consistency judgment item. Not use Select this when MAC address is not used as consistency judgment item.
   Owner	Set whether the owner information will also be taken as the judgment item for client (CT) consistency at client (CT) registration (re-registration) apart from the computer name. Use Select this when owner's information is used as consistency judgment item. Not use Select this when owner's information is not used as consistency judgment item.
   OS Type	Set whether the OS type will also be taken as the judgment item for client (CT) consistency at client (CT) registration (re-registration) apart from computer name. In addition, Service Pack or version type will not be taken as consistency judgment condition. Use Select this when OS type is used as consistency judgment item. Not use Select this when OS type is not used as consistency judgment item.

   Tree displaying settings of department administrator

   Item Name	Description
   Display all groups (display forward compatibility)	To display the group tree that is displayed when Management Console or Log Viewer is started.
   Display group with management authority only	To display only the group that has administrator authority when Management Console or Log Viewer is started.

   Set group that is not configured group

   Item Name	Description
   Manage under the root directory (display forward compatibility)	To directly manage the client (CT) that is newly registered to Management Server and the client (CT) that does not belong to any group under the Root directory group.
   Manage under the group that is not configured	To directly manage the client (CT) that is newly registered to Management Server and the client (CT) that does not belong to any group under the unconfigured group. Perform the settings when the following operations are performed: When department administrator is expected to configure the client (CT) newly registered in the Management Server; When department administrator is expected to manage the policy of the client (CT) that does not belong to any group. Note About the status window and Log Viewer Department administrator cannot view the group that is not configured. Only the system administrator can view the group that is not configured. About Log Analyzer or Report Output Tool Even this setting has been performed in Log Analyzer or Report Output Tool, the client (CT) will not be managed in the "Unconfigured" group, but in the "root" group instead.

   Connection information between terminals

   Item Name	Description
   Manage	To manage the information of remote connection to physical PC and virtual PC.
   Not manage	Not manage the information of remote connection to physical PC and virtual PC.

   Encoding for I/O files

   Item	Description
   Shift-JIS (not selectable)	Specify Shift-JIS as the encoding format for I/O files.
   UTF-8	Specify UTF-8 as the encoding format for I/O files.

2. Confirm the content of settings and change according to the needs. Click the Set button.

When linking with Active Directory, set the server information of the Active Directory to be linked.

The steps for Active Directory linkage setting are as follows.

1. Click Active Directory linkage settings in the menu of the Sever settings tool.

   The Active Directory Linkage Settings window is displayed.

   

   Item Name	Description
   Computer name	Enter the computer name of the Active Directory to be linked. Up to 15 single-byte characters can be entered. Only single-byte alphanumeric characters and hyphen "-" can be entered (Hyphen "-" should not be specified at the beginning or the end). When computer name has been omitted, NetBIOS name will be acquired according to the domain address and registered to the database. "(Automatic Judgment)" will be displayed on the window.
   Domain name (required)	Enter the domain name of the Active Directory to be linked. Specify up to 155 halfwidth alphanumeric characters, periods and hyphens (however, do not specify periods or hyphens at the beginning or at the end). IP address and NetBIOS domain name cannot be entered. Specification example: desktopkeeper.domain.com There is only 1 Active Directory server (domain) that can be linked.
   NetBIOS name (required)	NetBIOS name. If you click Add or Update with no value is specified, the DNS will be browsed based on Domain name and the NetBIOS name will be obtained. If the NetBIOS name cannot be obtained, you will need to specify it manually. Specify up to 16 halfwidth characters and the following symbols: ~ ! @ # $ % ^ & ( ) _ - { } [ ] ' . /
   Execute linkage (required)	Set to execute or stop Active Directory linkage. Execute To execute Active Directory linkage. Stop To stop Active Directory linkage. When scheduler is used to execute Active Directory linkage, this should be used when the linkage is stopped temporarily.
   User Name (required)	Enter the user name registered in Active Directory for viewing the information of Active Directory (before @ of the logon name of user in Active Directory). Up to 40 single-byte characters can be entered. Characters that can be entered include single-byte alphanumeric characters, spaces and the following symbols: ! # $ % & ' ( ) - . ^ _ ` { } As long as the user is registered in Active Directory, you will be able to link with Active Directory no matter what user is specified.
   Password (first entry) (required when adding)	Enter the password of the above user name. Up to 32 single-byte characters can be entered. Characters that can be entered include single-byte alphanumeric characters, spaces and the following symbols: ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /
   Password (re-entry) (required when adding)	In order to avoid wrong registration, enter the password again.

