Top
Systemwalker Desktop Keeper User's Guide for Administrator
FUJITSU Software

2.4.1 Perform Terminal Initial Settings

Set the conditions of prohibiting client (CT) and smart device (agent) operation and collected logs in the terminal initial settings.

In a 3-layer system structure, perform terminal initial settings in each the Management Server. Even if the terminal initial settings is performed in the Master Management Server, it cannot be reflected to a Management Server.

The procedure is as follows:

  1. Start Management Console

  2. Select Terminal Initial Settings from the Operation Settings menu.

    The Terminal Initial Settings window is displayed.

    Item Name

    Description

    Apply Group Policy

    When registering a new CT or creating a user, set whether to apply the policy of the group to which it belongs as its CT policy or user policy .

    When it is selected:
    The group policy of the group to which it belongs will be applied.

    When this item is selected in the Management Console window, the policy tree and policy list cannot be edited.
    When this item is selected in the User Policy Settings window, the policy tree and policy list cannot be edited.

    When it is not selected: (Initial Value)
    The group policy of the group to which it belongs will not be applied.

    For the CT or user under the Root directory, the settings are invalid.

  3. After setting each policy, click the Set button.
    Select a policy to be set from the tree.

When modifying the set terminal initial settings value (when setting the policy item added because of version upgrade/edition upgrade, or modifying the terminal initial settings value in the operation process), the policy should be updated for the CT after clicking the Set button.
Refer to "Modify CT Policy" or "3.4.2 Modify User Policy" for the policy reflection operation.

The following section describes the settings for each policy.

2.4.1.1 Log Collection Operation (Windows)

Specify the type of the log to be collected on the client (CT) in Windows > Log collection operation. When it is set to "Yes", the operation logs in the client (CT) will be collected.

The settings to be specified in Windows > Log collection operation are described below.

Item Name

Description

Application Startup Log

Application startup logs will be collected.
Initial Value: Yes is selected. (*1)

Application Termination Log

Application termination logs will be collected.
Initial Value: Yes is selected. (*1)

Window Title Obtaining Log(Web access log)

Window title logs at startup of window application will be collected.
Initial Value: Yes is selected. (*1)

E-mail Sending Log

E-mail sending logs will be collected.
Initial Value: Yes is selected. (*1)

E-mail content can be viewed

This can be set when E-mail Sending Log is "Yes".

When it is selected:
When the E-mail sending log or E-mail sending interruption log is collected, the sent E-mail content and attachment will be saved.
The authorized administrator can view the content of the sent E-mail and attachment.

When it is not selected: (Initial Value)
The content of the sent E-mail content and attachment will not be saved, so the contents of sent E-mail and attachment cannot be viewed.

E-mail Receiving Log

E-mail receiving logs will be collected.
Initial Value: Yes is selected. (*1)

E-mail content can be viewed

Can be set when E-mail Receiving Log is Yes.

When it is selected:
When the e-mail receiving log is collected, the received email content will be saved. Attachments are not saved.
The administrator with permissions can view the received email content.

When it is not selected (initial value):
The received email content will not be saved.

Device Configuration Change Log

Device configuration change logs will be collected.
Initial Value: Yes is selected. (*1)

Printing Operation Log

Printing logs will be collected.
Initial Value: Yes is selected. (*1)

When "Yes" is selected, input can be performed in the following policy:

  • Eco monitoring

File Export Log

Logs during file export with File Export Utility will be collected.
Initial Value: Yes is selected. (*1)

Backup Original File

This can be set when the File Export Utility option is "Yes".

When it is selected:
The original file of the file exported by File Export Utility will be backed up.

When it is not selected: (Initial Value)
The original file of the file exported by File Export Utility will not be backed up.

PrintScreen Key Operation Log

PrintScreen key operation logs will be collected.
This can be set when the Disabling PrintScreen Key of Print/PrintScreen is "No".
Initial Value: Yes is selected. (*1)

Capture Screen

This can be set when PrintScreen Key Operation Log is "Yes".

When it is selected:
The screen capture at the time point when PrintScreen key operation logs are collected will be recorded.

When it is not selected: (Initial Value)
The screen capture at the time point when PrintScreen key operation logs are collected will not be recorded.

Web Operation Log

The following log will be collected:

  • Web upload log

  • Web download log

Initial Value: Yes is selected. (1*)

FTP Operation Log

The following logs will be collected:

  • FTP upload log

  • FTP download log

Initial Value: Yes is selected. (*1)

Clipboard Operation Log(Virtual Environment)

Clipboard operation logs will be collected.

This can be set when Do not prohibit is selected for Clipboard > Prohibition of clipboard operation between different environments.

Initial Value: Yes is selected. (*1)

Backup Original File

This can be set when the Clipboard Operation Log (Virtual Environment) is set to "Yes".

When it is selected:
The information (text, image, file path) copied via clipboard can be backed up as original file.

When it is not selected: (Initial Value)
The information (text, image, file path) copied via clipboard will not be backed up as original file.

File Operation Log

File operation logs will be collected.
Initial Value: Yes is selected. (*1)

When "Yes" is selected, input can be performed in the following policies:

  • File operation

  • Extension

Logon, Logoff Log

The following logs will be collected:

  • Logon log

  • Logoff log

  • PC startup log

  • PC shutdown log

  • PC sleep log

  • PC restoration log

  • PC connection log

  • PC disconnection log

Initial Value: "Yes" is selected, and it cannot be modified.

In the Server Settings Tool, when Not Manage is selected in the Connection information between Terminals of System Settings, the item can be Modified to Yes or No.

Environment Change Log

Environment change logs will be collected.

Initial value: Yes is selected.(*1)

Logs with the type Emergency Procedure will be collected, regardless of the setting when the emergency procedure is implemented.

Linkage Application Log

Linkage application logs will be collected.
Initial Value: Yes is selected. (*1)

All

Select to collect all logs.

None

Select not to collect all logs.

*1: If the client (CT) was installed using custom installation, No is selected by default.

Note

About settings of Printing Operation Log

During the installation of the client (CT), when Monitoring the printing of local printer only is selected, it is assumed that the printing operation of the client (CT) is performed via the printer servers that are registered to the same Master Management Server or Management Server. (The client (CT) should also be installed on the printer sever.)
At the moment, printing logs will be collected from the printer server. Therefore, in the client (CT) that is not the printer server, even if the Printing Operation Log is set to Yes, the printing log will not be collected. However, if Printing Operation log] in the print server is set to Yes, the printing operation log can be collected.

About web communication monitoring methods

Web operation logs behave differently depending on the web communication monitoring method used. Refer to "1.2.27 Web Operation Log" for details.

Email send logs for web email are only obtained when using the local proxy method as the web communication monitoring method. Refer to "1.2.22 E-mail Sending Log" > "Web email" for details.

2.4.1.2 File Operation

The screening conditions for obtaining file operation logs can be set in File operation. Set the file location for log collection during access, and the process of log collection during startup. As the file operation logs can be selected and collected according to objectives, the search efficiency after collection can be improved.

The items in File operation can be set when Yes is selected in Windows > Log collection operation > File Operation Log.

Note

Do not register the software with many disk accesses.

Since the output of a large amount of logs will cause insufficient database capacity, do not register software that has significant access to disks such as antivirus software, disk check and repair software, etc.
In addition, as the software related to the OS may also output too many logs, register after confirming the performance and OS operation state on the test machine.

Initial Value Displayed in [List of File Operation log Obtaining Process]

EXE Name of Process

Select Record Operation

Select based on extension

Is it OK to delete?

Notes

Cmd.exe

Except view

Get all extensions

Not Allowed

Command Prompt

Explorer.exe

Except view

Get all extensions

Not Allowed

Explorer

fsw00ej2.exe

Except view

Get all extensions

Not Allowed

Command Prompt (DTK)

xcopy.exe

Except view

Get all extensions

Not Allowed

Copy Command

dllhost.exe

Except view

Get all extensions

Not Allowed

Explorer

File Operation Log Filter Operation Settings

Item Name

Description

File Operation Log Filter Operation Settings

Select the drive type as the targets for collection of file and folder operation logs can be selected.

Get All
(Initial Value)

Record the operations of all drives.

Get file access on removable drives only.]

Record the operation for the drive, the drive type of which is removable disk.

Get file access on network and removable drive only

Record the operation for the drive, the drive type of which is network and removable disk.

Detailed Settings

The File Operation Process - Detailed Settings window will be displayed.
Set the folder in which the file operation logs are not collected.

(This item cannot be set if No is selected in Windows > Log collection operation > File Operation Log.)

List of File Operation Log Obtaining Process

Item Name

Description

List of File Operation Log Obtaining Process

The processes and conditions during the obtaining of file operation logs are displayed in lists.
Initial Value: "Initial Value Displayed in [List of File Operation log Obtaining Process]" will be displayed.

Process EXE Name

Enter the EXE name of a process regarded as the target for the collection of file and folder operation logs.

Up to 254 single-byte characters can be entered.
(Alphabetic characters are not case-sensitive)

In addition, ".com", ".exe", or ".bin" can be entered in the extension of a process. However, if double-byte characters or the following symbols are used, error will occur.
"\" "/" ":" "*" "?" """ "<" ">" "|"

Initial Value: Not Specified.

Select Record Operation

Select the operation that is recorded as a log.

  • Get all
    The operations of all files and folders will be recorded.

  • Except view (Initial Value)
    The operations of files and folders apart from viewing will be recorded.

  • Do not get
    Operations of all files and folders will not be recorded.

Select according to Extension

Select the extension of the file name that is recorded as a log.

  • Get all extensions
    Select when collecting the file operation logs of all files (extensions) accessed by the process (application).
    In these files, in addition to data files, execution modules and temporary files indicated by the following extensions are also included:

    • exe

    • dll

    • ini

    • tmp

    • lnk

    • inf

  • Select extension (Initial Value)
    This is selected when collecting only the necessary file operation log.
    The operations of entering extensions in Extension will be recorded.

