Top
Systemwalker Desktop Keeper User's Guide for Administrator
FUJITSU Software

1.2.1 General Functions

Policies that can be set on client (CT) and smart device (agent)

The Management Console allows setting all policies for clients (CTs) and smart devices (agents), but which ones will take effect depend on the device. If a policy is set but does not take effect on a specific device, the recording feature or prohibition feature will not operate.

Policy

Device

Client (CT)

Smart device

(agent) (Android)

Smart device

(agent) (iOS)

Log
(recording feature)

Application startup

Y

N

N

Application termination

Y

N

N

Window title obtaining

Y

N

N

E-Mail Sending/E-mail sending interruption

Y

N

N

E-mail receiving

Y

N

N

Command operation

Y

N

N

Device configuration change

Y

N

N

Printing operation

Y

N

N

File export

Y

N

N

PrintScreen key operation

Y

N

N

Web operation

Y

N

N

FTP operation

Y

N

N

File operation

Y

N

N

Logon,Logoff

Y

N

N

Clipboard operation

Y

N

N

Environment change

Y

N

N

Linkage application

Y

N

N

Web access

N

Y

N

SD card mount/unmount

N

Y

N

SIM card mount/unmount

N

Y

N

Wi-Fi connection

N

Y

N

Bluetooth connection

N

Y

N

Incoming/outgoing calls

N

Y

N

Application usage

N

Y

N

Application configuration change

N

Y

N

Prohibition feature

File access control

Y

N

N

Device prohibition

Y

N

N

Application startup prohibition

Y

N

N

Print prohibition

Y

N

N

PrintScreen key prohibition

Y

N

N

Logon prohibition

Y

N

N

Attachment prohibition

Y

N

N

URL access prohibition

Y

N

N

FTP operation prohibition

Y

N

N

Web operation prohibition

Y

N

N

Clipboard operation prohibition

Y

N

N

Wi-Fi connection prohibition

N

Y

N

Bluetooth connection prohibition

N

Y

N

Application usage prohibition

N

Y

N

Device Functionality usage

N

N

Y

Application usage

N

N

Y

iCloud usage

N

N

Y

Security and privacy settings

N

N

Y

Content Ratings settings

N

N

Y

Y: The recording and prohibition features operate when this is set as a policy on Management Console.
N: The recording and prohibition features do not operate even when this is set as a policy on Management Console.

About character code that can be processed in Systemwalker Desktop Keeper

There are following two types of character code that can be processed in Systemwalker Desktop Keeper. Other character code will be converted to "?".

Support for Unicode characters in clients (CTs) and smart devices (agents)

Operation logs and prohibition logs collected by a client (CT) or smart device (agent) are stored using Unicode characters.

Any collected application log that cannot handle Unicode characters may be recorded as "?".

When performing the export operations below using the Export Utility, UNICODE characters cannot be specified in the export source or the export destination file and folder names.

  • Standard exports to DVD/CD

Support for Unicode characters in Management Console

Entry and display operations in Management Console use Unicode characters.

However, if you have specified ShiftJIS for Encoding for I/O files in Server Settings Tool, any Unicode characters in an input file will not be displayed properly. If an output file contains Unicode characters, they will be converted to "?".

Support for Unicode characters in the Log Viewer

Entry and display operations in the Log Viewer use Unicode characters.

However, if you have specified ShiftJIS for Encoding for I/O files in Server Settings Tool, Unicode characters in the output file will be converted to "?".

Support for Unicode characters in other tools
  • Commands provided by Systemwalker Desktop Keeper and server-based tools such as Server Settings Tool do not support entry or display of Unicode characters.

When the user name used for logon to Windows contains Unicode characters
  • Do not use the following tools and commands that are provided by Systemwalker Desktop Keeper because they may not operate properly:

    • Tools and commands that are installed in the Management Server or Master Management Server

    • Tools and commands that are installed in Relay Server

    • The Policy Application Tool

  • You cannot perform encryption export to a DVD or CD by using the Export Utility.

Halfwidth and fullwidth characters and character count handled by Systemwalker Desktop Keeper

In Systemwalker Desktop Keeper, halfwidth character, fullwidth character, and character count are defined as follows:

  • Halfwidth character: A character with an ASCII code in the range 0x20 to 0x7E

    Space

    Symbols: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~

    Numeric characters: 0-9

    Alphabetic characters: A-Z, a-z

  • Fullwidth characters: Characters other than halfwidth characters

    Halfwidth katakana characters (the width that is generally used) are treated as fullwidth characters.

