JP2014099208A - Program for computer system management, computer, and method of managing computer system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable a computer managing a computer system installed in and run by an organization to ensure that essential software is installed in each computer in the system.SOLUTION: A managing computer has essential application storage means for storing information on applications which are specified and set by an organization as essential applications to be installed on each computer constituting the system without fail, and is configured to function as; means for storing information on applications already installed on each computer, which is reported by each computer at startup or periodically; means for detecting essential applications not installed on each computer by comparing the information on applications already installed and the information from the essential application storage means; and means for sending notifications to urge installation of the detected applications.

Description

  The present invention relates to a computer system management program, a computer, and a computer system management method for managing a computer system in which a plurality of computers are connected by a network so as to ensure that necessary measures are taken for security.

  A computer system in which a plurality of computers are connected via a network is provided and operated in various organizations such as corporations, local governments, public organizations such as countries, research institutions, and schools.

  In such a computer system, each computer is required to have the same application (software). Especially, each computer is protected against various dangers such as data destruction due to viruses, hackers, etc. and information leakage. Need to guarantee that they are taking the same countermeasures (each computer has the same countermeasure software).

  As an example of a software management technique in a conventional computer system composed of a plurality of computers, there is a “software introduction management system” (see Patent Document 1). The configuration is shown in FIG. 30 as a configuration of a conventional example. In the figure, 80 is a management computer, 81 is a software configuration table showing the correspondence between the software name for each software and the names of all files necessary to configure the software, 82 is a software registration unit, and 83 is for management A plurality of user computers managed by the computer 80, 84 is a file name notification unit provided in each user computer 83, and 85 is between each user computer 83, the user computer 83 and the management computer 80. And communication means for performing communication between the user computer 83 and the outside.

  Each user's computer 83 such as a personal computer of each user activates the file name notifying unit 84 in response to, for example, a power-off instruction for each use, and the file name stored in the computer is stored in the management computer 80. Forward. The management computer refers to the software configuration table 81 in which the names of files (programs) constituting each software are registered for the software expected to be installed on each personal computer, and is sent from each user computer 83. The software name is estimated from the name and registered in the software registration unit 82 as the software name installed in each user computer 83. As a result, the software names of the software installed in each user computer 83 can be automatically collected and managed without causing human omissions or errors.

  However, with this technology, the software (applications) installed on each personal computer can be viewed all at once, but various security applications necessary for the system have been installed, or the computer user has his / her own. Even when the installed application is not compatible with other applications, it is difficult to immediately determine that the application is configured with a large number (for example, 1000) of computers.

  In recent years, software that protects against the dangers of viruses, hackers, and other data destruction and leakage of confidential information against computers, such as anti-virus software, highly secure software against external attacks, and theft Encrypted software, etc. prepared for have been developed and put on the market one after another. These countermeasure software are sold separately by various companies as individual products, and there is no comprehensive software with all functions. Organizations that want to prevent dangers have to deal with each individual product. It was selected and introduced. Therefore, it is necessary to install and operate multiple countermeasure software on one computer. However, even if the organization intends to introduce countermeasure software and avoid the danger, if the security policy is implemented, the danger is avoided, but the management of the organization is incomplete and the countermeasure software is not installed. If one computer is left alone, the computer will be damaged, and the safety and trust of the entire organization will be lost.

  There is also software that installs commercially available software products on multiple personal computers and manages software licenses (management of the number of installable personal computers with software license agreements). The software centrally manages the names of the software installed on each personal computer, and has a database for the number of licenses for each software, so that the administrator can easily grasp whether each software has been illegally copied more than the number of licenses. . As an additional function, this software has a new file creation date from the last time it was examined for a patch program for filling a newly discovered defect for a specific OS at a certain period and a pattern file for a specific anti-virus software. It has an additional function to check whether or not the alarm is displayed and display an alarm on the PC screen when it is not new. However, such an additional function does not raise an alarm for any specified software (software or program specified as a program to be installed).

Japanese Patent No. 3409370

  As described above, in a computer system in which a plurality of conventional computers are connected by a network such as a LAN, it is confirmed that software essential to the operation of the organization is securely installed on each computer, and unnecessary software exists. In particular, it is difficult to guarantee the security of software of each computer in a computer system provided with a huge number of computers (for example, 1000).

  The present invention solves this problem and manages software (applications) essential to the security of a computer system composed of a plurality of computers to be surely installed on each computer, and allows installation to be performed when it is not installed. An object of the present invention is to provide a computer system management program, a computer, and a computer system management method.

  The present invention manages the user-side reporting program that reports the installation program from the user's computer to the management device so that the software installed by the user of each computer is compatible with other software. Other purposes are to detect what is not, detect necessary software, and installation of specific specified software.

  The present invention autonomously installs the essential software if it is not installed, and not only detects that the software that is incompatible with the essential software is installed, but also is incompatible with software other than the essential software. Software that is incompatible with the normal operation of an organization (company) that operates computer systems (for example, game software, low-risk dangerous software with a security hole, etc.) Another purpose is to make it possible to install.

  Furthermore, the computer system management device (server side) detects that the required software is not installed and installs the software, or detects that the nonconforming software is installed and uninstalls the software. In addition to being performed on the individual computer (client side) alone, it is also possible to make it possible offline as well.

  In order to solve the above problems, the present invention decides software (simply called software) essential for operation by an organization that has a computer system in advance, registers it in the computer system management device, and is installed in each computer. Install a user-side reporting program that performs the function of reporting the registered application program (simply referred to as an application) to the computer system management device of the computer system, and receives the report from the computer system from each computer and installs it on each computer Collected software, detect required apps not installed or detect non-conforming apps, and detect and display computers that do not have required apps installed or computers that do not have specific apps installed It is possible.

  In addition, when the present invention detects that an essential application has not been installed in the above computer system management apparatus, the present invention forcibly installs the non-installed essential application, so that a non-conforming application (an application that is incompatible with the essential application). Not only apps that are not compatible with other apps, and apps that are not compatible with the normal operation of computer systems (including game software, low-risk dangerous software with security holes, etc.) are detected. Then, the corresponding application is uninstalled.

  Furthermore, the present invention registers essential applications and non-conforming apps on each computer connected to the computer system management apparatus by communication means, and detects detection of non-installation of non-conforming apps on each computer. To install required apps and uninstall non-conforming apps immediately online so that they can be performed on offline computers.

