To reduce the risk of information disclosure, the USB devices that can be used can be restricted individually when exporting files and folders using the File Export Utility and Explorer, etc.
The permitted USB device requires policy setting in the Management Console.
The information exported by File Export Utility, used media, export date and time and export person, etc., can be collected as a file export log.
The information exported by Explorer, used media, export date and time and export person, etc., can be collected as a file operation log.
In addition, if the use of a USB device is restricted individually, and when the USB devices that are not permitted (it is limited to those identified as removable devices, CD/DVD, portable devices, and imaging devices) are inserted, "Violation" will be recorded in the device configuration change log. This information can be sent to the administrator by E-mail. In addition, it can be recorded as an event log.
The registered USB device information includes the method of registering using the window and registering using a CSV file.
In addition, the registered USB device information can be output to a CSV file. The functions are as follow:
Confirm the USB device that has been registered.
Transfer the registered USB device information to another Management Server.
Change the registered USB device information.
Delete the registered USB device information.
Refer to "2.4.4 Register Devices/Media" for details on how to register a USB device.
Note
Notes on Allow to use all USB devices and media registered in Management Server being set to Yes
If Allow to use all USB devices and media registered in Management Server is set to Yes in the File Export Prohibition - Individual Identification Feature - Detailed Settings window in the policy and multiple users are logged on, the individual device identification function operates according to the user policy.
However, the evaluation for the USB device to be identified individually will be performed according to the CT policy.
If the difference of system time between the client (CT) and the Management Server is equal to or more than the value in Notification in the administrator notification settings of the Server Settings Tool, devices cannot be used even if they are registered to the Management Server.
USB device connection history (USB individual information) can be retained for up to 30 USB devices. If a USB device is connected while the client (CT) cannot communicate with the Management Server, usage of the USB device will be allowed if it is listed in this history.
Note
Notes for when a USB device is connected while multiple users are logged on
If a USB device is left connected when a user logs off while other users are logged on, the USB device information (such as the last update date) may be updated.
Point
Conditions under which Individual Identification can be set
When the File export/read is set to the following patterns, individual identification can be set.
Pattern 1
When Export using File Export Utility is set to can be used
Pattern 2
When File Access Control is set to Yes
When Read Prohibition is set to Removable, Or
When Specify Drive Type is set to Removable