  • Character count: Each halfwidth character is counted as 1 character.

    Each UTF-16 2-byte fullwidth character is counted as 1 character.

    Each surrogate pair character uses 4 bytes to represent 1 character, so it is counted as 2 characters.

    Each combining character uses n bytes to represent 1 character, so it is counted as n/2 or less characters, depending on the combining character.

Operating system updates after installation of the client (CT)

Operating system updates after installation of the client (CT) are not supported.

If updates that do not change the operating system version (adding Windows 10 features, for example) are applied, CD/DVD devices cannot be referenced temporarily in some cases. In this case, recovery can be performed by restarting the operating system. If the issue persists, refer to "Considerations for Installation" > "Client (CT)" in the Installation Guide, and install the client (CT) again.

About monitoring methods for web communication

Monitoring operates using the hook method immediately after installation.

The differences between the local proxy method and hook method are as follows:

Item

Local proxy method

Hook method

Differences in operation logs that can be obtained

Web upload, Web download

  • Internet Explorer

  • Microsoft Edge

  • Firefox

  • Google Chrome

  • Internet Explorer

Mail send logs for Web email

  • Gmail

  • Outlook.com

  • Office365 Outlook

Cannot be obtained

Window title logs (with URL)

  • Internet Explorer

  • Microsoft Edge

  • Firefox

  • Google Chrome

  • Internet Explorer

  • Microsoft Edge

Differences in operations that can be prohibited

Web upload and download prohibition

  • Internet Explorer

  • Microsoft Edge

  • Firefox

  • Google Chrome

  • Internet Explorer

URL access prohibition

  • Internet Explorer

  • Microsoft Edge

  • Firefox

  • Google Chrome

  • Internet Explorer

  • Microsoft Edge

Differences in items that can be retrieved

Application Name retrieved when using Internet Explorer

Internet Explorer

iexplore / iexplore.exe

Application Name retrieved when using Microsoft Edge

Microsoft Edge

ApplicationFrameHost / ApplicationFrameHost.exe

Application Name retrieved when using Firefox

Firefox

firefox

Application Name retrieved when using Google Chrome

Google Chrome

chrome

File Name retrieved in Web upload operation logs

file name only

file name with full path

File Name retrieved in Web download operation logs

file name only

file name with full path

Differences in behavior after prohibition

An error message will be displayed in the tab where the prohibited URL was accessed. If a prohibited website is included inside a frame within a webpage, an error message will be displayed in that frame.

An error message will be displayed in a pop-up message.

The tab where the prohibited URL was accessed will be forcibly closed.

Operations on virtual OS

Not supported

Supported

If using the local proxy method, refer to "8.16 Changing the Web Communication Monitoring Method" for details.

Web communication monitoring using the local proxy method

If using the local proxy method as the web communication monitoring method, note the following:

Changing the proxy settings

If the proxy server settings of each device were changed after installing this product, the Automatically detect settings feature cannot be used. It is necessary to use the following procedure to change the proxy server settings.

If using the Internet options
  1. Open the Control Panel or in Internet Explorer, open Internet Options.

  2. In the Internet Properties window, click the Connections tab, and click LAN settings.

  3. In the Local Area Network (LAN) Settings window, set either of the following.

    1. Select Use automatic configuration script, enter the address, and click OK.
      Clear Automatically detect settings.

    2. Select Use a proxy server for your LAN, enter the address and port, and click OK.

If using the Windows 10 settings
  1. In the Start menu, open the Settings window.

  2. Click Network & Internet.

  3. Select Proxy, and set either of the following:

    1. Set Use setup script to "On", enter the script address and click Save.
      Set Automatically detect settings to "Off".

    1. Set Use a proxy server to "On", enter the address and port, and click Save.

Notes on the Web operation log and Web upload/download prohibition
  • The supported web services and notes are as follows:

    Web services

    Notes

    Dropbox

    • The Dropbox client (software that you install for use) is excluded as a target for monitoring.

    • If unable to synchronize the Dropbox client, change the proxy settings (no proxy, or manual).

    Dropbox Business

    Google Drive

    • Google Drive (software that you install for use) is excluded as a target for monitoring.

    • If unable to synchronize the Google Drive client, uninstall Google Drive client and reinstall it.

    Google Drive for Work

    OneDrive

    OneDrive (software that you install for use) is excluded as a target for monitoring.

    OneDrive for Business

  • When some kind of specification changes are made to the web services provided by each company, it may no longer be possible to collect logs or prohibit web uploads or downloads.