* When operating the process (application of files or folders in the similar way as Explorer and Get all extensions is selected, a large amount of View logs will be collected.
Therefore, it is recommended to select Select extension when collecting only the necessary operation logs, such as data files.

Notes

Enter the memo information of process name.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: Not Specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Add the entered information to the list.
Up to 30 cases of information can be registered including the number of processes that are preset in the system.

In addition, the changed information shall also be set.

Delete

Delete the selected information of List of File Operation Log Obtaining Processes.

When adding a process
Enter the above set items and click the Add/Update button.
Up to 30 cases of information can be registered including the number of processes that are preset in the system.

When updating the existing information
Select the lines to be updated from the List of File Operation Log Obtaining Processes, modify the following information and click the Add/Update button.
The EXE Name of Process cannot be updated. If the Can be Deleted or Not of a certain line is set to No, the Select Record Operation cannot be set to Get All.

When deleting information
Select the lines to be deleted from the List of File Operation Log Obtaining Processes, and click the Delete button.

But If the Is it OK to delete? of a certain line is set to No, the line cannot be deleted.

File Operation Process - Detailed Settings window

Set excluded folder for file operation log obtaining

Item Name

Description

OS Installation Folder

Select this check box when accessing the files on the OS installation folder but when the file operation logs are not to be obtained.
When it is selected, the file operation logs of folders and subfolders under the OS installation folder will become excluded targets.
(Initial Value): Selected

Folder of Temporary Internet Files

Select this check box when accessing the files on the folder of Temporary Internet Files, but when the file operation logs are not to be obtained.
(Initial Value): Selected

Temp Folder

Select this check box when accessing to the files on the following folders, but the file operation logs are not to be collected.

  • The folder specified according to the user environment variable TEMP and TMP.

  • The folder a specified according to the system environment variable TEMP and TMP.

(Initial Value): Selected

List of Arbitrary Folder

The fixed disk folder excluded from the acquisition of file operation logs can be set and deleted.

Folder Name

Specify the fixed disk folder excluded from the acquisition of file operation logs with full path. Specify up to 254 halfwidth (127 fullwidth) characters.
However, the file name cannot contain any of the following symbols:
: * ? " < > |
It is not case-sensitive.
A maximum of 100 folder names can be registered.

Specify the folder by adding "\" or "/" after the drive's name + colon (:),
Specifying the drive name only is also allowed ("D" etc.). When only the drive's name is specified, the file operation log under the D drive cannot be obtained.

When the drive specified in this window is the network drive or removable drive in the client (CT), it cannot become an excluded folder for obtaining file operation log.

Example:
When the "D:\temp" in the window is specified as the excluded folder,

  • When the D drive of "Client (CT) A" is the fixed disk,
    it will become an excluded folder.
    Even if the files in the D:\temp folder is deleted, the file operation logs will not be obtained.

  • When the D drive of "Client (CT) B" is the removable drive that can use the USB memory,
    it will not become an excluded folder.
    After deleting the files in the D:\temp folder, the file operation logs can be obtained.

The same folder name cannot be registered more than once. "D:\aaa" and "D:\aaa\bbb" can be registered at the same time.

The folder with an extension should be distinguished from the folder without extension. When "d:\data" is specified as the excluded folder, "d:\data.tmp" will not become the excluded folder. To make "d:\data.tmp" into the excluded folder, register "d:\data.tmp".

Initial Value: Not Specified.

Notes

Enter the memo information, etc.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: Not Specified.

View

The folder structure of the PC with the Management Console installed can be viewed.
When the excluded folder is set in the client (CT) with a different folder structure from that of the PC with the Management Console installed, enter the full path in Folder Name.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Add the folder excluding the acquisition of file operation log to the list. In addition, update the notes of the registered folder. The folder name cannot be updated.

Delete

Delete the folder excluding the acquisition of the file operation log from the list.
Select the correspondent lines in the List of Arbitrary Folder, and click the Delete button.

Set

Confirm the input content and return to the previous window.

Cancel

Do not save the set information and close the window.

2.4.1.3 Extension

For the file (extension) accessed by the process set in File operation, when the file operation log is collected, the extension can be set in Extension.

The items in Extension can be set when Yes is selected in Windows > Log collection operation > File Operation Log.

Item Name

Description

List of File Operation Log Obtaining Extension

Display the extension of the registered and obtained file operation log.
When the number of registered extensions is 0, even if the Select Extension has been set in Select According to Extension of the registered process in File operation, the log of that process will not be collected.

Initial Value: Not Specified.

Extension

Enter the extension as the target for the collection of file and folder operation logs. The "." of extension is not required. (It cannot be entered.)

Up to 16 single-byte characters (Alphabetic characters are not case-sensitive) can be entered.

Only halfwidth alphanumeric characters, halfwidth symbols (except for the symbols mentioned below), and spaces can be entered (however, spaces cannot be specified at the beginning or the end).
Error will occur if the following symbols are used.
"\" "/" ":" "*" "?" """ "<" ">" "|" "."

If the wildcard (*) is used, "*" should be put at the beginning or at the end of the extension.

  • When forward matching is specified.
    Enter "Extension".
    Example: xl*

  • When backward matching is specified
    Enter "Extension".
    Example: *ls

The wildcard "*" cannot be entered in other locations.
In addition, the wildcard "*" cannot be entered alone Enter it in combination with characters.

Initial Value: Not Specified.

Notes

Enter the extension and memo information.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: Not Specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Add the entered information to the list.
Up to 20 cases can be registered.

In addition, the modified information should be set.

Delete

Delete the information selected in the List of File Operation Log Obtaining Processes.

When adding an extension
Enter the above set items and click the Add/Update button.
Up to 20 cases can be registered.
When updating the existing information

Select the lines to be updated from List of File Operation Log Obtaining Extension, modify the Notes information and click the Add/Update button.
The Extension cannot be updated.

When deleting information
Select the lines to be deleted from List of File Operation Log Obtaining Extension, and click the Delete button.

2.4.1.4 Window Title Filter

The conditions for collecting the window title obtaining log can be set in Window title filter.
Though a large number of window title obtaining logs can be collected in order to record all operations on the PC, there will be many repeated logs. Therefore, to avoid collecting the repeated logs, the filtering condition should be set.

The log filtering condition involves two aspects, and two conditions can be specified at the same time.

Window title filter can be set when Yes is selected in Windows > Log collection operation > Window Title Obtaining Log(Web access log).

The following describes the settings in Window title filter.

Repeated Log Screening Setting

Item Name

Description

Repeated Log Screening Settings

Select the method of obtaining repeated logs.

  • When it is selected (default value): The first log will be collected for the same process and same window title.

  • When it is not selected: All window title obtaining logs will be collected.

Keyword screening

Item Name

Description

Screening condition is not set (Initial Value)

The window title logs will not be screened according to process name and keyword.

Obtain matched logs only

Only the logs belong to the specified process name and the window title log partially matches with the keyword specified in screening conditions will be collected.

Exclude matched Logs

The logs belong to the specified process name, and the window title log that partially matches with the keyword specified in screening conditions will not be collected.

Screening Condition

Display the set conditions in a list.
Initial Value: Not Specified.

Process EXE Name

Enter the EXE name of process that collects window title logs.
When the Exclude matched Logs is selected in the Window Title Obtaining Log Screening Condition, specify the name of process that does not collect window title obtaining logs.

Up to 254 single-byte characters (127 double-byte characters) can be entered.
(Alphabetic characters are not case-sensitive)

Spaces can only be used in-between characters.
".com", ".exe", or ".bin" can be entered in the extension of process.
Error will occur if the following symbols are used.
"\" "/" ":" "*" "?" """ "<" ">" "|"

When it is not specified, logs of all processes will be collected (or excluded).

Initial Value: Not Specified.

Keyword

Enter the keyword for collecting window title obtaining logs. (When the window title includes(partially match)/does not include (partially match) the keyword specified here, window title logs will be collected.)
When the Window Title Log Screening Condition is set to Exclude matched Logs, specify the keyword for not to collect window title obtaining logs.

Example:

  • Save as

  • Print

Specify up to 254 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
(Alphabetic characters are not case-sensitive)

When Keyword is not specified, all window title obtaining logs of processes specified in Process EXE Name will be collected (will not be collected).

Initial Value: Not Specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add

Add conditions in Screening Conditions.
Up to 30 cases can be added.

Update

After modifying the information of lines selected in the Screening Condition, the information will be updated.

Delete

Delete the lines selected in the Screening Condition.

In Filtering Condition, when Process EXE Name and Keyword are specified at the same time, the AND condition is used.
When Process EXE Name and Keyword are specified separately in lines, the OR condition is used.

When adding a condition
Enter the above set items and click the Add button.
Up to 30 cases can be registered.

When updating the existing information
Select the lines to be updated from the Screening Condition, modify the information and click the Update button.

When deleting information
Select the lines to be deleted from the Screening Condition, and click the Delete button.

2.4.1.5 Window Title Screen Capture

The condition of collecting the screen capture can be set in Window title screen capture.
Set conditions in this setting to capture the window title screen at the same time as the window title obtaining the log that matches the conditions set in Window title filter is collected.

Window title screen capture can be set when Yes is selected in Windows > Log collection operation > Window Title Obtaining Log(Web access log).

The settings related to screen capture can be performed in the Terminal Operation Settings window (Settings item: Attached data condition settings). Refer to "Perform Terminal Operation Settings" for details.

Note

Backup or delete the screen capture data regularly.

According to the screen capture condition, storing a large amount of screen capture data on the server (the client (CT) according to terminal operation settings) will cause insufficient disk capacity. Therefore, regularly confirm the capacity and backup and delete.

The following describes the settings in the Window title screen capture.