  FIG. 1 shows a first principle configuration of the present invention, and FIG. 2 shows a second principle configuration of the present invention.

  In FIG. 1, 1 is a computer system management apparatus that functions as a server for a computer system that manages security measures for a plurality of computers to be managed and software (applications) held by each computer, 2 is a database, 20 is a computer system. A device number management database (DB) 21 in which the locations (floors), departments, users, etc. where each computer is configured is registered, 21 is a variety of information related to the computer of each device number (computer user, use of each computer) A computer information management database (DB) 22 that stores a list of installed applications of each person's reporting program, a list of installed applications of each computer, etc., 22 is an essential application database (DB) that stores a list of applications that are essential for each computer, 23 Is Can not achieve the original function error occurs if it is operated by installing a number of software at the same time, it is an essential app and incompatible software incompatible application database that contains a list of (referred to as non-conforming application) (DB). The non-conforming application database 23 can further include a list of non-conforming applications for non-essential applications and non-conforming applications in the operation of an organization (such as a company) holding a computer system. Reference numeral 24 denotes an installation program database (DB) in which an essential application installation program to be installed in each computer and a user-side report program installation program are stored.

  3 is a check unit for managing the installation state of an application for security measures, 30 is a user-side report program non-installation detection means, 31 is an essential application non-installation detection means, 32 is a nonconforming application detection means, and 33 is The designated application non-installed computer list display means 4 is an installation unit for installing the requested application for the computer.

  5 is a management input / output unit having an input unit (keyboard or the like) and an output unit (display or the like), 6 is a computer system management device 1 and a plurality of computers (7 to be described later), a server (not shown), an external Communication means such as a LAN (local area network) for mutually connecting external connection means 8 etc. for communicating with other networks (public network, dedicated line, etc.), and 7 are mutually connected by a communication means 6 such as a LAN. Each computer 7 is provided with a CPU, a memory for storing data and programs, a hard disk, an input / output device and the like (not shown). Reference numerals 70 and 71 denote a part of the memory in the computer 7, reference numeral 70 denotes an installed application storage unit that stores installed applications (synonymous with application programs), and reference numeral 71 denotes all applications installed in the own computer when executed. This is a user-side reporting program having a function of reporting (or notifying) to the computer system management apparatus 1. 8 is an external connection means for connecting a system constituted by the computer system management apparatus 1, communication means 6 and a plurality of computers 7 to an external network, and includes a router, firewall, server, IDS (intrusion detection system: Security means such as an intrusion detection system.

  In the first principle configuration shown in FIG. 1, the computer-side management program 21 refers to the computer information management database 21 by the user-side report program non-installation detection means 30 of the check unit 3 of the computer system management device 1 and uses corresponding to the device number of each computer. From the list of the presence / absence of the user-side reporting program installed, it is checked whether there is a computer 7 on which the user-side reporting program is not installed, and if there is, the installation unit 4 is driven and stored in the installation program database 24 for the corresponding computer 7 The installed user-side reporting program is executed. Next, the essential application non-installation detecting means 31 refers to the computer information management database 21, and the essential application stored in the essential application database 22 is installed in the list of installed applications corresponding to the device number of each computer. If there is an uninstalled application, the installation unit 4 is driven to install the uninstalled application from the installation program database 24 to the corresponding computer 7.

  Further, the nonconforming application detection means 32 of the check unit 3 of the computer system management apparatus 1 is also installed in each computer 7 stored in the computer information management database 21 when it is driven at regular intervals or according to an instruction from the management input / output unit 5. Each application is checked with reference to a list stored in the non-conforming application database 23 to determine whether non-conforming applications are installed together. When a non-conforming application is detected by the non-conforming application detecting means 32, a notification that prompts the computer 7 to uninstall the non-conforming application is issued, and the computer that received the notification is uninstalled. The designated application non-installed computer list display means 33 is a computer (device number or name) in which the designated application (user-side report program, essential application, specific program, etc.) is not installed in the management input / output unit 5. ) Is detected and the list is displayed on the output unit of the management input / output unit 5.

  The user-reporting program non-installation detecting means 30 detects that the user-side reporting program is not installed on a certain computer, and simultaneously installs the user-side reporting program on the corresponding computer. When the application non-install detection means 31 detects that the essential application is not installed on the computer, it can be prompted to install the non-installed essential application together with the user-side report program.

  In the first principle configuration of FIG. 1, the computer system management apparatus 1 on the server side mainly performs a check of application programs installed on a plurality of client computers 7 to detect that an essential application has not been installed. Installation and uninstallation processing when a nonconforming application is detected are controlled by the server side. However, the above functions cannot be realized unless the server side is loaded and the client computer is online. In order to cope with this, the second principle configuration shown in FIG. 2 is such that the client side computer is the main body and each can realize the same function online or offline.

  In FIG. 2, each part of the reference numerals 1 to 3 and 5 to 7 is the same as the same reference numeral in FIG. Further, 20 to 24 inside the database 2 of the computer system management apparatus 1 have the same names as the respective parts having the same reference numerals in FIG. 1, and the non-conforming application DB 23 has applications that are incompatible with the essential applications as described with reference to FIG. In addition, a list of various applications that are incompatible with the normal operation of the organization (company) that operates the computer system (for example, game software, low-risk dangerous software with a security hole, etc.) is stored. . Further, 21a inside the computer information management database (DB) 21 is an access log database (DB), 25 for storing recording data of access (mainly access to the essential application DB 22 and non-conforming application DB 23) from each computer 7 of the client. Is a full app list database that contains a list of prominent applications used for computer system organizations. The user-side report program non-installation detecting means 30 and the designated application non-installed computer list display means 33 of the check unit 3 are the same as those in FIG. 1, and 34 is a database (DB) for managing the update of the database provided in each computer 7 Update management means. Reference numeral 40 denotes an installation program management unit that manages an installation program of the installation program database 24, and reference numeral 41 denotes a registration unit that performs processing for registering an essential application and a non-conforming application in the essential application database 22 and the non-conforming application database 23 of the database 2.