2. Enter the required setting items, and click the Add button.

3. Click the Close button.

Information of the server will be registered during initial installation. In a 3-level system structure, information of other relevant servers will be set.

Steps to set server information are as follows:

1. Click the Server information settings button in the menu of Sever settings tool.

   The Server Information Settings window is displayed.

   

   Item Name	Description
   Node type	Select the classification of the server node to be set. Own node Select this in the following cases: When setting 2-level Management Server When setting this server on 3-level Master Management Server When setting this server on 3-level Management Server. Local node information will be registered as initial status. Select at the time of update. Other node Select this in case of setting other servers: When setting a Master Management Server on the 3-level Management Server In a 3-level Master Management Server: Information of other nodes will be automatically registered when the communication with Management Server is started. Therefore, it is not necessary to set the information of other nodes. In a 2-level the Management Server: Register only the local node and the node of Master Management Server. Do not set the node of other Management Server.
   Node name	Enter the node name of the server being set. Up to 36 single-byte characters can be entered. Only single-byte alphanumeric characters and hyphen "-" can be entered (hyphen "-" should not be specified at the beginning or the end). Single-byte lower-case letter will be automatically converted to single-byte upper-case letter. It will automatically set as the local computer name under local node, but will set to "NODE" when it is unable to acquire from the system or the computer name exceeds 16 characters. Set again at this time if necessary.
   Computer name	When the node is classified as local node, enter the computer name of the server. When the node is classified as other node, enter the computer name of Master Management Server. Up to 15 single-byte characters can be entered. Only single-byte letters, numbers and hyphen "-" can be entered (hyphen "-" should not be specified at the beginning or the end). Under local node, the computer name will be set automatically. However, when it is unable to acquire from the system or the computer name exceeds 16 characters, it will be set to "COMPUTER". Set again at this time if necessary. The computer name set here will be displayed in the CT group of the Management Console.
   Server IP address or server name	When the node is classified as local node, enter the IP address of the server. When the node is classified as other node, enter the IP address of the Master Management Server. In addition, under local node, the IP address of the computer will be set automatically during construction of the database. However, when it is unable to acquire from the system or the IP address has not been set at the time of registration, it will be set to loop back address. Reset at this time. If a server name is specified: Specify up to 15 halfwidth alphanumeric characters and hyphens (-). Do not specify only numbers. If an IPv4 address is specified: Specify up to 15 halfwidth numbers and periods (.). If an IPv6 address is specified: Specify up to 39 halfwidth letters (A-F, a-f), numbers, and colons (:). - Do not specify a link-local address, otherwise behavior is not guaranteed. Note: It is necessary to be able to resolve the host name of the Management Server or Master Management Server on each machine. Otherwise, communication will not be possible between the Master Management Server and Management Server, and between the Management Server or Master Management Server and the client (CT). Note: IPv6 addresses can be abbreviated using RFC 5952-compliant format.
   Server classification	Enter the classification of server. Root Server: Select this in case of an upper-level server: When it is the Management Server of 2-level system; When it is the Master Management Server of 3-level system. Sub-Level Server Select this in case of a sub-level server: When it is the Management Server of 3-level system. In initial status, it will be set to "Root Server" (not relying on construction options).
   Update date and time	To display the date on which the server information is updated. The date of updating other nodes (Management Server) in the Master Management Server of 3-level system will be updated when the level control service is started in other nodes (Management Server). The date of updating other nodes (Master Management Server) in a Management Server of a 3-level system is blank. In initial status, the date of database construction will be displayed in the list.
   Registration date and time	To display the date on which the server information is registered. The date of registering other nodes (Management Server) in the Master Management Server of 3 a-level system will be registered when the level control service is started in other nodes (Management Server) for the first time. In initial status, the date of database construction will be displayed in the list.