Item Name

Description

Screen capture function

Select whether to obtain screen capture.

  • Use
    Obtain screen capture.

  • Do not Use (Initial Value)
    Do not obtain screen capture.

List of screen capture object of window title obtaining log

The conditions for obtaining screen capture are displayed in a list.

Initial Value: Not Specified.

Process EXE Name

Enter the EXE name of screen capture.

Up to 254 single-byte characters (127 double-byte characters) can be entered. Alphabetic characters are not case-sensitive.

".com", ".exe", or ".bin" can be input in the process extension.
Error will occur if the following symbols are used.
"\" "/" ":" "*" "?" """ "<" ">" "|"
When the EXE name of process is set to blank, logs of all process will be collected (excluded).

Initial Value: Not Specified.

Keyword

Enter the keyword for collecting screen capture. When the window title includes (partially match)/does not include (partially match) the keyword specified here, screen capture can be obtained.
Example:

  • Save as

  • Print

Specify up to 254 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters). (Alphabetic characters are not case-sensitive)

When the EXE name of process is entered in the EXE Name of Process, make sure to input in Keyword.

Initial Value: Not Specified.

Obtain for second time after 5 seconds

Set the second acquisition 5 seconds later after the screen capture has been obtained. When it is expected to obtain screen capture continuously to get further knowledge of operation status, select Yes.

  • Yes Obtain screen capture for the second time after 5 seconds.

  • No Obtain screen capture once only.

When selecting Yes, the screen capture will be collected for the second time after 5 seconds. However, in the 5 seconds from the first collection to the second collection, even if a new window that satisfies the condition of screen capture collection exists, that screen capture will not be collected. As it is the second screen capture of the initial window, "2" which indicates two screen capture collections will be displayed in the Additional in the log list of Log Viewer.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add

After selecting Use in the Screen Capture Function, the condition of screen capture collection will be added to the list.
Up to 10 cases can be registered.

Update

After modifying the information of lines selected in the List of screen capture object of window title Log, the information will be updated.

Delete

Delete the lines selected in the List of screen capture object of window title.

In List of screen capture object of window title, when Process EXE Name and Keyword are specified at the same time, it is the AND condition.
When Process EXE Name and Keyword are specified separately in lines, the OR condition is used.

The settings in Window title screen capture and Window title filter are set using the AND condition. Therefore, even if the policy of obtaining screen capture is set, the log screening condition will be considered as not set when screen capture cannot be obtained.

When adding a condition
Enter the above settings items and click the Add button.
Maximum10 cases can be registered.

When updating the existing information
Select the lines to be updated from the List of screen capture object of window title, modify the information and click the Update button.

When deleting information
Select the lines to be deleted from the List of screen capture object of window title, and click the Delete button.

2.4.1.6 Logon

The group prohibited from logon can be set in Logon. After setting the Logon Prohibition, logon with the user name that belongs to the set group can be prohibited when logging on to the PC with the client (CT) installed.

The groups for which logon prohibition can be set are as follows:

In addition, when one user name belongs to multiple groups, it will become a target of logon prohibition when it satisfies all the following conditions:

The set contents will be operated as CT policy.
When only one person logs on to the PC, prohibition can be performed through the settings in Logon.
When 2 or more users log on to the same PC, it will have nothing to do with the settings in Logon and it will be logged off.

The following section describes the settings of Logon.

Item Name

Description

List of Logon Prohibition Groups

The set logon prohibition group will be displayed.
Initial Value: Not specified.

Logon Prohibition Group

Select the logon prohibition group from the pull-down menu.
Refer to Windows manual for the details of each group.
Initial Value: Not specified.

Settings

When prohibiting the target group from logon, the processing in the client (CT) can be specified.

  • Logoff
    Logoff by force.
    Under Windows Server 2008, set Logoff when users with User authority are not expected to use.

  • Shutdown (Initial Value)
    Shutdown by force.
    However, under Windows Server 2008, the User authority cannot shut down the computer.

The time from logon prohibition being detected from the client (CT) to logoff or shutdown can be set in the "Terminal Operation Settings". Refer to "Perform Terminal Operation Settings" for "Terminal Operation Settings".

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

The name of group that is prohibited from logon and the processing during logon will be added.

After modifying the Set of selected lines in the List of Logon Prohibition Groups, the information will be updated (The Logon Prohibition Group cannot be updated.).

Delete

The selected lines in the List of Logon Prohibition Groups will be deleted.

When adding a logon prohibition group
After entering the above set items, click the Add/Update button.

When updating the existing information
Select the lines to be updated from the List of Logon Prohibition Groups, modify the Settings information and click the Add/Update button.
The Group Name cannot be updated.

When deleting information
Select the lines to be deleted from the List of Logon Prohibition Groups and click the Delete button.

2.4.1.7 Application

In Application, the name of the application that is prohibited from startup in the PC with the client (CT) installed can be set.

The following section describes the settings of Application.

Item Name

Description

List of startup prohibition applications

The set EXE name of the application prohibited from startup will be displayed.
Initial Value: Not specified.

EXE name of application of startup prohibition

Enter the EXE name including extension of the application prohibited from startup.
(For example: Enter EXCEL.EXE in case of Microsoft Excel)

Up to 254 single-byte characters (127 double-byte characters) can be entered.

(Alphabetic characters are not case-sensitive)

However, error will occur if the following symbols are used.
"\" "/" ":" "*" "?" """ "<" ">" "|"

Initial Value: Not specified.

Notes

Enter the application name and memo information.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: No specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

The EXE name of the application prohibited from startup will be added.
Up to 100 cases can be added.

After modifying the Notes of the selected lines in the List of Applications Prohibited from Startup, the information will be updated (The EXE Name of Application Prohibited from Startup cannot be updated.).

Delete

The lines selected in the List of applications of startup prohibited will be deleted.

When adding an EXE name of the application prohibited from startup
Enter the above set items and click the Add/Update button.
Up to 100 cases can be added.

When updating the existing information
Select the lines to be updated from the List of applications of startup prohibited, modify the Notes information and click the Add/Update button.
The EXE Name of application of startup prohibited cannot be updated.

When deleting information
Select the lines to be deleted from the List of applications of startup prohibited , and click the Delete button.

2.4.1.8 Device

In Device, the devices to be prohibited from use on the PC where the client (CT) is installed can be set.

This section describes the settings of Device.

Item name

Description

Prohibited device

Selected devices will be prohibited from use.

Default value: Not selected.

Wi-Fi connection

Select this to prohibit Wi-Fi connection.

Permission Settings

Can be selected when Wi-Fi connection is selected.

Displays the Device - Wi-Fi Connection Target Permission Settings window.

Bluetooth

Select this to prohibit Bluetooth devices.

Permission Settings

Can be selected when Bluetooth is selected.

Displays the Device - Bluetooth Device Type Permission Settings window.

PC card

Select this to prohibit the use of PC card.

Allow PCI ExpressCard Device

Can be selected when PC card is selected.

PCI ExpressCard devices cannot be used when a PC card is prohibited from use, however they can be used if this option is selected.

Permission Settings

Can be selected when PC card is selected.

Displays the Device - PC Card Device Permission Settings window.

Infrared communication

Select this to prohibit Infrared communication.

Serial Port/Parallel Port

Select this to prohibit the use of Serial Port/Parallel Port.

IEEE1394

Select this to prohibit the use of IEEE1394.

Prohibit All

Prohibits all devices.

Permit All

Permits all devices.

Note that Permit All cannot operate Allow PCI ExpressCard Device.

Even though Allow PCI ExpressCard Device will be cleared, PCI ExpressCard devices will still be permitted, since PC cards will be permitted.

Device - Wi-Fi Connection Target Permission Settings window

Register the Wi-Fi connection destinations to be permitted.

Even if Wi-Fi connection is prohibited, the connection destinations registered here will not be prohibited.

Item name

Description

Permitted Wi-Fi connection

Wi-Fi connection destinations permitted by the administrator.

Registered Device

Number of registered cases and maximum number of registrations possible

Add Wi-Fi connection

Displays the Device - Wi-Fi Connection Target Permission Settings - Selecting connection target window, where Wi-Fi connection destinations to be permitted can be added.

Up to 100 destinations can be registered.

Delete Wi-Fi connection

Cancels the permission for the Wi-Fi connection destinations selected in Permitted Wi-Fi connection target List.

The destinations will also be deleted from that list.

Close

Closes the window.

Device - Wi-Fi Connection Target Permission Settings - Selecting connection target window

The content registered in the Wi-Fi connection target registration window of Management Console will be displayed.

If you select the row of the Wi-Fi connection destination to be permitted and click OK, the destination will be added to Permitted Wi-Fi connection in the Device - Wi-Fi Connection Target Permission Settings window.

Item name

Description

Screening of Wi-Fi

Filters the Wi-Fi connection destinations to be displayed in the list. Select from the following:

  • All (default value)
    Displays all Wi-Fi connection destinations.

  • Wi-Fi connection target name
    Displays values that partially match Keyword.

  • Access point BSSID
    Displays values that partially match Keyword.

  • DNS server IP address
    Displays values that partially match Keyword.

  • Notes
    Displays values that partially match Keyword.

Keyword

Search conditions for the Wi-Fi connection destination to be displayed.

Up to 128 halfwidth and fullwidth characters can be specified.

Search

Performs Wi-Fi connection destination search using the conditions specified in Screening of Wi-Fi and Keyword.

Device - Bluetooth Device Type Permission Settings window

Specify the Bluetooth device types for which connection should be permitted.

Even if Bluetooth connection is prohibited, the connection destinations registered here will not be prohibited.

Item name

Description

Computer

Phone

LAN /Network Access point

Audio/Video

Peripheral

Imaging

Wearable

Toy

Health

Other

Select the Bluetooth device types for which connection should be permitted.

Default value: None.

All Check

Permits all Bluetooth devices.