  The computer 7 is connected to the computer system management apparatus 1 via the communication means 6 to perform online processing, or operates offline independently. 70 in the computer 7 is an installed application storage unit that stores installed programs, 72 is an essential application database (DB) that stores a list of essential applications, 73 is a nonconforming application database (DB) that stores a list of nonconforming applications, Reference numeral 74 denotes an installed application database (DB) that stores a list of installed applications. Reference numeral 75 denotes installed application detection means for detecting an application installed in the own computer. 76 is a check unit, 76a is an essential application non-installation detection unit, 76b is a non-conforming application detection unit, 77 is an installation / uninstallation unit, and 78 is an input / output unit provided in the computer 7.

  In the configuration of FIG. 2, the installed application detecting means 75 detects the application program stored in the installed installed application storage unit 70 and stores the list in the installed application database 74. The computer 7 is connected to the computer system management apparatus 1 on the server side via the communication means 6 and the essential application database 22 and the incompatible application database 23 stored in the database 2 of the computer system management apparatus 1 are accessed in an online state. Then, each stored DB list is copied (downloaded) to the computer 7. As for information of the computer 7 that has accessed the essential application DB 22 and the nonconforming application DB 23, the access date and time and the computer name (machine name) are recorded in the access log DB 21a. This record is used to check whether the latest essential app and non-conforming app information is registered in each computer.

  If the list of required applications and the list of incompatible applications cannot be obtained online, the computer system management apparatus 1 copies them to a recording medium such as a CD (compact disk) or FD (flexible disk) and reads them by each computer 7. Each of the databases 72 and 73 can be stored. When the check unit 76 of the computer 7 is driven at a fixed period or according to an instruction from the input / output unit 78, the required application non-installation detecting unit 76a installs the installed application database for each required application in the list stored in the required application database 72. It is sufficient that all the installed applications are checked against the list of 74, but if an essential application that is not included in the installed list is detected, a list of uninstalled essential applications is displayed on the input / output unit 78 and installed. Notify the uninstalling means 77 as well. Similarly, the non-conforming application detection means 76b compares each application in the non-conforming application list stored in the non-conforming application database 73 with the list in the installed application database 74, and when a matching application is detected, the non-conforming application list is input to the input / output unit. 78, and the install / uninstall means 77 is notified of the incompatible application.

  The install / uninstall unit 77 is activated according to a check result from the check unit 76 or according to an instruction from the input / output unit 78, and when an incompatible application is received from the check unit 76, the install application storage unit 70. Uninstall the non-conforming app offline. Further, when the essential application is notified from the essential application non-install detection means 76a, the essential application is specified by connecting the computer 7 to the computer system management apparatus 1 of the server via the communication means 6 and bringing it online. When the installation is requested, the required program is extracted from the installation program database 24 by the installation program management unit 40, transferred to the computer 7, and installed in the installation application storage unit 70. The computer system management apparatus 1 copies an uninstalled essential application to a portable recording medium (FD or CD) under the control of the installation program management unit 40 and installs it from the recording medium by the computer 7. You can install required apps offline. Alternatively, an administrator who operates the computer system management apparatus 1 can lend an original of an essential application and install it from a recording medium that is the original.

  According to the first principle configuration of the present invention, each computer of the computer system repeatedly reports the installed application to the computer system management apparatus, and the computer system management apparatus holds the essential application in advance and reports from each computer. By checking whether the required application is installed in the installed application, and detecting that there is a non-conforming application among the installed applications, it prevents computer errors and guarantees the security of the computer system. can do.

  Further, according to the second principle configuration of the present invention, on the client side computer side, it is detected independently of the server computer system management device that the indispensable application has not been installed or various inconveniences in the operation of the computer. It is possible to detect that a non-conforming application (not only a non-conforming application for a required application) is installed, install the required application that has not been installed immediately, and immediately uninstall it when a non-conforming application is detected This makes it possible to guarantee the security of each computer independently of the server side.

It is a figure which shows the 1st principle structure of this invention. It is a figure which shows the 2nd principle structure of this invention. It is a figure which shows the flowchart of non-installation detection of a user side report program. It is a figure which shows the example of an installation instruction | indication screen. It is a figure which shows the structural example of apparatus number management DB. It is a figure which shows the structural example of computer information management DB. It is a figure which shows the structural example of essential application DB. It is a figure which shows the structural example of nonconforming application DB. It is a figure which shows the structural example of installation program DB. It is a figure which shows the flowchart of an essential application non-installation detection. It is a figure which shows the example of the reason input screen which does not install. It is a figure which shows the flowchart of nonconforming application detection. It is a figure which shows the example of a nonconforming application uninstall instruction | indication screen. It is a figure which shows the flowchart for a designated application non-installed computer list display. It is a figure which shows the flowchart for list display of a computer in which countermeasures are not implemented (dangerous computer). It is a figure which shows the example of a countermeasure unimplemented computer (dangerous computer) list. It is a figure which shows the flowchart which promotes essential application installation at the time of user side report program installation. It is a figure which shows the structure of the one part database used by the structure of FIG. It is a figure which shows the flowchart of a registration part. It is a figure which shows the structural example of the screen for operation. It is a figure which shows the specific example of registration to essential application DB. It is a figure which shows the flowchart of an essential application non-installation detection in a computer. It is a figure which shows the flowchart of an essential application non-installation countermeasure online. It is a figure which shows the flowchart of the required application non-installation countermeasure in offline. It is a figure which shows the flowchart of a nonconforming application countermeasure in a computer. It is a figure which shows the 1st flowchart of an online nonconforming application countermeasure. It is a figure which shows the 2nd flowchart of online nonconforming application countermeasures. It is a figure which shows the flowchart of a nonconforming application countermeasure in offline. It is a figure which shows the flowchart of DB update management in a computer system management apparatus. It is a figure which shows the structure of a prior art example.

  The computer system management apparatus 1 and each computer 7 of the computer system shown in FIGS. 1 and 2 include a CPU, a memory such as a RAM storing data and programs, a hard disk and a compact disk (CD) storing data and programs, A computer having an input / output unit including a flexible disk (FD), an input device such as a keyboard and a mouse, and an output device such as a display and a printer can be used. The database 2 shown in FIGS. 1 and 2 can be provided on a hard disk or RAM. The check unit 3 and the installation unit 4 in the computer system management apparatus 1 in FIG. 1 and the check unit 3 in the computer system management apparatus 1 in FIG. The installation program management unit 40 and the registration unit 41, the installed application detection means 75, the check unit 76, and the installation / uninstallation means 77 in the computer 7 can be configured by programs.

