To reduce the risk of information disclosure, the media that can be used can be restricted individually when exporting files and folders using the File Export Utility, Windows Explorer, and so on.
The permitted media requires policy setting in the Management Console.
The information exported by the File Export Utility, used media, export date and time, export person, and so on, can be collected as a file export log.
The information exported by Windows Explorer, used media, export date and time, export person, and so on, can be collected as a file operation log.
In addition, if the use of media is restricted individually, and when media that are not permitted are inserted, "Violation" will be recorded in the device configuration change log. This information can be sent to the administrator by email. The violation can also be recorded as an event log.
The media information can be registered using the window.
In addition, the registered media information can be output to a CSV file for checking.
Refer to "2.4.4 Register Devices/Media" for details on how to register media.
Note
Notes on Allow to use all USB devices and media registered in Management Server being set to Yes
If Allow to use all USB devices and media registered in Management Server is set to Yes in the File Export Prohibition - Individual Identification Feature - Detailed Settings window in the policy and multiple users are logged on, the individual media identification feature operates according to the user policy.
However, the evaluation for the USB device/media to be identified individually will be performed according to the CT policy.
If the difference of system time between the client (CT) and Management Server is equal to or more than the value in Notification in the administrator notification settings of the Server Settings Tool, devices cannot be used even if they are registered to the Management Server.
USB device/media connection history (USB individual information/media individual information) can be retained for up to 30 USB devices. If a USB device/media is connected when the client (CT) cannot communicate with the Management Server, the usage of the USB device/media will be allowed if it is listed in this history.
Note
Notes for when a USB device/media is connected while multiple users are logged on
If a USB device/media is left connected when one user logged off and there are still other users logged on, the USB device/media information such as the last update date may be updated.
Point
Conditions under which the media individual identification feature can be set
When File export/read is set to the patterns below, the media individual identification feature can be set.
Pattern 1
When File Export Utility is set to can be used
Pattern 2
When File access control is set to Yes
When Read prohibition is set to Removable, or
When Specify Drive Type is set to Removable
Additionally, media individual identification is possible only if a USB for which Individually identify media is set in the Device/Media Registration window is set as a target for individual identification.
Note
Internal card readers are not supported for media individual identification.