All Clear

Prohibits all Bluetooth devices.

Device - PC Card Device Permission Settings window

Register the PC card device to be permitted.

Even if PC card devices are prohibited, the registered PC card devices here will not be prohibited from use.

Item name

Description

List of Available Devices

Devices for which connection is permitted by the administrator.

Number of registrations

Number of registered cases and maximum number of registrations possible.

The maximum number is the number of registered USB devices that are available subtracted from 100.

Example: If 30 USB devices that are available are registered, the maximum number will be 70.

Add Device

Displays the Add Device window, where devices to be permitted can be added.

Up to 100 devices (including the registered USB devices that are available) can be added.

Delete Device

Cancels the permission for the devices selected in List of Available Devices.

The devices will also be deleted from that list.

Close

Closes the window.

Device - PC Card Device Permission Settings - Select device window

The content registered in the Device/Media Registration window of Management Console will be displayed.
If you select the row of the PC card to be permitted and click OK, the PC card will be added to List of Available Devices in the Device - PC Card Device Permission Settings window.

Item name

Description

Screening of Device

Filters the devices to be displayed in the list. Select from the following:

  • All (default value)
    Displays all devices.

  • Name
    Displays the string entered in Keyword in partial matches.

  • Device Name
    Displays the string entered in Keyword in partial matches.

  • Hardware ID
    Displays the string entered in Keyword in partial matches.

  • Identification method
    Displays the string entered in Keyword in partial matches.

  • Notes
    Displays the string entered in Keyword in partial matches.

Keyword

Search conditions for the devices to be displayed.

Up to 128 halfwidth and fullwidth characters can be specified.

Search

Performs device search using the conditions specified in Screening of Device and Keyword.

2.4.1.9 File Export/Read

In File export/read, the conditions of prohibiting the export and reading of files or folders from disk drive, removable device, DVD/CD drive or network drive of the client (CT) PC will be set.
Though the reading prohibition is effective when the Explorer is used, it will become invalid while the File Export Utility is being used.

In addition, the limiting conditions for export to the allowed USB device/media will be set by the administrator.

The following section describes the settings of File export/read.

File Export Utility

Item Name

Description

Export using File Export Utility

cannot be used (Initial Value)

The File Export Utility cannot be used.

can be used

The File Export Utility can be used.
Even for the drive with export prohibition, the File Export Utility can be used.

File Export Utility function setting

The Setting of File Export Utility function is displayed.
(Set the conditions when File Export Utility is used)

Explorer

Set the control when operation is performed via Explorer etc.

Item Name

Description

File access control

Yes

Reading Prohibition and Export Prohibition can be set.

The Display message when prohibition check box can be selected when this item is selected. After it is selected, messages will be displayed when the prohibition operation is performed.

No
(Initial Value)

Reading of removable drive and export of files can be performed freely. Files can be accessed in the same way as if Systemwalker Desktop Keeper is not installed.
When this item is selected, Reading Prohibition and Export Prohibition cannot be set.

Display message when prohibited

After setting this item, the three types of message below will be displayed when inserting the prohibited device into the client (CT).

[S105-ERR001]Accessing to this drive is prohibited by system administrator. (Drive: G)

The above message is output when a violation regarding an added drive is recorded in the device configuration change log.

[S105-ERR002]Accessing to this drive is prohibited by system administrator. (Drive: Y-E DATA USB-FDU USB Device)

The above message is output when Violation regarding an added USB device is recorded in the device configuration change log for USB devices.

[S105-ERR004]Access to this media has been prohibited by the system administrator.

The above message is output when Violation regarding an added media is recorded in the device configuration change log for media.

Initial Value: Not selected

Refer to "9.2.7 Device Configuration Change Log" for "Violation" of device configuration change log.

Details

Settings can be performed when the File Access Control is "Yes".
The File access control - Detailed Settings window will be displayed.
(Set the conditions of folders excluded from network drive access prohibition)

Reading Prohibition

Set the targets for reading prohibition.

Removable

Reading of the following devices that are identified as drive letter are prohibited.
Initial Value: Not selected

  • Floppy disk

  • External hard disk (removable hard disks such as USB, IEEE1394, PCMCIA connection)

  • MO

  • USB memory

Compact flash memory

DVD/CD

Reading of DVD/CD is prohibited.

Initial Value: Not selected

Network

Reading of network drive is prohibited.

Initial Value: Not selected

Portable device/imaging device connection prohibition

Prohibits connection of portable devices and imaging devices.

Portable device

Prohibits connection of portable devices.

Default value: Not selected.

Imaging device

Prohibits connection of imaging devices.

Default value: Not selected.

Export Prohibition

Set the targets for exporting prohibition.

Please select the drive to be prohibited(export destination).

Select the drive that is the target for export prohibition.
Initial Value: All are not selected

The drive that becomes the prohibited target by specifying the drive letter should satisfy all the following conditions.
The prohibited targets do not include the drive or C drive apart from the following conditions (infrared connection):

  • Drive identified as a drive letter in the PC.

  • Drive apart from the network drive.

When F drive is a removable drive, even if the Removable (not regarded as the prohibited target) is not selected, when F (regarded as prohibited target) is selected, F drive will also be prohibited.

Note

About network drive

The network drive cannot be prohibited by specifying the drive letter. Prohibit it by selecting the Network check box.

Specify drive type

Removable

Export to the following devices that are identified as drive letter is prohibited.
Initial Value: Not selected

  • Floppy disk

  • External hard disk (removable hard disks connected by such as USB, IEEE1394, PCMCIA connection)

  • MO

  • USB memory

  • Compact flash memory

DVD/CD

Export to DVD/CD is prohibited.
Initial Value: Not selected

Network

Export to network drive is prohibited.

Initial Value: Not selected

Clear All

Clear all the selections for the settings of the prohibited drive (export destination) and Specify drive type.

Select All

Select all for the settings of the prohibited drive (export destination) and Specify drive type.

Note

Do not set the target drive for saving log files.

If the target drive for saving log files set during the installation of the client (CT) is regarded as the prohibited target, logs cannot be collected from the client (CT).

Individual Identification

Item Name

Description

Use

When exporting files and folders using File Export Utility, they can only be exported to the USB device/media specified by the administrator among the USB devices/media registered in the Device/Media Registration window of the Management Control.
In addition, when the writing and reading with Explorer, etc. (Not File Export Utility) is prohibited, files and folders can only be exported to the USB device/media specified by the administrator among the USB devices/media registered in the Device/Media Registration window of the Management Control.
To export media, it is necessary to connect media to a USB device set to Type > USB Device > Individually identify media in the Device/Media Registration window.

Refer to "2.4.4 Register Devices/Media" for the method of adding USB devices/media.

Do not Use
Initial Value

When exporting files and folders using File Export Utility, follow the policies set in File Export Utility.
In addition, the writing and reading with Explorer, etc. should follow the policies set in Explorer.

Details

The File Export Prohibition -Individual Identification Feature - Detailed Settings window will be displayed.
(Set the access condition for the administrator to use the allowed USB device/media, as well as adding and deleting the allowed USB device/media.)

Alerts

Item Name

Description

Display message when connecting a device

If this item is set, the message below can be displayed when a device permitted for use is inserted into the client (CT).

[S106-INF001]Device connections are monitored by the system administrator.

If Display message when prohibited has been set, the processing of the description item of Display message when prohibited will be prioritized.

Therefore, the above message will be displayed except in the case of Violation.

Initial Value: Not selected.

File Export Prohibition - File Export Utility function setting window

The conditions of using File Export Utility can be set.

Setting of File Export Utility function

Item Name

Description

Unable to start the format function

When this is selected:
The following content will not be displayed when selecting the File menu. The data in the drive and CD-RW/DVD-RW cannot be deleted.

  • Format Drive

  • Erase CD-RW/DVD-RW

When it is not selected: (Initial Value)
The data in the drive and CD-RW/DVD-RW can be deleted.

Display only removable device and DVD/CD as export destination

When this is selected:
During file export, only removable device and DVD/CD will be displayed as export destinations.

When it is not selected: (Initial Value)
During file export, all export destinations will be displayed.

Enter the reason for export

When this is selected:
The input field for entering the reason for export will be displayed in the File Export Utility window. The reason for export must be input during file export.
Up to 10 reasons can be saved by each CT/client. At the next export, the information input previously can be selected from the pull-down menu.

When it is not selected: (Initial Value)
The input field for entering the reason for export will not be displayed in the File Export Utility window.

Set the date on which File Export Utility can be started

Item Name

Description

Limit period for use

When this is selected:
The period in which the startup is allowed will be set. The File Export Utility can be used in the set period only.
The scope of input value is as follows:

  • 1st, January, 2000 ~ 31st, December, 2037

When it is not selected: (Initial Value):
The File Export Utility can be used all the time.

Limit time for use

When this is selected:
The hours in which the startup is allowed will be set. The File Export Utility can be used in the set period only

When it is not selected: (Initial Value):
The File Export Utility can be used 24 hours.

The day of a week on which it can be used

The day in a week when the startup is allowed will be set.
(Initial Value): All are selected.

Date and Time Confirmation Method

Inquire Management Server
(Initial Value):

The date and time when the File Export Utility can be started is based on the date and time of the Management Server.

In addition, set the operations when the client is offline or the Management Server gives no response.

  • Use Date and time of CT when it is unable to obtain:
    The date and time of CT will be used as the date and time when the File Export Utility can be started.

  • Unable to start when it is unable to obtain (Initial Value):
    The File Export Utility cannot be started.

Date and Time when CT is used

The date and time when the File Export Utility can be started is based on the date and time of the CT.

File access control - Detailed Settings window

Item Name

Description

Set excluded folder for network drive access prohibition

The folder excluded from network drive access prohibition can be set.