  The means 30 to 33 of the check unit 3 in FIG. 1 are executed using the individual databases 20 to 24 in each database 2 by the programs of the computer system management apparatus 1 and the computers 7, respectively. A description will be given using each flowchart of FIG. 17 and a related database configuration example.

  FIG. 3 is a flowchart of detection of non-installation of a user-side report program. The program represented by this flowchart corresponds to the functions of the user-side report program non-installation detection means 30 and the installation unit 4 in FIG. A. Is a flowchart of the computer system management apparatus, B. Is a flowchart of the user's computer.

  First, in the computer system management apparatus 1, when an administrator such as security instructs the thorough installation of the user side reporting program from the management input / output unit 5 (FIG. 1) (S 1 in FIG. 2), the computer system management The device 1 displays the presence / absence of installation of the user side report program from the device number-user side report program presence / absence correspondence table (see 21a in FIG. 6 described later) in the computer information management database 21 (FIG. 1). A computer identifier that is “none” is extracted, and a user-side reporting program non-installed computer table (not shown) storing each computer identifier in which the user-side reporting program is not installed is created (S2 in FIG. 3). Each user (Figure to be described later) stored in the computer report program not installed computer table With reference to the e-mail address table 21b, it transmits the "user side reporting program installation instruction mail" to the e-mail address) addressed to each user (S3 in FIG. 3).

  When this mail is opened at each destination computer (user's computer) (S10 in FIG. 3), an installation instruction screen is displayed on a display device (not shown) of the computer. An example of this installation instruction screen is shown in FIG. In this screen, “User: The following required application is not installed on your computer.” In “A: Software for XX”, the previous XX “ Side report program "is displayed with" Protect computer from danger "set in the following XX.

  When the computer user specifies (clicks) "install", the address where the application installation program ("user-side report program" installation program in the database 2 of the computer system management device 1) is stored is specified. (S11 in FIG. 3). The computer determines whether or not the address is specified. If the address is not specified, the computer ends the processing. If specified, an installation request is transmitted to the computer system management apparatus 1 (S12 in FIG. 3).

  Upon receiving this, the computer system management apparatus 1 takes out the user-side report program installation program instructed by the computer and transmits it (S4 in FIG. 3), and the computer installs the received user-side report program installation program. This is executed (S13 in FIG. 3). As a result, the user-side reporting program sends its own computer information (including the computer identifier, user, department, etc.) and installed application information indicating the names (or file names) of various applications installed on this computer. (S14 in FIG. 3). When the information from this computer is received by the computer system management device 1, it is set to “present” at the corresponding position in the device number-user side report program presence / absence correspondence table (21a in FIG. 6). “Information” is registered in the computer information table (see 21c in FIG. 6 described later) of the computer information management database 21 and registered in the installed application table (see 21d in FIG. 6 described later).

  In step S3 of the computer system management apparatus 1 described above, the installation instruction is transmitted by e-mail. However, the user-side reporting program is installed individually on the computer on which the user-side reporting program is not installed without using e-mail. An instruction screen may be transmitted to receive the result input from the computer side.

  Here, a device number management DB (20 in FIG. 1), a computer information management DB (21 in FIG. 1), an essential application, which are individual databases (hereinafter referred to as DB) provided in the database (2 in FIG. 1). Specific configuration examples of the DB (22 in FIG. 1), the nonconforming application DB (23 in FIG. 1), and the installation program DB (24 in FIG. 1) will be described with reference to FIGS.

  FIG. 5 shows a configuration example of the device number management DB. The device number is a number assigned to an organization's property for management and is also called a property number, and is used for property management of an organization that operates a computer system. Reference numeral 20a in FIG. 5 denotes an apparatus number management table, in which items, locations (installation positions), departments, managers, users, and the like are registered corresponding to the respective apparatus numbers. Reference numeral 20b denotes a device number-computer identifier table, in which computer identifiers (computer names) assigned to the respective device numbers are registered.

  FIG. 6 shows a configuration example of the computer information management DB, and five tables are provided. 21a is a device number-user side report program presence / absence correspondence table, which is created by referring to the device number and computer identifier from the device number management table (FIG. 5), and corresponds to the device number "user side report program". Is set, the computer identifier (registered in 21a in FIG. 6) is set, the default value is “None”, and is replaced with “Yes” when the user-side reporting program is installed. Reference numeral 21b denotes a mail address table managed by an organization operating the computer system, in which mail addresses of users of the computers are registered.

  Reference numeral 21c in FIG. 6 is a computer information table. When the “user side report program” is installed in the computer, “own computer information” received from the computer is registered (see S14 and S5 in FIG. 3). The user, department, etc. are registered corresponding to the computer identifier. 21d is an installed application table. When “installed application information” indicating the installed software is sent from the “user-side reporting program” of each computer, it is converted into a software name, etc. A, B, D,... Shown in FIG. Reference numeral 21e denotes a non-installation reason table used in processing to be described later, and the reason for non-installation sent from the computer when the installation is rejected when prompting the installation is registered for each computer.

  FIG. 7 shows a configuration example of the essential application DB, in which a computer system operating organization determines computer software essential for management based on the management policy, and those that can be identified in advance are registered. Specifically, it is various software (applications) for ensuring the security of the computer system, such as encryption software for encrypting and storing data, and mail software with anti-virus measures.

  FIG. 8 shows a configuration example of a non-conforming application DB. When each essential application name is installed and operated at the same time, an error occurs and the original function cannot be achieved, and there is a problem in conformity. Is registered. Causes of nonconformity include simultaneous access to the same resource.

  FIG. 9 shows a configuration example of the installation program DB. Is an essential application installation program DB, in which an installation execution program that is a program (file) for each essential application name is stored. Is a user-side reporting program installation program DB, which is an installation program for the user-side reporting program. By executing this, the user-side reporting program is installed in the computer. After this user-reported program is installed on the computer, this program is run on the computer when the power is turned on or when it is executed at predetermined intervals. Is transmitted to the computer system management apparatus. This function is similar to the conventional technique shown in FIG. 30 (reported when the power is turned off) except that the reporting time is different.