2. Enter the required setting items and click the Add button.

3. Click the Close button.

Perform the setting when Systemwalker Desktop Patrol configuration information is imported automatically.

1. Click the Other system linkage settings button in the menu of Sever Setting Tool.

2. The Other System Linkage Settings window is displayed.

   

   Item Name	Description
   Import configuration information	Select this when the configuration information of Systemwalker Desktop Patrol is imported automatically.
   Start time	Time to start the automatic import. Only takes effect if Import configuration information is selected. Note Do not set the time frame when the Management Server service is stopped.

   Note

   If the configuration information of Systemwalker Desktop Patrol is imported automatically, it is necessary to specify the URL of Systemwalker Desktop Patrol in URL of Desktop Patrol under Environment Setup in the global navigation of the web console.

Register the authenticated user of the Management Console, Log Viewer, Log Analyzer, status window, environment setup, report output tool, backup tool and restoration tool. In addition, when department management mode is used, register the department administrator. During installation, make sure to register the administrator whose access authority is "Management Console and Log Viewer".

However, in case of collectively managing user policy (user information) in the Master Management Server with a 3-level structure, if setting has been performed in the Master Management Server, then it is no need to set in the Management Servers. After the operation has been started, it will be reflected to all Management Servers automatically.

There are following two methods for the procedure of administrator information settings:

• Register administrators one by one;

• Use CSV file to register administrators collectively

1. Click the Administrator information settings button in the menu of Sever Setting Tool.

   The Administrator Information Settings window is displayed.

   

   Item Name				Description
   User ID				Up to 40 single-byte characters (20 double-byte characters) can be entered. It cannot contain spaces, halfwidth katakana, and the following symbols: & < > | \ " ~ ' ? : ^ Double-byte or single-byte spaces should not be entered. It is not case-sensitive.
   User name				Up to 40 single-byte characters (20 double-byte characters) of alphanumeric characters, Chinese characters and symbols can be entered.
   Access authority				Select the following authority. No Authority for Browsing Users that cannot execute Management Console, Log Viewer, Log Analyzer, status window, environment setup, report output tool, backup tool, backup command, restoration tool and Sever Settings Tool (some functions) (to use when they do not have execution authority temporarily) Log Viewer Users that can only execute Log Viewer, Log Analyzer, status window, environment setup, and report output tool. Management Console / Log Viewer Users that can execute Management Console, Log Viewer, Log Analyzer, status window, environment setup, report output tool and Sever Settings Tool (partial functions). Management Console Users that can execute the administrator notification setting of the Management Console and Sever Settings Tool. (Department Administrator) Log Viewer Department administrators that can only execute Log Viewer, status window and report output tool. (Department Administrator) Log Viewer / Management Console Department administrators that can execute Management Console, Log Viewer, status window and report output tool. (Department Administrator) Management Console Department administrators that can only execute Management Console. Backup / Restore Users that can execute backup tool, restoration command and restoration tool.
   Password (first entry)				Specify up to 32 halfwidth alphanumeric characters, except for spaces and the following symbols: & < > | \ " ~ ' ? : ^
   Password (re-entry)				In order to avoid wrong registrations, re-enter the password.
   E-mail address				Enter the E-mail address of registered user. Specify up to 255 bytes (can be a combination of fullwidth and halfwidth characters), except for the following: < > ( ) [ ] \ : ; "
   Notes				Up to 256 single-byte characters (128 double-byte characters) of alphanumeric characters, Chinese characters and symbols can be entered.
   Detailed authority	Management	Import CSV file		Select when granting the following execution authority in the Management Console to the registered users (selected). Import user information of user policy Import configuration information through Systemwalker Desktop Patrol linkage
   		Save CSV file		Select when granting the following execution authority in Management Console to the registered user (selected). User information export of user policy Export configuration information through Systemwalker Desktop Patrol linkage
   		Register/ update/ delete USB device		Select when granting the operation authority of the USB device individual identification function in the Management Console to the registered user (selected).
   			Unable to use other functions	Select when granting registration/modification/deletion authorities to USB device through Management Console (selected). This can only be set when the setting of Access Authority is (Department Administrator) Management Console.
   	Log Viewer	Save CSV file		Select when granting the execution authority of CSV export log in the Log Viewer to the registered user (selected).
   		View/save attached information		Select when granting the following execution authorities in the Log Viewer to the registered user (selected): Display the image of screen capture data Save original backup file
   		Save E-mail contents		Select when granting the following execution authorities in the Log Viewer to registered user (selected): View the content of sent E-mail View the content of file attachment
   		View Configuration Change Log		Select when granting the view authorities of configuration change logs in the Log Viewer to the registered user (selected).
   		View backup log		Select when granting the view authorities of backup log logs in the Log Viewer to the registered user (selected).
   Password change date				Display the last date on which the password is changed.
   Update date and time				Display the date on which the user information is updated.
   Registration date and time				Display the date on which the user information is registered.