Folder Name

The folder excluded from network drive access prohibition can be set.
The folder name can only be specified to "Path described by UNC". (Example: \\192.168.0.1\shared, \\nas-server\public) The drive which is allocated with a network drive cannot be specified. (Example: Z:\)
Specify up to 260 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
The following characters cannot be specified:
"/", ":", "*", "?", """, "<", ">", "|"

In addition, "\" cannot be specified at the end of path.

Initial Value: No specification

Refer to "1.2.47 IPv6 Support" for details on specifying an IPv6 address.

View

The dialog for selecting the excluded folder can be displayed.

Notes

Enter the information such as memo.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: No specification

Number of registrations

The number of registered cases displayed in the list and the maximum number of registrations possible are displayed. A maximum of 50 cases can be registered.

Number of registered characters

The number of characters that can be used for the folder name is limited to a maximum of 500 halfwidth (250 fullwidth) characters. The number of characters used for the registered folder names is converted to halfwidth characters and displayed.

Add/Update

Add an excluded folder.
Up to 50 cases can be added. In addition, all folder paths cannot exceed 500 halfwidth (250 fullwidth) characters altogether.

After modifying the selected Notes in the folder list, the information will updated (Folder Name cannot be updated).

Delete

Delete the selected lines in the folder list.

Set

Confirm the input contents and return to the previous window.

Cancel

Do not save the settings and close the window.

File Export Prohibition -Individual Identification Feature - Detailed Settings window

Item Name

Description

Allow to use all USB devices and media registered in Management Server

Select whether the used of all USB devices/media registered in the Management Server is allowed.

Yes:
All USB devices/media registered in the Management Server can be used. Whether each USB device/media can be used or not cannot be set.
If the Management Server and client (CT) cannot communicate, USB devices that have been used in the past can be used.

No: (Initial Value)
Whether each USB device/media can be used or not can be set.

List of Available USB Devices and Media

The USB device/media that is allowed to be used by the administrator will be displayed.
When setting and modifying the access condition and canceling the usage permission, select the applicable line.

The information below will be displayed:

  • Access Settings
    The access conditions will be displayed.

  • Name/media name
    The name or media name of the device will be displayed.

  • Note
    Notes on the device/media will be displayed.

  • Device Name/Volume Name
    The device name or volume name will be displayed.

  • Period of Use
    The period for which the device/media can be used will be displayed.

  • Internal Serial No./Hardware ID
    The internal serial number or hardware ID of the device will be displayed.
    For media, the volume serial number will be displayed.

  • Identification Method
    The identification method of the device/media will be displayed.

  • Type
    The type will be displayed.

  • Individual media identification
    If Individually identify media has been set, Yes will be displayed. If this item has not been set, a blank will be displayed.
    For media/PC cards, a blank will be displayed.

Access Settings

Set the conditions for accessing to the USB device allowed to be used.

Media will be fixed as Read and Write.

Read Only
(Initial Value)

The selected USB device in List of Available USB Devices and Media can be read only.

Read and Write

The selected USB device in List of Available USB Devices and Media can be read and written.

Only one can be selected among the Reading and writing are limited to File Export Utility check box and the Writing is limited to File Export Utility check box.
When neither is selected, the registered USB devices can be read and written using File Export Utility and Explorer, etc. (Not File Export Utility).

Reading and writing are limited to File Export Utility

When it is selected:
Only File Export Utility can be used to read and write (file export).
Explorer, etc. (Not File Export Utility) cannot be used to read and write.

Writing is limited to File Export Utility

When it is selected:
Only File Export Utility can be used to read (file export).
Any tool can be used to read.

Update

The settings can be displayed in List of Available USB Devices and Media.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.
The maximum number is the number of registered PC cards that are available subtracted from 100.
Example: If 30 PC cards that are available are registered, the maximum number will be 70.

Add Media

File Export Prohibition - Individual Identification Feature - Detailed Settings - Media window is displayed and the available media can be added. Up to 100 media can be added.

Note: Up to 100 media including devices can be registered.

Add Device

The File Export Prohibition - Individual Identification Feature - Detailed Settings - Select USB device window can be displayed and the available USB devices can be added.
Up to 100 devices including the registered PC cards that are available can be added.

Delete

The usage permission of the selected USB device can be canceled in List of Available USB Devices and Media and the USB device/media can be deleted from List of Available USB Devices and Media.

Close

Shutdown the window.

When setting (modifying) the access conditions of available devices/media
  1. Select the target row in List of Available USB Devices and Media.

  2. Set conditions in Access Settings.

  3. Click the Update button.

When canceling the usage permission of devices/media
  1. Select the target row in List of Available USB Devices and Media.

  2. Click Delete.

When adding an available USB device

Click the Add Device button.

When adding an available media

Click Add Media.

File Export Prohibition - Individual Identification Feature - Detailed Settings - Select USB device window

The content registered in the Device/Media Registration window of the Management Console can be displayed.
The line of the available devices/media can be selected. After clicking the OK button, the corresponding USB Device will be added to the List of Available USB Devices and Media in the File Export Prohibition -Individual Identification Feature - Detailed Settings window.

Item name

Description

Screening of USB

The USB devices to be displayed in List of USB Devices can be filtered. Select from the following:

  • All (default value)
    Displays all USB devices.

  • Name
    Searches the string entered in Keyword for partial matches, and displays USB devices.

  • Device Name
    Displays the string entered in Keyword in partial matches.

  • Internal Serial No./Hardware ID
    Displays the string entered in Keyword in partial matches.

  • Identification Method
    Displays the string entered in Keyword in partial matches. The strings that can be entered are as follows:

    • Complete Match

    • Product Match

    • Serial No. Match

    • Not Available

  • Notes
    Displays the string entered in Keyword in partial matches.

Keyword

Specifies the search conditions for the USB devices to be displayed.

Specify up to 128 halfwidth and fullwidth characters.

Search

Performs USB device search using the conditions specified in Screening of USB Device and Keyword.

Items displayed in the list

The information below will be displayed:

  • Name
    The name of the USB device will be displayed.

  • Note
    Notes on the USB device will be displayed.

  • Device name
    The device name will be displayed.

  • Internal Serial No./Hardware ID
    The internal serial number or hardware ID of the USB device will be displayed.

  • Identification Method
    The identification method of the USB device will be displayed.

  • Period of Use
    The period for which the USB device can be used will be displayed.

  • individual media identification
    If Individually identify media has been set, Yes will be displayed. If this item has not been set, a blank will be displayed.

Note

Depending on the type of portable device/imaging device, the communication mode may be automatically set during connection to the PC, or you may be able to select it from the menu. Either of the following connections will be established but the configured Access Settings may not be enabled depending on the communication mode.

Recognition method

Access behavior

Drive letter assigned

Normally, the drive type for portable devices/imaging devices is recognized as Removable, and the device behaves according to Read-only or Read and Write set in the access settings configured in the Detailed Settings window.
If the drive type for the inserted portable device/imaging device is recognized as DVD/CD, the device will behave as configured in the Reading prohibition > DVD/CD setting or Export Prohibition > Specify drive type > DVD/CD settings.

Drive letter not assigned

If connection is allowed, the device will behave according to Read and Write irrespective of the access settings.
Whether the data can actually be written depends on the specification of the device connected. If, for example, a digital camera is connected, image data can be viewed and deleted but generally cannot be written.
Data cannot be written from the File Export Utility because no drive letter is assigned.

If dedicated software provided by the device manufacturer is used for communication, read prohibition may not be enabled.

File Export Prohibition - Individual Identification Feature - Detailed Settings - Media window

The content registered in the Device/Media Registration window of Management Console will be displayed.

When you select the row of media for which you want to allow use, and click OK, the relevant media will be added to List of available USB devices and media in "File Export Prohibition -Individual Identification Feature - Detailed Settings window.

Item Name

Description

Filter media

Can filter the media to be displayed in the media list. Select from the following:

  • All (initial value)
    Displays all media.

  • Media name
    Searches the string entered in Keyword for partial matches, and displays media.

  • Volume name
    Displays the string entered in Keyword in partial matches.

  • Internal serial ID
    Displays the string entered in Keyword in partial matches.

Keyword

Search conditions for the media to be displayed.

Up to 128 halfwidth and fullwidth characters can be specified.

Search

Performs media search using the conditions specified in Filter media and Keyword.

Items displayed in the list

The information below will be displayed:

  • Media name
    The media name will be displayed.

  • Note
    Notes on the media will be displayed.

  • Volume name
    The volume name will be displayed.

  • Internal Serial ID
    For media, the volume serial number will be displayed.

  • Expiration date
    The period for which the media can be used will be displayed.

  • Identification Method
    The identification method of the media will be displayed.

2.4.1.10 Print/PrintScreen

The conditions for prohibiting printing on the PC with the client (CT) installed (specify the application allowed to print) and the prohibition of using PrintScreen key to collect screen hard copy can be set in Print/PrintScreen.

The following section describes the settings of Print/PrintScreen.

Printing Prohibition

Item Name

Description

Printing Prohibition

Yes

Printing that uses applications apart from the EXE Name of application displayed in the List of Applications that Allow Printing is prohibited.

No
(Initial Value)

Printing is not prohibited.

List of Applications that Allow Printing

The set EXE Name of Application that Allow Printing will be displayed.
Initial Value: No specification will be made.

List of EXE names of Applications that Allow Printing

Enter the EXE names including the extensions of Applications allowed to print.
(For example: Enter EXCEL.EXE in case of Microsoft Excel)

Up to 254 single-byte characters (127 double-byte characters) can be entered. (Alphabetic characters are not case-sensitive.) However, if the following symbols are used, error will occur.
"\" "/" ":" "*" "?" """ "<" ">" "|"

Initial Value: No specification will be made.

Notes

Enter the application name and memo information.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: No specification will be made.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Add the EXE name of application allowed to print.
Up to 100 cases can be added.