  FIG. 10 is a flowchart of detection of essential application non-installation. The program represented by this flowchart corresponds to the essential application non-installation detecting means 31 in FIG. A. Is a flowchart of the computer system management apparatus (1 in FIG. 1); These are flowcharts of a user's computer (7 of FIG. 1).

  First, in the computer (7 in FIG. 1), when the user-side reporting program detects an application installed in its own computer at the time of starting the computer and transmits it to the computer system management device (S10 in FIG. 10), the computer The system management apparatus 1 registers the received installed application information in the installed application table 21d in the computer information management DB (see FIG. 6) (S1 in FIG. 10). In the computer system management device, in order to collate the installed application information with the essential application DB (see FIG. 7), the essential application DB is sequentially extracted from the top (S2 in FIG. 10) to determine whether there is an unverified essential application. (S3), if there is, it is determined whether the essential application is installed (S4), and if installed, the process returns to S2 and the same processing is performed for the next essential application. If it is determined in step S4 that it is not installed, it is determined whether a valid reason is registered in the non-installation reason table (see 21e in FIG. 6) (S5 in FIG. 10), and a valid reason is not registered. In this case, an “installation instruction screen” is transmitted to the computer (S5 in FIG. 10). This “installation instruction screen” has the same configuration as that shown in FIG. In the non-installation reason table, a corresponding number is set when the user on the computer side inputs the reason for not installing, and another number corresponding to a valid reason is registered in the table, so that FIG. It is determined whether or not it is a valid reason in S5.

  On the computer side, an “installation instruction screen” sent from the computer system management apparatus is displayed (S11 in FIG. 10), and it is determined whether the “install” button in the screen has been clicked by the user (S12). When clicked, an “installation request” is transmitted to the computer system management apparatus (S13). Upon receiving this installation request, the computer system management apparatus transmits the requested required application installation program to the computer (S7 in FIG. 10). The computer that has received the installation program executes the installation program (S14 in FIG. 10). If the “install” button is not clicked in the determination in step S12 on the computer (if “do not install” is clicked), an input screen for the reason for not installing is displayed.

  Here, an example has been described in which the user is asked whether or not to install, and the installation is performed based on the result, but the installation may be performed without inquiring.

  FIG. 11 shows an example of a reason input screen for not installing, where a represents the name and function of the target software, b represents an area for inputting a character for selecting a reason item or for other reasons, and c Represents an input instruction button, and d represents a button for returning to the previous screen.

  If “reason for not installing” is entered on the screen of FIG. 11 (S15 of FIG. 10) or if installation is executed in S14, an installation completion notice or a reason for not installing is sent to the computer system management apparatus (S16). The computer system management apparatus updates (or registers) the reason for not updating or installing the installed application (installed application table 21d in FIG. 6) (S8 in FIG. 6) (S8 in FIG. 10). Return.

  FIG. 12 is a flowchart of non-conforming application detection. The program represented by this flowchart corresponds to the nonconforming application detection means 32 in FIG. A. Is a flowchart of the computer system management apparatus (1 in FIG. 1); These are flowcharts of a user's computer (7 of FIG. 1).

  First, in the computer (7 in FIG. 1), the user-side reporting program detects the application installed in its own computer and transmits it to the computer system management device (S10 in FIG. 12). The received installed application information is registered in the installed application table 21d in the computer information management DB (see FIG. 6) (S1 in FIG. 12). Subsequently, in order to collate the installed application information with the nonconforming application DB (see FIG. 8) for each installed essential application, the computer system management apparatus sequentially extracts one installed essential application (S2 in FIG. 12). Then, it is determined whether there is an unverified installed essential application (S3), and if not, the process ends, but if there is, one non-conforming application is sequentially taken out (S4). At this time, it is determined whether or not there is an unmatched non-conforming application (S5 in FIG. 12). If not, the process returns to S2. If there is, the non-conforming application is determined (S6), and if it is not installed, the process returns to S4. However, if it is installed, a “non-conforming application uninstall instruction screen” is transmitted to the computer (S7).

  Upon receiving this, the “nonconforming application uninstall instruction screen” is displayed (S11 in FIG. 12). FIG. 13 shows an example of a nonconforming application uninstallation instruction screen. In this screen, the non-conforming application name is displayed in the part a of the screen, the incompatible application is displayed in b, and either the “Uninstall” button c or the “Do not uninstall” button d is displayed. You can choose.

  It is determined whether or not the user has clicked the “Uninstall” button on the screen of FIG. 13 (S12 in FIG. 12), and if clicked, the uninstallation is executed (S13), after S13, or S12. If the uninstall button is not clicked, an uninstallation completion notification or uninstallation rejection notification is transmitted to the computer system management apparatus (S14). When this is received by the computer system management device, the installed application table (21d in FIG. 6) is updated or nothing is advanced (S8 in FIG. 12), and the process returns to step S4. In this way, the same processing is executed until there is no unrecognized installed essential application in step S3. In FIG. 12, the flowchart for performing the uninstallation process as a non-conforming application as a non-conforming application with respect to the essential application has been described. However, the non-conforming application is regarded as a non-conforming application for organizational measures, and a non-conforming application list is displayed. And may be processed as an application to be uninstalled regardless of the installation state of the essential application. This includes applications other than business such as companies such as game software. In addition, it is possible to include dangerous software with low security with security holes.

  Here, an example has been described in which the user is asked whether or not to uninstall, and the uninstallation is performed based on the result. However, the uninstallation may be performed without inquiring.

  FIG. 14 is a flowchart for displaying a list of computers where the designated application is not installed. The program represented by this flowchart corresponds to the specified application non-installed computer list display means 33 in FIG. 1 and is executed in the computer system management apparatus (1 in FIG. 1).

  First, when the administrator instructs the computer system management device to “display a list of computers not installed with designated applications” and inputs “application name” (S1 in FIG. 14), the computer system management device displays the installed application table (FIG. 6 21d), unreferenced computers are picked up one by one from the top (S2 in FIG. 14), and it is determined whether there is an unmatched computer (S3). It is determined whether an application is installed (S4). If it is installed, the process returns to S2 and the same processing is performed for the next computer. If it is not installed, it is registered in the designated application non-installed computer table (not shown) (S5 in FIG. 14), and the process returns to S2. Thus, when collation is completed for each computer in turn, if it is determined NO in S3, the designated application non-installed computer table is displayed on the management input / output unit (5 in FIG. 1) (S6 in FIG. 14).

