The security information of CT that can be collected as inventory information can be confirmed.
The procedure is as follows.
Log in to the main menu, and click PC Information.
The PC Information window will be displayed.
Click the Security Information
The following window will be displayed.
Select the section to be displayed.
The following window will be displayed.
Confirm the following security information.
System Security Info
User Security Info
Desktop Keeper Info
The selected window will be displayed. For display window, refer to the following description.
In addition, Desktop Keeper information will be displayed when the relevant product has been installed on CT.
The following window will be displayed. The number of PCs corresponding to the system security information can be confirmed.
The following items can be confirmed.
Category | Information | Description |
|---|---|---|
Hardware | BIOS Startup Password | Settings of startup password (password used by user) |
BIOS Setup Password | Settings of the setting password (password used by administrator) | |
BIOS Hard Disk Password | Settings of hard disk password | |
OS | Automatic Logon | Settings of automatic logon |
Welcome Screen | Settings of displaying the welcome window | |
Last User Name | Settings of displaying the user name that logged on at last | |
Security of Guest Account | Existence of password settings of Guest account and the inappropriate password | |
Settings of Automatic Update | Enable or disable the automatic update of Windows Update | |
User Account Control (UAC) | Enable or disable the User Account Control (UAC) of Windows Vista(R), Windows(R) 7, Windows(R) 8, Windows(R) 10, Windows Server(R) 2008, Windows Server(R) 2012 and Windows Server(R) 2016 | |
Insecure Shared Folder | Existence of shared folder that can be accessed by everyone authority | |
Require a Password on Wakeup | Set the password when restoring from standby | |
Set Complicated Password Required | Existence of complex password setting | |
Application | Firewall | Settings of firewall |
Real-time Scan Status of Anti-virus Software | Settings of real-time search of anti-virus software | |
Scheduled scan status of Anti-virus software | Status of scheduled scan of anti-virus software | |
Scan Scope of Anti-virus Software | Target scanning range of anti-virus software |
The meaning of content of items is as follows.
The version level of Systemwalker Desktop Patrol CT indicates the number of PCs of the version prior to V13.0.0 or the number of PCs that does not support collection of information on BIOS.
In addition, for settings items added in each version level, the Systemwalker Desktop Patrol CT lower than each version level will be displayed as Unable to Collect.
Indicates the number of PCs in which the security items are not set.
Indicates the number of PCs in which the security items have been set.
The following describes the point of auditing of system security information.
Hardware
When various passwords of BIOS are not set, it will be audited as in low security.
Based on the PC manufacturer/model, part of PC does not enable password settings or the set value of password cannot be adopted.
Display of Automatic Logon and Last User Name of OS
When displaying the logon name in the logon window, it will be audited as in low security.
When setting to automatic logon, it will be audited as in lower security.
Welcome of OS
This is an auditing item for Windows(R) XP. The other OS will be included in Unable to Collect.
Use will always be set for operating systems other than Windows(R) XP.
Security of Guest Account of OS
When the Guest account is enabled, password is not set or an inappropriate password has been set (the password that is same as the user name), it will be audited as in low security.
In addition, it is allowed to not audit password, but to audit whether the Guest account is enabled.
To modify the auditing method, use the CustomPolicy.exe (Modify Policy for Customized Settings) command. For information on how to use the CustomPolicy.exe command, refer to Reference Manual.
Setting of Automatic Update of OS
When it is not set, it will be audited as in low security.
User Account Control (UAC) on the operating systems
If the UAC feature is disabled, or it is set to be promoted without displaying prompts (not notifying), it will be audited as decrease in security strength.
In the OS without UAC function, it will certainly be set as Unable to Collect.
Unsafe Shared Folder of OS
When the folder that can be accessed by the everyone authority, it will be audited as in low security.
Setting that Requires Complicated Password of OS
If no complex password is set in the Windows group policy, it will be audited as in low security.
Firewall and Real-time Search of Anti-virus Software of application
When it is not set, it will be audited as in low security.
The User Security Info window will be displayed. The number of users registered to the PC corresponding to the user security information can be confirmed.
The following items can be confirmed.
Category | Information | Description |
|---|---|---|
OS | Screen Saver | Start screensaver or not |
Screen Saver Password | Whether password is required when restoring from screensaver | |
Password of Logon User | Whether the password of logon user has been set, and inappropriate password | |
Internet Explorer | Internet Zone | Settings of IE security zone
|
Application | Google Desktop "Search Across Computers" | Enable/Disable the Data Search on Multiple Computers function |
The meaning of the content of items is as follows.
Indicates there is no number of logon users of the PC corresponding to the content.
Indicates the number of logon user of PC in which the security items are not set.
Indicates the number of logon user of PC in which the security items have been set.
The following describes the point of auditing of user security information.
Screensaver and Screensaver Password of OS
When not to start screensaver or no password for restoring from screensaver, it will be audited as in low security.
Password of Logon User of OS
When password is not set or an inappropriate password has been set (the password that is same as the user name), it will be audited as in low security.
Internet Zone of Internet Explorer
When the level of Internet zone is low, it will be audited as in low security.
Google Desktop "Data Search on Multiple Computers" function of application
When the Data Search on Multiple Computers function of Google Desktop is enabled, the index information of PC will be forwarded to the Google Desktop Server, so audit according to the security policy.
The Desktop Keeper Info window will be displayed. When Systemwalker Desktop Keeper is installed on client, the number of PC that corresponds to the security setting information of Systemwalker Desktop Keeper can be confirmed.
The meaning of the content of items is as follows.
Indicates the number of PCs without Systemwalker Desktop Keeper installed or the version level is the version prior to V13.0.0.
Indicates the number of PCs in which the security items of Systemwalker Desktop Keeper are not set.
Indicates the number of PCs in which the security items of Systemwalker Desktop Keeper have been set.
For each item, refer to the manual of "Systemwalker Desktop Keeper".
In addition, for the setting items added in each version of Systemwalker Desktop Keeper, since it is unable to collect from the Systemwalker Desktop Keeper of a version older than each version level, Unable to Collect will be displayed.