After modifying the Notes of selected lines in the List of Applications Allowed to Print, the information will be updated. The EXE Name of Application that Allow Printing cannot be updated.

Delete

The selected lines in the List of Applications that Allow Printing can be deleted.

PrintScreen Key Prohibition

Item Name

Description

Disabling PrintScreen Key

When the PrintScreen Key Operation Log option in Windows > Log collection operation is No, settings can be performed.

Yes

The use of PrintScreen key is prohibited.
Even if the PrintScreen key is pressed, the hard copy of screen cannot be collected.

No
(Initial Value)

The use of PrintScreen key is not prohibited.

Capture Screen

When the option of PrintScreen Key Prohibition is "Yes", settings can be performed

When it is selected:
When the use of PrintScreen key is prohibited, the screen capture when PrintScreen key is pressed can be recorded.
When the Prohibiting PrintScreen Key option is "No", it will be changed to not selected automatically.

When it is not selected:
When the use of PrintScreen key is prohibited, even if the PrintScreen key is pressed, the screen capture will not be recorded.

[When adding the EXE name of applications that Allow Printing ]
Enter the above settings items and click the Add/Update button.
Up to 100 cases can be added.

[When updating the existing information]
Select the lines to be updated from the List of Applications that Allow Printing, modify the Notes information and click the Add/Update button.
The EXE Name of Application that Allow Printing cannot be updated.

[When deleting information]
Select the lines to be deleted from the List of Applications that Allow Printing, and click the Delete button.

2.4.1.11 Eco Monitoring

By monitoring the printed pages, the conditions can be set in Eco monitoring to reduce unnecessary printing.
In the Settings of Printing Monitoring Mode during the installation of CT, this function is effective when Monitor the printing of all printers set in the terminal (Recommended) is selected.
When Yes is selected in Printing Operation log of Windows > Log collection operation, the monitoring condition can be set.

When the set number of pages is reached and the printing is prohibited, a warning message will be displayed to the user of the client (CT), and the printing can be prohibited. At the same time, it will be recorded as a violation to the printing prohibition log.

The settings of Eco monitoring will be processed as CT policy.

Operations when the set number of pages to print is reached

Item Name

Instruction

Warning (*)

  • When this is selected:
    When the set number of printed pages is reached, the warning message will be displayed.
    It will be recorded as a printing operation log.
    The actions of a document writer (Microsoft Office Document Image Writer, Adobe PDF, etc.) that does not print on paper will be counted as printed pages.

    • Set number of pages: the set scope of the number of pages that triggers the display of message is 1-999999. The initial value is 1.

  • When this is not selected (Initial Value):
    Though the printing pages can be counted, the messages cannot be displayed.

Prohibit Printing(*)

  • When this is selected:
    When the set number of printed pages is reached, the printing will be prohibited. The application that allows printing specified in Print/PrintScreen cannot print. Printing for document writers that do not print on paper (such as Microsoft Office Document Image Writer and Adobe PDF) may be prohibited.
    It will be recorded as a violation to printing prohibition log.
    When this item is selected, the Warning will be selected automatically.
    When the number of printed pages reaches the value of prohibition at the beginning of printing, the printing cannot be performed (The message of printing prohibition will be displayed.). When the prohibited number of pages is reached in the process of printing, the printing will be interrupted. The following printing will be prohibited.
    When the administrator notification settings are performed, the administrator will be notified by E-mail. In addition, an event log will be recorded.

    • Set number of pages: the set scope of the number of pages that triggers printing prohibition is 1-999999. The initial value is 1000.

  • When this is not selected: (Initial Value)
    Though the printing pages will be counted, the printing will not be prohibited.

Unit for aggregating number of printed pages

Daily
(Initial Value)

Monitor the number of printed pages in 24 hours.
If the "Date" of PC time is changed, the number of printed pages will be reset to 0.

Weekly(Mon~Sun)

Monitor the number of printed pages in a week.
If the PC time is "12am of Monday", the number of printed pages will be reset to 0.

Month

Monitor the number of printed pages in a month
If the "Month" of PC time is changed, the number of printed pages will be reset to 0.

*) When both Warning and Prohibit Printing are selected,
input the set number of pages in Warning =< the set number of pages in Prohibit Printing.

2.4.1.12 Internet

The URL prohibited from being accessed can be set in Internet.

Item Name

Description

URL access

Prohibit

Access to URL is prohibited.

Prohibit access to registered sites

Access to the URL specified in List of Registered Sites is prohibited.

Prohibit access to non-registered sites

Access to the URL other than the one specified in the List of Registered Sites is prohibited.

Do not Prohibit
(Initial Value)

Any URL can be accessed.

List of Registered Sites

The URL that is prohibited or allowed to be accessed and the memo related to the URL will be displayed.
Initial Value: Not Displayed.

URL string

Enter the character string that contains part of the domain name of the prohibited or allowed to be accessed URL.
[Example 1] When fujitsu.com is set in the URL string, the following address will be prohibited or allowed.
http://www.fujitsu com/global/

[Example 2] If "10.10.10.10" is prohibited in the settings in URL string, the following will be prohibited.
http://10.10.10.10
The following will not be prohibited even if the IP address for jp.fujitsu.com is "10.10.10.10".
http://jp.fujitsu.com
If you want to prohibit "http://jp.fujitsu.com", the strings included in prohibited URLs, such as "jp.fujitsu.com", must be specified.

Up to 254 single-byte alphanumeric characters and symbols can be entered (Alphabetic characters are not case-sensitive)
The valid symbols of URL are as follows:
"'" "." "-" ")" "(" "_" ":" "%" "+"

Halfwidth katakana, control characters, and spaces cannot be specified.

A multi-byte character domain name cannot be used.

Up to 100 cases can be registered.

Refer to "1.2.47 IPv6 Support" for details on IPv6 addresses.

Initial Value: Not Specified.

Notes

Enter the information such as the memo of URL.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: Not Specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

URL will be added.
Up to 100 cases can be added.

After modifying Notes the lines selected in List of Registered Sites, the information can be updated (The URL string cannot be updated.)

Delete

The lines selected in List of Registered Sites will be deleted.

Note

About web communication monitoring methods

The behavior will differ depending on the web communication monitoring method used. Refer to "1.2.12 URL Access Prohibition" for details.

2.4.1.13 Web Upload/Download

The Web upload and download operations permitted by the administrator can be set in Web upload/download.

Item Name

Description

Upload and download prohibition settings

Prohibit uploading and downloading

  • Client (CT) for V14.2.0 or later

    Prohibits uploading and downloading from websites other than those specified in Allowed sites list.

  • Client (CT) for V14.1.0

    Prohibits downloading from websites other than those specified in Allowed sites list. Uploading will not be prohibited for any website.

  • Client (CT) for versions other than the above

    Neither uploading nor downloading will be prohibited for any website.

Prohibit uploading only

  • Client (CT) for V14.3.0 or later

    Prohibits uploading from websites other than those specified in Allowed sites list. Downloading will not be prohibited for any website.

  • Client (CT) for V14.2.0

    Prohibits uploading and downloading from websites other than those specified in Allowed sites list.

  • Client (CT) for V14.1.0

    Prohibits downloading from websites other than those specified in Allowed sites list. Uploading will not be prohibited for any website.

  • Client (CT) for versions other than the above

    Neither uploading nor downloading will be prohibited for any website.

Prohibit downloading only

  • Client (CT) for V14.3.0 or later

    Prohibits downloading from websites other than those specified in Allowed sites list. Uploading will not be prohibited for any website.

  • Client (CT) for V14.2.0

    Prohibits uploading and downloading from websites other than those specified in Allowed sites list.

  • Client (CT) for V14.1.0

    Prohibits downloading from websites other than those specified in Allowed sites list. Uploading will not be prohibited for any website.

  • Client (CT) for versions other than the above

    Neither uploading nor downloading will be prohibited for any website.

Do not Prohibit
(Default value)

Uploading and downloading from any website are allowed.

Allowed sites list

URLs of the websites for which uploading and downloading are allowed, and notes about these URLs are displayed.

Up to 100 URLs can be registered.

Default value: No value is displayed.

URL string

Enter the URL of the Web site that allows upload and download.
The site that includes the entered character string will allow all the upload and download.
[Example 1] When fujitsu.com is set in the URL string, all the following addresses are permitted.
http://www.fujitsu com/global/

Example 2: If "10.10.10.10" is specified in URL string, the following will be allowed.
http://10.10.10.10 (Allowed)

The following will be prohibited if the IP address for jp.fujitsu.com is "10.10.10.10":

http://jp.fujitsu.com (Not allowed)

Example 3: If "/desktopkeeper" is specified in URL string, the following will be allowed.
http://www.soft.fujitsu.com/desktopkeeper/ (Allowed)

http://jp.fujitsu.com (Not allowed)

Up to 254 single-byte alphanumeric characters and symbols can be entered. (Alphabetic characters are not case-sensitive)
The valid characters of URL are as follows:
"'" "." "-" ")" "(" "_" ":" "/" "+" "[" "]"

A multi-byte character domain name cannot be used.

Up to 100 cases can be registered.

To specify an IPv6 address, enclose the address in [].

Example: http://[2001:db8::1]

To set the path part only, "/" must be specified at the beginning.

Example: /desktopkeeper

Initial Value: Not Specified.

Notes

Enter the memo information of the URL that allows upload and download.
Specify up to 128 bytes (can be a combination of fullwidth and halfwidth characters and symbols, kanji, hiragana and katakana characters).
Initial Value: Not Specified.

Registered devices

The number of registered cases and the maximum number of registrations are displayed.

Add/Update

The URL of the Web site that allows upload and download will be added.
Up to 100 cases can be added.

After modifying the Notes information of lines selected in the List of sites allow uploading and downloading, the information can be updated (The URL Character String cannot be updated.).

Delete

The lines selected in the List of sites allow uploading and downloading will be deleted.