  As a computer system security measure, the computer system administrator needs to know whether an application (essential application) necessary for security is installed in each computer constituting the current system. For this reason, the flowchart for displaying a list of unimplemented computers (dangerous computers) shown in FIG. 15 is executed.

  In FIG. 15, when the security administrator instructs “display list of computers without security countermeasures” from the management input / output unit of the computer system management apparatus (S1 in FIG. 15), the computer system management apparatus displays the computer information management DB. The computer identifier of the presence / absence of installation of the user side report program is extracted from the device number-user side report program presence / absence correspondence table (21a in FIG. 6), and the user side report program non-installed computer table (not shown) ) Is created (S2 in FIG. 15). Next, for each computer registered in the computer information table (21c in FIG. 6), in order to collate the installed application table (21d in FIG. 6) with the essential application DB (FIG. 7), the identifier of the unmatched computer is set. One by one is taken out in order (S3 in FIG. 15). Here, it is determined whether there is an unmatched computer (S4). If there is, it is determined whether all essential applications are installed (S5), and if all are installed, the process returns to Step S3 to return to the next computer. If all the essential apps are not installed, they are registered in the mandatory app non-installed table (S6), and the process returns to step S3 for the next computer. Thus, when there are no unmatched computers and it is determined NO in step S4, the user-reported program non-installed computer table and the essential application non-installed table are displayed (S7 in FIG. 15).

  The display in step S7 in FIG. 15 is called a list of computers without countermeasures (or dangerous computers), and FIG. 16 shows an example of a list of computers without countermeasures (dangerous computers) used for this display. A. of FIG. The computer name, user name, e-mail address, department name, etc. are configured in the “user-side reporting program” non-installed computer table. B. of FIG. Is a “required application” non-installed table, which is composed of a computer name, a required application name (not installed), a reason not to install, a user name, a department name, and the like. These two tables are temporarily created in the computer information management DB (FIG. 6) and used for display.

  In the flowchart shown in FIG. 3, when the computer-side management program detects a computer in which the user-side reporting program is not installed, it creates a non-installed computer table and instructs the corresponding computer to install the user-side reporting program. In the flowchart shown in FIG. 10, when the computer system management device detects a computer in which the essential application has not been installed, an instruction to install the essential application is sent to the computer, and the essential application is installed. Although it was installed, it is possible to install the user-reported program and the essential application at the same time.

  FIG. 17 is a flowchart for prompting the user to install an essential application when installing a user-side report program. First, in order to install the user-side reporting program on the computer side, when the user-side reporting program installation address is clicked (S10 in FIG. 17), the computer system management device that receives this will read “User-side Reporting Program Installation Program” Is transmitted to the computer (S1). The computer side executes the "user side report program installation program" sent (S11), and the user side report program transmits its own computer information and installed application information to the computer system management device (S12). . When the computer system management device receives information from the computer, the device number-user reporting program presence / absence correspondence table is set to “present”, and the own computer information is registered in the computer information table (21c in FIG. 6) of the computer information management DB. Then, the installed application information is registered in the installed application table (21d in FIG. 6) (S2 in FIG. 17). Next, in order to collate the essential application table with the installed application, unrequired essential applications in the essential application table are taken out one by one (S3 in FIG. 17), and it is determined whether there is an unverified essential application (S4). If not, the process ends. If there is, it is determined whether the application is not installed (S5). If it is not an indispensable app that has not been installed, the process returns to step S3 and the same processing is performed for the next indispensable app. If it is an indispensable app that has not been installed, an “essential app installation instruction screen” is transmitted (S6). ). This screen has the same contents as in FIG. 4 and is displayed on the computer side (S13 in FIG. 17). It is determined whether the user has clicked the “Install” button (S14). The data is transmitted to the computer system management apparatus (S16). When the computer system management apparatus receiving this transmits the installation program (S7 in FIG. 17), the computer executes the installation application (S17). If the “install” button is not clicked in the determination in step S14 on the computer, the reason for not installing is input (S15 in FIG. 17), and then the computer has already been installed in the same manner as the processing following step S17. The reason for notifying or not installing is transmitted to the computer system management apparatus (S18). When the computer system management apparatus receives this, the installed application table is updated or registered in the non-installed reason table (S8 in FIG. 17), and the process returns to S3.

  FIG. 18 to FIG. 28 show the configuration of the embodiment corresponding to the second principle configuration of the present invention shown in FIG. 2, which mainly shows the processing in the client side computer, and is referred to as a computer system management apparatus (hereinafter referred to as a management apparatus). ) And online processing.

  18 shows the structure of a part of the database used in FIG. Is an access log DB, B.B, which is a database (DB) provided in the server side management apparatus of FIG. 2 is the entire application list DB provided in the management apparatus of FIG. 2, the other essential application DBs in the management apparatus are the same as in FIG. 7, and the installation program DB is the same as in FIG. C. Is a non-conforming application DB (23 and 73 in FIG. 2) provided in both the management device and the computer. Is the configuration of the installed application DB (74 in FIG. 2) provided in the client computer. The non-conforming application DB provided in the management apparatus shown in FIG. 1 is intended only for applications that are incompatible with the essential applications as shown in FIG. 8, but the non-conforming application DB 23 having the configuration shown in FIG. And 73 in FIG. As shown in Fig. 2, not only an app that is incompatible with an essential app is registered as a non-conforming app 1, but also an app that is inappropriate for normal operation of the organization (company) that holds the computer system is registered as a non-conforming app 2. ing.

  FIG. 19 is a flowchart of the registration unit, which is executed by the registration unit 41 of FIG. 2 (including FIG. 1). In addition, the process of this registration part also includes the process which cancels what was registered.

