Timing for Policy Update
The timing for policy updates is as follows:
CT Policy
Client (CT)
When connection is established with the Master Management Server or Management Server for the first time after the client (CT) operating system is started
When CT policy is updated in the Management Console and the Update Immediately button is selected.
When Create Policy Application Tool is used.
When the automatic policy acquisition function is running.
Smart device (agent)
When Sync now is selected on the smart device (agent)
When the smart device (agent) is started
(When Synchronize when starting up is selected in the smart device (agent) settings window)
When automatic synchronization with the Management Server is executed (once per day between 12:00 and 13:00)
User Policy
Client (CT)
When logging on as the user that has been registered in the Master Management Server or Management Server.
When the Update button in the User Policy Settings window of the Management Console is selected and logging on with the user that has been registered in the Master Management Server or Management Server
When the Update button in the User Policy Settings window of the Management Console is selected to update CT policy immediately.
This is only valid for the logged on users.
When the automatic policy acquisition function is running.
This is only valid for the user that is logging on.
Smart device (agent)
The user policy cannot be applied to the smart device (agent).
Emergency procedure settings policy
Client (CT)
When malware is detected by the linked malware detection product
When Emergency Procedure Request is selected in the Log Viewer
When an emergency procedure is performed using the emergency procedure tool of the client (CT)
Smart device (agent)
The emergency procedure settings policy cannot be applied to the smart device (agent).
Point
About Automatic Policy Acquisition Function
The Automatic Policy Acquisition function is to obtain policy once every day when the client (CT) is installed on a PC that is always running (Example: file server). CT policy and user policy are obtained between 00:30 and 01:30 every day (if policies cannot be obtained during the time because the client (CT) was in sleep mode, for example, then policies will be obtained when it becomes possible).
In a situation where the client (CT) and Management Server are offline, and a user to whom the user policy is set is logged on, the user policy previously applied to the CT will be applied. For the CT to which the user policy of the logged-on user has never been applied, the CT policy will be applied.
Policy Change
The situation determines which policy will be valid for which operation that is performed by the system administrator (department administrator), client (CT), and smart device (agent) user.
This Department describes the relationship between operation content and valid policy.
To confirm the set policies, start the Management Console.
After the CT group to which the client (CT) and smart device (agent) to be confirmed belong has been selected in the CT group tree, if the client (CT) and smart device (agent) are selected from the CT list, the CT policy will be displayed in the policy list.
Select the User Policy Settings from the User Settings menu. After the user group to which the user expected to be confirmed belongs has been selected from in the displayed window, if a user is selected from the user list, the user policy will be displayed in the policy list.
Create a group.
The value of terminal initial settings is set as the group policy.
But in case of a 3-layer system structure, when creating a CT group in the subordinate Management Server under the Master Management Server by connecting to the Master Management Server, the policy that has been set in the Master Management Server will be set for this CT group.
Modify the group policy as needed.
The group policy will be modified as follows:
Modify the group policy of "CT Group 3" from "Terminal Initial Settings Value" to "Policy A".
After the CT is installed and the client (CT) has communicated with the Management Server, the terminal initial settings value will be set as CT policy.
Move the client (CT) to each group.
In the CT policy of the client (CT) that is directly moved out from the Root directory, the value of terminal initial settings is set.
In the policy of the client (CT) for which "Apply Group Policy" check box is selected, the group policy of moving destination will be set.
Create a sub-group.
In the group policy of the created sub-group, the group policy of the upper class group will be set.
In addition, the modified CT policy of "CT1-2" from "Terminal Initial Settings Value" to "Policy B".
Move a CT.
Move a CT group.
After a CT group is moved, the subordinate CTs will be moved at the same time.
The moved CT group and CT policy will not be modified. It is still the policy before moving.
After the "Apply Group Policy" check box has been selected, even if the policy of the CT exists under the Root directly is updated immediately, CT policy will still be applied. The settings of "Apply Group Policy" will be invalid.
The relationship between user group policy and user policy is the same as the change of policy described in "Relationship between CT Group Policy and CT Policy".
This Department describes the policy that become valid during the client (CT) operation when CT policy and user policy are used at the same time. (The user policy will not be applied to the smart device (agent).)
The application of user policy is judged by the result of confirming whether the user information (user name) has been registered in the Master Management Server or Management Server, based on the user name that is input when logging on to Windows.
In this case, it has nothing to do with domain authentication status and confirmation is performed only according to the user name that is input when logging on to Windows. Therefore, even for the user name without domain authentication, if it is in accordance with the user information (user name) registered in the Master Management Server or Management Server, the user policy of this user information (user name) will be applied.
Select three users out of the five from "User (1) to User (5)" to register to the Management Server.
After the user is registered, set the user policy of "User (1)" to "User (3)" as follows:
User Name | User Policy |
---|---|
User (1) | Policy X |
User (2) | Policy Y |
User (3) | Policy Z |
User (4) and User (5) are not registered.
Start the client (CT).
After starting the service of Systemwalker Desktop Keeper, CT policy will take effect. (For the interval from PC startup to the startup of Systemwalker Desktop Keeper service, the settings of CT policy will become invalid.)
User (2) logs on to the client (CT).
User policy (Policy Y) takes effect.
It will take 2 to 3 minutes from the logon to Windows until the user policy is applied. CT policy will be valid before the user policy is applied. User (2) will be logged off.
CT policy will take effect.
User (3) logs on to the client (CT).
User policy (Policy Z) will take effect.
a) In the User Policy Settings window, after setting Not Using User Policy for User (3), the system administrator (department administrator) will click the Update button.
b) Then for the client (CT) to which the User (3) logs on, click Update Immediately in the CT policy settings window after the Management Console has been started.
CT policy is updated immediately.
c) In the User Policy Settings window, after canceling the settings of Do not Apply User Policy for User (3), the system administrator (department administrator) will click the Update button.
d) Then for the client (CT) to which the User (3) logs on, click Update Immediately in the CT policy settings window after the Management Console has been started.
User policy (Policy Z) is updated immediately.
User (3) will logoff.
CT policy will take effect.
User (4) logs on to the client (CT).
CT policy will be valid.
When the user that has not been registered has logged on, operate with CT policy.
User (4) will logoff.
CT policy will be valid.
Start the client (CT) when it is offline.
After the service of Systemwalker Desktop Keeper has been started, CT policy will take effect. (For the interval from PC startup to the startup of Systemwalker Desktop Keeper service, the settings of CT policy will become invalid.)
User (2) logs on to the client (CT).
As the client (CT) cannot get user information from Management Server when it is offline, CT policy will take effect.
When it becomes online during the logon process, user policy (Policy Y) will take effect. It will be 2 to 3 minutes from offline till the user policy is applied.
User (2) will logoff.
CT policy will take effect.
User (3) logons to the client (CT).
User policy (Policy Z) will take effect.
When it becomes offline during the logon process, the user policy will still be valid.
User (3) will logoff.
CT policy will take effect.