2. Enter necessary setting items and click Add.
   Repeated the Step 2. for continuous setting.

3. Click Close.

The following describes how to register administrators collectively by using the administrator information file.

For administrator information file, refer to "Administrator Information File" in the Systemwalker Desktop Keeper Reference Manual.

1. Click the Administrator information settings button in the menu of Sever Setting Tool.

2. Select Import file. The following window will be displayed.

   

   Item Name	Description
   Import file (required)	Specify the created CSV file. The specification method is as follows. Enter the file name with full path. Enter with a full path till the CSV file to be imported in the input field. Enter through the Browse button. When Specify the imported file window is displayed, specify the importing CSV file and click the Save button. The length of the full path that can be specified should be no more than 218 single-byte characters (109 double-byte characters). The following symbols cannot be used as the file name. The following symbols cannot be specified: \ / : * ? " < > |
   Execution log file (required)	Specify the file to output execution result when importing CSV file. The error during import will also be output in this file. The specification method is as follows. Enter the file name with full path. Enter with a full path till the log file to be output in the input field. Enter through the Browse button. When Specify the executed log file window is displayed, specify the log file to be exported and click the Save button. The length of the full path that can be specified should be no more than 218 single-byte characters (109 double-byte characters). The following symbols cannot be used as the file name. The following symbols cannot be specified: \ / : * ? " < > |
   When execution log file exists (required)	In Execution log file, select the exporting method when the file for log output has been already specified. Add Add execution log with the previous information being retained. Overwrite Output execution log without retaining the previous information.

3. Enter all the items and click the Start Import button. The Display the import status of administrator information window will be displayed, and processing will be started.

4. Confirm the information displayed in the execution status, and click the OK button.

This section describes how to output administrator information.

For administrator information file, refer to "Administrator Information File" in Systemwalker Desktop Keeper Reference Manual.

1. Click the Administrator information settings button in the menu of Sever Setting Tool.

2. Select Output file. The following window will be displayed.

   

   Item Name	Description
   Export file (required)	Specify the CSV file to be output. The specification method is as follows. Enter the file name with full path. Enter with a full path till the CSV file to be imported in the input field. Enter through the Browse button. When Specify the output file window is displayed, specify the importing CSV file and click the Save button. The length of the full path that can be specified should be no more than 218 single-byte characters (109 double-byte characters). The following symbols cannot be used as the file name. The following symbols cannot be specified: \ / : * ? " < > |
   Execution log file (required)	Specify the file to output execution result when importing CSV file. The error during import will also be output in this file. The specification method is as follows. Enter the file name with full path. Enter with a full path till the log file to be output in the input field. Enter through the Browse button. When Specify the executed log file window is displayed, specify the log file to be exported and click the Save button. The length of the full path can be specified should be no more than 218 single-byte characters (109 double-byte characters). The following symbols cannot be used as the file name. The following symbols cannot be specified: \ / : * ? " < > |
   When execution log file exists (required)	In Execution log file, select the exporting method when the file for log output has been already specified. Add Add execution log with the previous information being retained. Overwrite Output execution log without retaining the previous information.