  A registration process desired by the administrator is selected from a menu displayed on the management input / output unit of the computer system management apparatus (hereinafter simply referred to as the management apparatus) 1 (S1 in FIG. 19). The menu includes “required application DB registration process”, “nonconforming application DB registration process”, “installation order / uninstallation order registration process” (the order of installation of essential applications on the computer and the order of uninstallation of nonconforming applications). Registration process), or “application registration process for each computer” (process for registering application of required or non-conforming application for each computer), and what is the selected process? Is discriminated (S2 in FIG. 19). When the required application DB registration process is selected, the “essential application DB registration process screen” is displayed (S3 in FIG. 19), and the administrator selects an application to be registered from the “all application list” on the screen. Or, select the application to cancel (cancel) registration. The essential application DB registration screen is a. A configuration example of the operation screen shown in FIG. Shown in This a. In the example, application names A and B are selected as applications to be registered. If the application is not included in the “all application list”, the name of the application is input, and finally a registration button is clicked (S4). Subsequently, it is checked whether or not the installation program of the selected essential application is stored in the installation program DB. If there is an essential application that is not stored, it is displayed on another screen to store (S5 in FIG. 19). Among the selected essential applications, those whose installation program is stored in the installation program DB are registered in the essential application DB (S6). Registration of an essential application is performed according to a flowchart of a registration unit in FIG.

  When the non-conforming application DB registration process is selected, the “non-conforming application DB registration processing screen” is displayed (S7 in FIG. 19), and the administrator selects an application to be registered as a non-conforming application from the “all application list” on the screen. Select or select an app to unregister. If the application is not included in the “all application list”, enter the name of the application, and finally click the registration button (S8 in FIG. 19) to register the selected nonconforming application in the nonconforming application DB ( (S9). Here, the “all application list” is acquired from the all application list DB 25 shown in FIG. 2 and displayed, and is a list of prominent applications intended for organizations.

  When installation order / uninstall order registration processing is selected, the “required application list screen” or “nonconforming application list screen” is displayed (S10 in FIG. 19), and the administrator selects the required applications in the order of installation. Or, the incompatible application is selected in the order of uninstallation, and finally a registration button is clicked (S11), and the selected order is registered in the essential application DB or the nonconforming application DB (S12). FIG. 21 described later shows a specific example in which the installation order is registered in the essential application DB.

  When the application registration process by computer is selected, a computer selection screen is displayed (S13 in FIG. 19), and the administrator selects a computer to which the essential application or the nonconforming application is applied (S14). Next, when the “essential application list screen” or “nonconforming application list screen” is displayed (S15 in FIG. 19), the administrator selects the essential application or nonconforming application to be applied to the selected computer, and finally clicks the registration button. (S16), the selected computer name and the essential application or non-conforming application are registered in the essential application DB or non-conforming application DB (S17).

  FIG. 21 shows a specific example of registration in the essential application DB. In FIG. 21, a is an essential application list in which registered essential application names are registered. Further, an example in which the installation order is registered by selecting “installation order registration processing” in FIG. When the installation order is registered in this manner, the essential application DB (72 in FIG. 2) is registered in the order (C, A, B, D) registered as shown in FIG. be registered.

  FIG. 21b shows an example of a computer-specific application-required application list. FIG. 19 shows an example of registration registered by selecting “computer-specific application registration processing”. For each computer identifier (tiger and leo), FIG. Required application to be applied is registered. FIG. 21c shows a specific example of the required application-specific application computer list, which may be either registered in the computer-specific applicable application list format shown in FIG. 21b or registered in the format c. . However, by providing both, it is possible to easily refer to the required application list for each computer and the applicable computer list for each required application. Although FIG. 21 does not show an example of registration of the nonconforming application DB, it is the same as the case of the essential application shown in FIG.

  FIG. 22 is a flowchart of detection of essential application non-installation in the computer. First, a connection to a computer system management device (simply a management device) is attempted (S1 in FIG. 22), it is determined whether it is connected to the network (S2). 23) (S3), and if it is not connected, an offline process (FIG. 24 to be described later) is performed for the essential application non-installation countermeasure (S4).

  FIG. 23 is a flowchart of online mandatory application non-installation countermeasures, which are executed on the computer side, and the computer's essential application non-installation detection means (76a in FIG. 2) is the essential application DB ( A list of essential applications is acquired from 22) in FIG. 2 (a in FIG. 23) and stored in the essential application DB (72 in FIG. 2) of the own client (S1 in FIG. 23). Next, in order to collate the installed application DB (74 in FIG. 2) with the essential application DB (72 in FIG. 2), one is extracted sequentially from the top of the essential application DB (S2 in FIG. 23). It is determined whether it is present (S3), and if it is present, it is determined whether the essential application is installed (in the installed DB) (S4). If it is installed, the process returns to Step S2 to be installed. Otherwise, it is added to the “uninstalled essential application list” (memory area not shown in the check section 76 in FIG. 2) (S5 in FIG. 23), and the process returns to S2.

  When collation for all the essential applications is completed, it is determined in step S6 whether there is an uninstalled essential application, and if there is, the “mandatory application non-installation notification screen” is displayed on the input / output unit (78 in FIG. 2). If OK is instructed, it reports that there is an indispensable application not installed in the management apparatus (S7, b in FIG. 23). The essential application non-installation notification screen is shown in FIG. Next, the “uninstalled essential application list screen” is displayed (S8 in FIG. 23). An example of the “uninstalled essential application list screen” is shown in FIG. The "uninstalled essential application list" is extracted one by one from the top (S9), and it is determined whether there is an unprocessed essential application (S10). If not, the process proceeds to S16 to be described later. "Installation instruction screen" is displayed (S11). On this screen, an “install” button is displayed. Here, it is determined whether or not the “install button” has been specified (S12 in FIG. 23), and if it is not input, the process returns to S9. Is transmitted to the management apparatus (S13, c).

  When this is received by the management apparatus and the installation program is transmitted to the computer (S20, d in FIG. 23), the computer that has received this executes the installation program (S14 in the same), and installs the installed application DB (74 in FIG. 2). Update (S15) and return to S9. If it is determined in step S6 that there is no uninstalled essential app or it is determined in step S10 that there is no unprocessed essential app, the installed app list is transmitted from the installed app DB to the management apparatus (FIG. 23). S16, e). When the management apparatus receives this, the installed application list is stored in the computer information management DB (21 in FIG. 2) (S21 in FIG. 23).