Note

Client (CT) for V14.1.0 and V14.2.0 when the path part is included in the URLs set for the allowed sites

In V14.3.0 or later (Master) Management Server/Management Console, the path part can be included in the URLs set for the allowed sites. (Example: jp.fujitsu.com/solutions)

If operation is performed with a policy in which the path part is included in the URLs set for the allowed sites. However, uploading and downloading to and from the allowed sites will not be allowed on the client (CT) for V14.1.0 and V14.2.0. In this case, specify the host name part of the URL ("jp.fujitsu.com" in "jp.fujitsu.com/solutions") as the URL of the allowed site.

Example:

Upload and download prohibition settings: Settings other than Do not Prohibit

URL of the allowed site set: jp.fujitsu.com/solutions

  • If the URL of the website accessed is "http://jp.fujitsu.com/download.html"

    • Client (CT) for V14.3.0 or later: Would determine that it is not an allowed site.

    • Client (CT) for V14.1.0 and V14.2.0: Would determine that it is not an allowed site.

  • If the URL of the website accessed is "http://jp.fujitsu.com/solutions/download.html"

    • Client (CT) for V14.3.0 or later: Would determine that it is an allowed site.

    • Client (CT) for V14.1.0 and V14.2.0: Would determine that it is not an allowed site.

About web communication monitoring methods

The behavior will differ depending on the web communication monitoring method used. Refer to "1.2.14 Web Upload and Download Operation Prohibition" for details.

2.4.1.14 FTP Server Connection

Prohibition of the connection to the FTP server which is not permitted by the administrator can be set in FTP Server Connection.
To prohibit the connection to FTP server from Internet Explorer, set in Internet.

Item Name

Description

FTP Server Connection

Prohibit

Prohibit the access to the servers that is not specified in the List of servers allowed be connected.

Do not Prohibit
(Initial Value)

Any FTP server can be connected.

List of servers allowed to be connected

The IP address of FTP server allowed to be connected and the memo related to the server to be connected are displayed.
Initial Value: Not Displayed.

IP address

Enter the IP address (IPv4/IPv6 format) of the server to be connected.
For IPv4 addresses, specify up to 45 halfwidth numeric characters and periods. For IPv6 addresses, specify up to 45 halfwidth hexadecimal characters and colons.
Up to 100 cases can be registered.

Refer to "1.2.47 IPv6 Support" for details on registration with IPv6 addresses.
Initial Value: Not Displayed.

Notes

Enter the memo information of the server allowed to be connected, etc.
Up to 128 single-byte characters (64 double-byte characters) can be entered.
Initial Value: Not Specified.

Number of registrations

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

The server allowed to be connected will be added.
Up to 100 cases can be added.

After modifying the Notes of lines selected in the List of servers allowed to be connected, the information will be updated (The IP Address and Connecting Target port cannot be updated.)

Delete

The lines selected in List of servers allowed to be connected will be deleted.

2.4.1.15 Clipboard

The clipboard operation prohibition can be set in Clipboard.

Item Name

Description

Prohibition of clipboard operation between different environments

When the Clipboard Operation Log (Virtual Environment) option in Windows > Log collection operation is No, settings can be performed.

Prohibit

The clipboard operation is prohibited.

Do not Prohibit
(Initial Value)

The clipboard can be used to copy from the virtual environment to the physical environment or from the physical environment to the virtual environment.

Backup Original File

When the option of Prohibition of clipboard operation between different environments is Prohibit, the item can be set.

When this is selected:
The information (text, image, copy (move) source file path) copied from the clipboard will be backed up as the original file.

When this is not selected: (Initial Value)
The information (text, image, copy (move) source file path) copied from the clipboard will not be backed up as the original file.

2.4.1.16 Send Log

The method of sending operation logs from the client (CT) to the Management Server can be set in Send log. The sent logs are operation logs, prohibition logs and attached data.

Note

About sending command operation log to the server

Command logs are always sent immediately after collection (not affected by this setting).

The method of sending can be set according to the following cases:

Operation log sending method

Item Name

Description

Send immediately when operation logs occur
(Initial Value)

Logs will be sent to the server immediately when they are generated.

Processing of logs accumulated in CT

Set the method of sending the logs accumulated in the client (CT) due to reasons such as a mobile application immediately when the network connects to the server.

Send accumulated logs immediately after connection

If operation logs are generated, they will be accumulated at the time, and sent to the server every 10 seconds.
Prohibition logs, on the other hand, are sent when they are generated.
When connecting to the network, operation logs accumulated during disconnection from the network are sent from the client (CT) to the server every 10 seconds from the time of connection (the communication with the Management Server or Master Management Server is started).
Accumulated prohibition logs are sent every 0.5 seconds per log.
The number of accumulated logs to be sent at one time is set in Maximum number of logs can be sent at one time in the Terminal Operation Settings window.
Refer to "2.4.3 Perform Terminal Operation Settings" for details.

Send operation logs accumulated in certain amount collectively after connection

If operation logs are generated, they will be accumulated at the time, and then sent to the server in a regular interval.
Prohibition logs, on the other hand, are sent when they are generated.
When connecting to the network, a certain number of operation logs accumulated during disconnection from the network are sent from the client (CT) to the server at a regular interval from the time of connection (the communication with the Management Server or Master Management Server is started).

Accumulated prohibition logs are sent every 0.5 seconds per log.
The amount of accumulated logs to be sent at one time and the interval for sending are set in the Terminal Operation Settings window. Refer to "Perform Terminal Operation Settings" for details.

Send after collecting logs for a certain period

The same behavior as when Send immediately when operation logs occur > Send operation logs accumulated in certain amount collectively after connection is selected.

Send all logs in specified time

Send logs to server in the specified time.
Start time of sending of logs must be set.
[About the Time Required for Completing Log Sending]

The standards are as follows. The number of clients (CT number of sets) and amount of logs are basically in proportion to the time required for log sending.

Example 1

  • The number of clients (CT number of sets): 1000

  • Number of daily logs: 1000

  • Time required for log sending: About 15 minutes at most

Example 2

  • The number of clients (CT number of sets): 2000

  • Number of daily logs: 1000

  • Time required for log sending: About 30 minutes at most

The number of logs to be sent at one time and the interval for sending are set in the Terminal Operation Settings window. Refer to "Perform Terminal Operation Settings" for details.

2.4.1.17 Log Collection Operation (Android)

In Android > Log collection operation, specify whether to collect each log type. Select Yes, and the operation logs for the smart device (agent) will be collected.

The following describes the settings configured in Android > Log collection operation.

Item name

Description

Web access log

Logs accessed from standard browsers will be collected.
Default value: No is selected.

SD card mount/unmount log

SD card mount/unmount logs will be collected.
Default value: No is selected.

SIM card mount/unmount log

SIM card mount/unmount logs will be collected.
Default value: No is selected.

Wi-Fi connection log

Wi-Fi connection/disconnection logs will be collected.
Default value: No is selected.

Bluetooth connection log

Bluetooth connection/disconnection logs will be collected.

Default value: No is selected.

Incoming/outgoing calls log

Phone numbers will be collected from the phone call history, and if the numbers are registered in the phonebook, then the names of those associated with the numbers will also be collected.

Default value: No is selected.

Application usage log

Logs for applications used will be collected.

Default value: No is selected.

Application configuration change log

Application configuration change (install/uninstall) logs will be collected.

Default value: No is selected.

2.4.1.18 Wi-Fi Connection

In Wi-Fi connection, specify the BSSID for the access point to prohibit Wi-Fi use.

Item name

Description

Wi-Fi connection prohibition

Prohibit

Prohibits connection to the access points specified in Registered access point list.

Enable connection of registered access points

Enables connection to the access points specified in Registered access point list.

Disable connection of registered access points

Disables connection to the access points specified in Registered access point list.

Do not Prohibit
(Default value)

Connection to any access point is possible.

Registered access point list

Displays the access point name, BSSID, and notes for the access points to which connection will be enabled or disabled.
Default value: No value is displayed.

Access point name

Enter the access point name.

Specify up to 254 halfwidth (127 fullwidth) characters. Up to 100 names can be registered.

Default value: No value is displayed.

BSSID

Enter the access point Basic Service Set Identifier (BSSID). The characters that can be entered comply with the BSSID convention. Enter the BSSID in the "XX:XX:XX:XX:XX:XX" or "XX-XX-XX-XX-XX-XX" format. ("X" denotes a halfwidth alphanumeric character while ":" and "-" denote halfwidth colon and halfwidth hyphen respectively.)

(Example: 02:E0:32:33:A3:C0)

Default value: No value is displayed.

Notes

Enter information such as notes on the access points to which connection is allowed.

Specify up to 128 halfwidth (64 fullwidth) characters.

Default value: No value is specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Adds access points to which connection will be allowed.

Information will be updated when Access point name and Notes for the row selected in Registered access point list are changed. A new access point will be added when BSSID is changed.

Delete

Deletes the row selected in Registered access point list.

2.4.1.19 Bluetooth Connection

In Bluetooth connection, set the MAC address for Bluetooth devices on which Bluetooth use will be prohibited.

Item name

Description

Bluetooth connection prohibition

Prohibit

Prohibits connection to the Bluetooth devices specified in Registered Bluetooth device list.

Enable connection of registered Bluetooth devices

Enables connection to the Bluetooth devices specified in Registered Bluetooth device list.

Disable connection of registered Bluetooth devices

Disables connection to the Bluetooth devices specified in Registered Bluetooth device list.

Do not Prohibit
(Default value)

Connection to any Bluetooth device is possible.

Registered Bluetooth device list

Displays the Bluetooth device name, MAC address, and notes for the Bluetooth devices to which connection will be enabled or disabled.
Default value: No value is displayed.