3. Enter all the items and click the Start export button.

Events occurred in the client (CT) and database can be notified to the administrator (E-mail notification, writing to event log).

Events that can be notified and timing of notification are as follows:

• Notification of prohibition operation and violation operation in the client (CT).

  Notify immediately after prohibition logs are collected.

  System administrator and department administrator can be notified by E-mail.

• Notification of database exception

  Notify when the threshold of database space and disk space is reached.

  Notify immediately when there is no available database space and it is unable to write information into the database.

  Only notification to the system administrator by E-mail is allowed.

• Notification of client (CT) information

  When the client (CT) is started, notify immediately when Management Server detects modification of client (CT) information.

  System administrator and department administrator of CT group can be notified by E-mail.

When notifying the department administrator, refer to "Allocate Department Administrator" in Systemwalker Desktop Keeper User's Guide for Administrator.

The steps to set administrator notification are as follows:

1. Click the Administrator notification settings button in the menu of Sever Settings Tool.

   The Administrator Notification settings window is displayed.

   

   [Action when detecting the prohibition logs]

   Set whether the E-mail notification to administrator or writing to event log exists when each prohibition log is detected.

   The following types of logs can be set:

   • Application startup prohibition

   • Printing prohibition

   • Logon prohibition

   • PrintScreen key prohibition

   • E-mail attachment prohibition

   • FTP operation prohibition
     When FTP server connection prohibition log is detected.

   • Web operation prohibition
     When URL access prohibition log, Web upload prohibition log and Web download prohibition log are detected.

   • Clipboard operation prohibition
     When clipboard operation prohibition log is detected.

   • Linkage application log violation
     Note: In case of linkage application log (classified as violation)

   • Device configuration change log violation

   Note

   Email notifications for the smart device (agent) administrator and writing to the event log

   The following violation logs recorded using the smart device (agent) belong to the Device configuration change log, however, email notifications to the administrator and writing to the event log will not be performed.

   • Wi-Fi connection prohibition log

   • Bluetooth connection prohibition log

   • Application usage prohibition log

   As actions when all logs are detected, the contents that can be set are as follows:

   Item Name	Description
   E-mail notification to administrator	Yes Send notification E-mail when detected. No Do not send notification E-mail when detected.
   Write event log	Yes Write violation log information to event log when detected. No Do not write violation log information to event log when detected.

   [Action when the space is insufficient]

   Set whether to notify the administrator by E-mail or write to event log when the disk for writing collected log is insufficient.

   Types of space that can be set are as follows:

   • Notification when DB space is insufficient

     1. When available space in database becomes insufficient, information cannot be written to the database.

     2. When available space in database is lower than the value set in the [Threshold value when the space is insufficient].

     The database availability check is performed at the following timing:
     - When the date is changed (0:00)

   • Notification when the disk space is insufficient

     Disk space is insufficient, i.e. the available space of the disk in which the following specified folders are located is lower than the value set in Threshold value when the space is insufficient.

     - Attached data saving folder

     - E-mail content folder

     - Command log folder

     - Collective log sending folder

     - Trace log folder

     - Trouble investigation data saving target folder

     - Automatic backup target folder

   When space is insufficient, the contents that can be set are as follows:

   Item Name	Description
   E-mail notification to administrator	Yes Send notification E-mail when detected. No Do not send notification E-mail when detected.
   Write event log	Yes Write violation log information to event log when detected. No Do not write violation log information to event log when detected.
   Threshold value when the space is insufficient Note: When database space is insufficient	Set the value for domain value of notification at insufficiency by specifying % (unit: insufficiency %). Positive integer within 5-20 can be set. Enter when at least one item of E-mail notification to administrator and Write event log is set to Yes. Initial value is 5%.
   Threshold value when the space is insufficient Note: When disk space is insufficient	Set the value for domain value of notification at insufficiency by specifying % (unit: insufficiency %) or capacity (unit: insufficiency MB). Enter when at least one item of E-mail Notification to Administrator and Write event log is set to Yes. When both domain value values of notification have been set for both % and capacity specification at the time of insufficiency, the domain value of smaller capacity will be effective. Positive integer within 1-20 can be set in % specification. Initial value is less than 3%. Positive integer within 100-99999 can be set in capacity specification. There is no initial value. In addition, when entering 100MB, the value calculated by the following calculation formula can be set. 100*1024*1024=104,857,600 bytes

   [Monitoring action Of CT]

   Set this to notify the administrator by email and write to the event log on startup of the client (CT) if the client (CT) information has been changed.

   The notification content that can be set are as follows:

   • When the deviation exceeding the reference time exists

     System time of the client (CT) and the system time of the Management Server have deviation that exceeds the standard time.

     A check for deviations is performed upon communication with the Management Server during client registration or after the operating system starts up on the client.

   • Notification when the client information is abnormal

     When intrinsic information "CTID" is detected on the client (CT) repeatedly.

     Notify administrator and event log about the event described as "MAC Address Modification".

     Repetition of "CTID" may occur when the master PC is used to extend the client (CT).

   • CT notification being collected and traced

     When client (CT) that is collecting and tracking is detected.

     By notifying the administrator the client (CT) in the status of trace and collection, this can be set as trace not collected by administrator.

     Checking of the client (CT) during trace collection will be performed at the following timing:
     - When the Systemwalker Desktop Keeper service starts (including when the server starts)
     - When the date changes (0:00)

     The setting will be valid within 1 month after the last logon date. Therefore, no notification will be issued after it exists in the environment that has not been cancelled by the file server for more than one month.

   For the client (CT) monitoring action, the contents that can be set are as follows:

   Item Name	Description
   E-mail notification to administrator	Yes Send notification E-mail when detected. No Not send notification E-mail when detected.
   Write event log	Yes Write violation log information to event log when detected. No Not write violation log information to event log when detected.
   Notification (note)	Taking minute as unit, specify the time difference between the system time of the client (CT) and the system time of the Management Server. Positive integer within 30-999 can be set. Enter when at least one between E-mail notification to administrator and Write event log is set to Yes. Initial value is 60 minutes.

   Note: Setting items when Deviation that Exceeds Standard Time Exists.

   Note

   Email notifications for the smart device (agent) administrator and writing to the event log

   Email notifications to the administrator and writing to the event log will not be performed for the following notification items in the smart device (agent):

   • When the deviation exceeding the reference time exists

   • Notification when the client information is abnormal

   • CT notification being collected and traced

   Other Settings/E-mail addressee settings

   Click E-mail addressee settings. The E-mail Addressee Settings window will be displayed.

   Specify the required information for email notifications to the administrator.

   

   Item Name		Description
   Send mail server IP address or server name		When notifying the administrator by E-mail, enter the SMTP server name. If a server name is specified: Specify up to 255 halfwidth alphanumeric characters and hyphens (-), and halfwidth periods (.) as label delimiters. Symbols cannot be specified, except for halfwidth hyphens (-). When SMTP server name shall be restricted, use IP address to specify. Do not specify hyphens (-) at the beginning or at the end of the label. It cannot contain only numbers. If an IPv4 address is specified: Specify up to 15 halfwidth numbers and periods (.). A loopback address (127.0.0.1) cannot be specified. If an IPv6 address is specified: Specify up to 39 halfwidth letters (A-F, a-f), numbers, and colons (:). A loopback address (::1) cannot be specified. - Do not specify a link-local address, otherwise behavior is not guaranteed. Note: IPv6 addresses can be abbreviated using RFC 5952-compliant format.
   port number		Enter the port number used for sending E-mail. Initial value is 25.
   Perform SMTP authentication		Set whether to perform SMTP authentication in the communication with the E-mail sending server. Yes Select when performing SMTP authentication. No Select when SMTP authentication is not performed.
   	Authentication method	Select authentication method when Perform SMTP authentication is set to Yes. The methods that can be selected are as follows: CRAM-MD5 LOGIN PLAIN AUTO When AUTO is selected, authentication method will be automatically determined according to the following sequence. The initial value is AUTO. 1) CRAM-MD5 2) PLAIN 3) LOGIN
   	Authentication user ID	Enter the user ID when carrying out SMTP authentication in the communication with the E-mail sending server. Specify up to 40 halfwidth characters. Authentication user IDs including any of the characters below or comprised only of periods cannot be entered. \ / [ ] : | < > + = ; , ? * @ "
   	Authentication password (first entry)	Enter the password of SMTP authentication user ID. Specify up to 32 halfwidth characters, except for kana.
   	Authentication password (re-entry)	Re-enter the password in order to avoid wrong registration.
   E-mail address (TO)		Enter the address of E-mail recipient (To) when notifying the system administrator by E-mail. Specify up to 5 email addresses using up to 255 halfwidth characters, except for the following symbols: \ " ( ) [ ] < > , . ; : Specify up to 5 email addresses. Use a semicolon (;) to separate email addresses.
   E-mail address (CC)		Enter the address of E-mail recipient (CC) when notifying the system administrator by E-mail. It is not required to enter when not sending to CC. Specify up to 5 email addresses using up to 255 halfwidth characters, except for the following symbols: \ " ( ) [ ] < > , . ; : Specify up to 5 email addresses. Use a semicolon (;) to separate email addresses.
   E-mail address (FROM)		Enter the address of the E-mail sender when notifying the system administrator by E-mail. Specify up to 255 halfwidth characters, except for the following symbols: \ " ( ) [ ] < > , . ; :

   Other Settings/Email title settings

   Click Email title settings - the Email title settings window is displayed.

   Specify the title of email notifications for the administrator.

   

   Item Name	Description
   Prohibition log detection (required)	Title of email notifications for the administrator sent when prohibition logs are detected. Specify up to 255 bytes (can be a combination of fullwidth and halfwidth characters). The initial value is "Systemwalker Desktop Keeper WARNING Report at {@DATE} {@TIME}". To restore the initial value, click Initial value. Refer to "Parameters that can be set" for details.
   Operation when space is depleted (required)	Title of email notifications for the administrator sent when depletion of space is detected. Specify up to 255 bytes (can be a combination of fullwidth and halfwidth characters). The initial value is "Systemwalker Desktop Keeper WARNING Report at {@DATE} {@TIME}". To restore to the initial value, click Initial value. Refer to "Parameters that can be set" for details.
   CT monitoring operation (required)	Title of email notifications for the administrator sent when client (CT) information has been changed. Specify up to 255 bytes (can be a combination of fullwidth and halfwidth characters). The initial value is "Systemwalker Desktop Keeper WARNING Report at {@DATE} {@TIME}". To restore to the initial value, click Initial value. Refer to "Parameters that can be set" for details.

   Parameters that can be set

   The parameters that can be set for each notification are described below.

   Parameter	Content in the email title if specified	Prohibition log detection	Operation when space is depleted	CT monitoring operation
   {@DATE}	Operation date for logs notified to the administrator	Y	Y	Y
   {@TIME}	Operation time for logs notified to the administrator	Y	Y	Y
   {@KIND}	Type of log notified to the administrator	Y	N	Y
   {@SV}	Name of the (integrated) server where logs notified to the administrator have accumulated	Y	Y	Y
   {@CT}	Name of the client (CT) where the operations for which the logs are notified to the administrator were performed	Y	N	Y
   {@COMP}	Name of the client (CT) computer where the operations for which the logs are notified to the administrator were performed	Y	N	Y
   {@USER}	Name of the user that performed the operations for which the logs are notified to the administrator were performed	Y	N	Y
   {@ERR}	Errors that have occurred	N	Y	N

2. Enter the required setting items and click the Set button.

Format of notifying events occurred in the client (CT) and database to administrator by E-mail is as follows:

When using a dual stack client (CT), only IPv4 addresses are displayed in the device column.