Bluetooth device name

Enter the Bluetooth device name.
Specify up to 254 halfwidth (127 fullwidth) characters. Spaces can only be specified in-between characters. Up to 100 Bluetooth device names can be registered.
Default value: No value is displayed.

Control characters cannot be specified.

MAC address

Enter the MAC addresses for uniquely identifying Bluetooth devices. The characters that can be entered comply with the MAC address convention. Enter the MAC address in the "XX:XX:XX:XX:XX:XX" or "XX-XX-XX-XX-XX-XX" format. ("X" denotes a halfwidth alphanumeric character while ":" and "-" denote halfwidth colon and halfwidth hyphen respectively.)

(Example: 02:E0:32:33:A3:C0)

Default value: No value is displayed.

Notes

Enter information such as notes on the Bluetooth devices registered.

Specify up to 128 halfwidth (64 fullwidth) characters.

Default value: No value is specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Add/Update

Adds Bluetooth devices to which connection will be allowed.

Information will be updated when Bluetooth device name and Notes for the row selected in Registered Bluetooth device list are changed. A new Bluetooth device will be added when MAC address is changed.

Delete

Deletes the row selected in Registered Bluetooth device list.

2.4.1.20 Application (Android)

In Android > Application, set the package name for prohibited applications.
You can also set whether to prohibit use of specified applications outside business hours only, and whether to delete application data outside business hours, and so on.

Item name

Description

Application usage prohibition

Prohibit

Prohibits use of packages specified in Prohibited package name list.

Do not Prohibit
(Default value)

Any package can be used.

Prohibited package name list

Displays the package name and notes for the package to be prohibited.
Default value: No value is displayed.

Prohibited package name

Enter the package name. The characters that can be entered comply with the package name convention. Entering of the extension (apk) is optional.
Specify up to 254 halfwidth (127 fullwidth) characters. Spaces can only be specified in-between characters.
Up to 100 package names can be registered.
Default value: No value is displayed.

Control characters cannot be used.

Notes

Enter information such as notes on the packages.
Specify up to 128 halfwidth (64 fullwidth) characters.
Default value: No value is specified.

Registered devices

The number of registered cases and the maximum number of registrations possible are displayed.

Prohibit use outside business hours

Select this to prohibit the use of specified packages outside business hours.
Default value: Not selected.
Refer to "2.4.3 Perform Terminal Operation Settings" for details on the use outside business hours.

Delete application data outside business hours

Select this to delete the data of specified packages outside business hours.

If packages for which this item is selected are installed, the following message will be output when outside business hours. This message will be output only once outside business hours.
Until data deletion is completed, other operations cannot be performed.

[AA10-WRN004]
System administrator prohibits the use of the application outside business hours so the data will be deleted.
Tap 'OK'. If the application screen appears, tap 'Clear data' to delete the data. The data in the following folders are deleted automatically:
 - Folders used by the application
 - Any folders specified by system administrator

Default value: Not selected.

Refer to "2.4.3 Perform Terminal Operation Settings" for details on the use outside business hours.

detailed Settings

Click this to delete data on external storage devices such as SD cards.
When this item is clicked, the Application Usage Prohibition - Advanced Settings window will be displayed, and you will be able to specify a folder for the external storage on the Android device.

The rule for entering the folder name is as follows:

  • The folder name that can be entered complies with the folder path convention for Linux.

  • There is no specific character that cannot be used for the folder name.

  • Specify an absolute path (only a path starting with "/" can be entered) for the folder name. (*1)

  • The maximum length of the folder name that can be entered is 254 halfwidth (127 fullwidth) characters.

  • The maximum length of the note that can be entered is 128 halfwidth (64 fullwidth) characters.

  • The name is not case-sensitive.

Add/Update

Adds or updates the packages to be prohibited.

Information will be updated when Notes for the row selected in Prohibited package name list is changed. A new package will be added when Prohibited package name list is changed.

Delete

Deletes the row selected in Prohibited package name list.

*1: The absolute path here means the absolute path from the SD cards.

An example is shown below.

2.4.1.21 Device Functionality

In Device Functionality, set the prohibition feature for iOS devices.

Item name

Description

Allow installation of apps

Specify whether to allow installation of applications.
To prohibit it, clear this item.
Default value: Selected.

Allow use of camera

Specify whether to allow use of the camera.
To prohibit it, clear this item.
Default value: Selected.

Allow FaceTime

Specify whether to allow FaceTime.
To prohibit it, clear this item.
Default value: Selected.

Allow screen capture

Specify whether to allow screen capture.
To prohibit it, clear this item.
Default value: Selected.

Allow automatic sync while roaming

Specify whether to allow automatic synchronization during roaming.
To prohibit it, clear this item.
Default value: Selected.

Allow Siri

Specify whether to allow Siri.
To prohibit it, clear this item.
Default value: Selected.

Allow Siri while device locked

Specify whether to allow Siri when the device is locked.
To prohibit it, clear this item.
Default value: Selected.

Allow voice dialing

Specify whether to allow voice dialing.
To prohibit it, clear this item.
Default value: Selected.

Allow use of Passbook while device locked

Specify whether to allow Passbook when the device is locked.
Passbook was integrated to Wallet in iOS 9.
To prohibit it, clear this item.
Default value: Selected.

Allow In-App Purchase

Specify whether to allow in-app purchases.
To prohibit it, clear this item.
Default value: Selected.

Force user to enter iTunes Store password for a purchases

Specify whether to force the user to enter iTunes Store password before any purchase.
To force it, select this item.
Default value: Not selected.

Allow multiplayer gaming

Specify whether to allow multiplayer gaming.
To prohibit it, clear this item.
Default value: Selected.

Allow adding Game Center friends

Specify whether to allow Game Center friends to be added.
To prohibit it, clear this item.
Default value: Selected.

2.4.1.22 Application (iOS)

In iOS > Application, set the prohibition feature for iOS applications.

Item name

Description

Allow use of YouTube

Specify whether to allow use of YouTube.
To prohibit it, clear this item.
Default value: Selected.

Allow use of iTunes Store

Specify whether to allow use of the iTunes Store.
To prohibit it, clear this item.
Default value: Selected.

Allow use of Safari

Specify whether to allow use of Safari.
To prohibit it, clear this item.
Default value: Selected.

Enable autofill

Specify whether to enable autofill.
To disable it, clear this item.
Default value: Selected.

Force fraud warning

Specify whether to allow access to suspicious websites.
To prohibit it, clear this item.
Default value: Not selected.

Enable JavaScript

Specify whether to enable JavaScript.
To disable it, clear this item.
Default value: Selected.

Block pop-ups

Specify whether to enable pop-ups.
To disable it, clear this item.
Default value: Not selected.

Accept cookies

Select from the menu to specify whether to enable cookies.

  • No
    Disables cookies.

  • From visited sites
    Disables cookies from websites other than those directly accessed.

  • Always confirm (Default value)
    Enables cookies.

2.4.1.23 iCloud

In iCloud, set the iCloud prohibition feature for iOS.

Item name

Description

Allow backup

Specify whether to allow backup to iCloud.
To prohibit it, clear this item.
Default value: Selected.

Allow document sync

Specify whether to allow document synchronization.
To prohibit it, clear this item.
Default value: Selected.

Allow Photo Stream (disallowing can cause data loss)

Specify whether to allow Photo Stream.
To prohibit it, clear this item.
Default value: Selected.

Allow Shared Photo Stream

Specify whether to allow shared Photo Stream.
To prohibit it, clear this item.
Default value: Selected.

2.4.1.24 Security and Privacy

In Security and privacy, configure settings for sending data to Apple and security settings.

Item name

Description

Allow diagnostic data to be sent to Apple

Specify whether to allow diagnostic data to be sent to Apple.
To prohibit it, clear this item.
Default value: Selected.

Allow users to accept untrusted TLS certificates

Specify whether to allow untrusted TLS certificates to be accepted.
To prohibit it, clear this item.
Default value: Selected.

Forced encrypted backups

Specify whether to forcibly encrypt backups.
To encrypt backups, clear this item.
Default value: Not selected.

2.4.1.25 Content Ratings

In Content Ratings, specify the content that can be viewed depending on the ratings.

Item name

Description

Allow explicit music, Podcasts, and iTunes U content

Specify whether to allow explicit music, Podcasts, and iTunes U content.
To prohibit it, clear this item.
Default value: Selected.

Allow adult content in iBooks Store

Specify whether to allow adult content in iBooks Store.
To prohibit it, clear this item.
Default value: Selected.

Ratings region

Select the appropriate ratings region from the menu.

  • U.S.

  • Australia

  • Canada

  • Germany

  • France

  • Ireland

  • Japan (Default value)

  • New Zealand

  • U.K.

Note

If Content Ratings is set for an iOS device, region settings different from Ratings region in the iOS device may not take effect.
Configure the setting to suit the Ratings region setting in the iOS device.

Allowed content ratings

Configure the content prohibition settings to suit the ratings for the region selected in Ratings region.

Movies

Select the movie ratings from the menu.

  • Do not allow movies
    Prohibits movies.

  • Allow All movies (Default value)
    Allows all movies.

Other selection items vary depending on the region selected in Ratings region. Configure settings in accordance with the ratings for respective regions.

TV Shows

Select the TV show ratings from the menu.

  • Do not allow TV programs
    Prohibits TV programs.

  • Allow All TV programs (Default value)
    Allows all TV programs.

Other selection items vary depending on the region selected in Ratings region. Configure settings in accordance with the ratings for respective regions.

Apps

Select the application ratings from the menu.

  • Do not allow Apps
    Prohibits applications.

  • Allow All Apps (Default value)
    Allows all applications.

  • 4+
    Allows applications with 4+ ratings only.

  • 9+
    Allows applications with up to 9+ ratings.

  • 12+
    Allows applications with up to 12+ ratings.

  • 17+
    Allows applications with up to 17+ ratings.

Selection items are common to all regions.