This describes the format of the event occurred in the client (CT) and database displayed in the event viewer of Windows.

The notified information is displayed in "Application Log" of the event log of Windows. When using a dual stack client (CT), only IPv4 addresses are displayed in the device column. The displayed contents are describes as follows:

Set all kinds of folders in the Systemwalker Desktop Keeper Management Server.

The steps of setting the saving target folder are as follows:

1. Click the Folder/CT self version upgrade settings button in the menu of Sever Setting Tool.

   The Folder/CT Self Version Upgrade Settings window is displayed.

   

2. Confirm the initial value of saving target of the following information displayed in Folder settings. Click the Browse button to modify the saving target.

3. (It is not necessary to set CT self-version upgrade settings here. For the setting content, refer to "4.7 Upgrading the client (CT)".)

   [Folder settings]

   Item Name		Description
   Command line and log saving target settings		The method to specify the saving target folder of command log in Management Server is as follows: Enter folder name with full path. Enter the path of saving target folder of command log with full path. Network drive cannot be specified. Specify through the Browse button. The Browse For Folder window will be displayed. Select the folder to save command log and click the OK button. The length of the full path that can be specified is no more than 96 single-byte characters (48 double-byte characters). The following symbols cannot be specified in the folder name: \ / : * ? " < > |
   	Received data saving target	Specify the folder to save the data in operation.
   	Target for log viewing	Specify the folder to save data for log viewing. Specify when creating the log viewing database and restoring operation logs.
   Attached data saving target settings		Specify the saving target folder of additional data (screen capture data, original backup file, and clipboard operation original backup file) in the Management Server. The specification method is as follows: Enter folder name with full path. Enter the path of saving target folder of attached data with full path. Network drive cannot be specified. Specify through the Browse button. The Browse For Folder window will be displayed. Select the folder to save command log and click the OK button. The length of the full path that can be specified is no more than 96 single-byte characters (48 double-byte characters). The following symbols cannot be specified in the folder name: \ / : * ? " < > |
   	Received data saving target	Specify the folder to save the data in operation.
   	Target for log viewing	Specify the folder to save data for log viewing. Specify when creating the log viewing database and restoring operation logs.
   Collectively receiving log and data saving target settings		Specify the saving target folder of collective log data in the Management Server. The specification method is as follows: Enter folder name with full path. Enter the path of saving target folder of collective log data with full path. Network drive cannot be specified. Specify through the Browse button. The View Folder window will be displayed. Select the folder to save command log and click the OK button. The length of the full path that can be specified is no more than 96 single-byte characters (48 double-byte characters). The following symbols cannot be specified in the folder name: \ / : * ? " < > |
   E-mail content saving target settings		Specify the saving target folder of E-mail contents data (E-mail text and attachment) in the Management Server. The specification method is as follows: Enter folder name with full path. Enter the path of saving target folder of E-mail contents data with full path. Network drive cannot be specified. Specify through the Browse button. The Browse For Folder window will be displayed. Select the folder to save command log and click the OK button. The length of the full path that can be specified is no more than 96 single-byte characters (48 double-byte characters). The following symbols cannot be specified in the folder name: \ / : * ? " < > |
   	Received data saving target	Specify the folder to save the data in operation.
   	Target for log viewing	Specify the folder to save data for log viewing. Specify when creating the log viewing database and restoring operation logs.
   Failure investigation data saving target settings		Specify the saving target folder of QSS (Trouble Investigation Data) collected remotely in the Management Server. The specification method is as follows: Enter folder name with full path. Enter the path of saving target folder of trouble investigation data with full path. Network drive cannot be specified. Specify through the Browse button. The Browse For Folder window will be displayed. Select the folder to save command log and click the OK button. The length of the full path that can be specified is no more than 96 single-byte characters (48 double-byte characters). The following symbols cannot be specified in the folder name: \ / : * ? " < > |