  FIG. 24 is a flowchart of a countermeasure against in-place required application non-installation, which is executed by a computer alone. In order to check the installed application DB and the required application DB at the time of starting up the computer, etc., one is sequentially extracted from the top of the required application DB (S1 in FIG. 24), and it is determined whether there is an unchecked required application (S2). If yes, return to step S1. If not, add it to the “uninstalled essential application list” (S4) and return to S1. . If there is no unverified essential app in step S2 (all collated), it is determined whether there is an uninstalled essential app (S5 in FIG. 24). If not, the process ends. Is displayed on the input / output unit (78 in FIG. 2), and when the user designates “OK” (S6 in FIG. 24), the “uninstalled essential application list screen” is displayed (S7 in FIG. 2), and the process ends. .

  Since this uninstalled essential application cannot be obtained when it is offline, it can be installed by the processing of S7 and subsequent steps in FIG. 23 when the computer is brought online. In addition, even if it is off-line, it is possible to read and install a copy on a recording medium (FD, CD, etc.) with this computer.

  FIG. 25 is a flowchart of countermeasures against incompatible applications in the computer. First, an attempt is made to connect to a computer system management device (simply a management device) (S1 in FIG. 25), whether it is connected to the network (S2), and if it is connected, online nonconforming application countermeasure processing (described later) 26 and 27) (S3), and if not connected, offline non-conforming application countermeasure offline processing (FIG. 28 described later) is performed (S4).

  There are two processing methods for online non-conforming application countermeasure processing, and the first flowchart of online non-conforming application countermeasure of FIG. 26 corresponds to the case where a non-conforming application for the essential application is set. The second flowchart of countermeasures against non-conforming apps online corresponds to the case where not only non-conforming apps for essential apps but also various types of apps inappropriate for normal operation of the organization (company) are processed as non-conforming apps.

  In FIG. 26, in the computer that is the client, the non-conforming application detection means of the computer acquires the non-conforming application list from the non-conforming application DB (23 in FIG. 2) of the management device that operates online (a in FIG. 26), and The non-conforming application DB (73 in FIG. 2) is stored (S1 in FIG. 26), and the installed application DB (74 in FIG. 2) is compared with the non-conforming application DB for each installed essential application. One application is taken out in order (S2 in FIG. 26), and it is determined whether there is an unverified installed essential application (S3). If there is a non-conforming app (S4 in FIG. 26) in order, it is determined whether there is an unmatched non-conforming app (S5). If not, the process returns to step S2, and if there is a non-conforming app is installed. If it is not installed, the process returns to S4 to be described later, and if it is installed, it is added to the installation incompatible application list (S7).

  When there is no unmatched installed essential application, the process proceeds to step S8, where it is determined whether or not a non-conforming application is installed. If it is installed, a “non-conforming application installation notification screen” (same as b in FIG. 20 above). When the user clicks OK, the non-conforming application installation is reported to the management apparatus (S9, b in FIG. 26), and the “install non-conforming application list screen” is displayed (S10). The screen is the same as in FIG. The installation incompatible application list is extracted one by one from the top (S11 in FIG. 26), and it is determined whether or not there is an unprocessed incompatible application (S12). If not, the process proceeds to step S17 described later. The “non-conforming application uninstall instruction screen” is displayed (S13), and it is determined whether the user has clicked the “Uninstall button” (S14). If not clicked, the process proceeds to step S11. If clicked, the corresponding non-conforming application is uninstalled (S15), the installed application DB is updated (S16 in FIG. 26), and the process proceeds to step S11. If it is determined that there is no unprocessed incompatible application, the installed application list is transmitted from the installed application DB to the management apparatus (S17, c). The management apparatus stores the installed application list in the installed application table (21d in FIG. 6) in the computer information management DB (21 in FIG. 2) (S20 in FIG. 26).

  In FIG. 27, in the computer that is the client, the non-conforming application detection unit of the computer acquires the non-conforming application list from the non-conforming application DB (23 in FIG. 2) of the management device that operates online, and stores it in the non-conforming application DB of its own client. (S1, a in FIG. 27). Next, in order to collate the installed application DB with the non-conforming application DB, the non-conforming application DB is sequentially extracted from the non-conforming application DB one by one (S2 in FIG. 27), and it is determined whether there is an unconfirmed non-conforming application (S3). If it is not installed, the process returns to step S2. If it is installed, it is added to the “install non-conforming application list” (S5). , S2 is returned.

  If it is found in step S3 that there is no unconfirmed non-conforming application, it is determined whether or not the non-conforming application is installed (S6 in FIG. 27). If it is not installed, the process proceeds to step S15 described later. When the “non-conforming application installation notification screen” is displayed and the user clicks OK, the non-conforming application installation is reported to one physical device (S7, b in FIG. 27). “Installation nonconforming application list screen” is displayed (S8), one by one from the top of the “Installation nonconforming application list” (S9 in FIG. 27), and it is determined whether there is any unprocessed nonconforming application (S10). If not, the process proceeds to step S15, which will be described later, and if there is, a “non-conforming application uninstall instruction screen” is displayed (S11). Here, it is determined whether or not the user has clicked the “uninstall button” (S12), and if not clicked, the process returns to S9. If clicked, uninstallation is executed (S13), and the installed application DB is updated (S13). Step S14), the process returns to step S9. When there is no unprocessed incompatible application, the installed application list is transmitted from the installed application DB to the management apparatus (S15, c). In the management apparatus, the installed application list is stored in the installed application table in the computer information management DB (S20 in FIG. 27).

  FIG. 28 is a flowchart of offline nonconforming application countermeasures. In order to check the installed application DB and the non-conforming application DB for each installed essential application while the client computer is offline, one of the installed required applications is sequentially retrieved (S1 in FIG. 28) If there is an indispensable app installed (S2), if there is, then one non-conforming app is taken out in sequence (S3), and if there is an unmatched non-conforming app (S4), if not, go to S1 Returning, if there is, it is determined whether a non-conforming application is installed (S5). If it is not installed, the process returns to S3, and if it is installed, it is added to the “install non-conforming application list” (S6).

  If it is determined in step S2 that there is no unmatched installed essential application, it is determined whether a non-conforming application is installed (S7 in FIG. 28), and if not, the process ends. When the user clicks “OK” (S8), the “Installation nonconforming application list screen” is displayed (S9). Next, it is extracted one by one from the top of the list of installed non-conforming applications (S10 in FIG. 28), and it is determined whether there is an unprocessed non-conforming application (S11 of the same). Then, it is determined whether or not the user has clicked the “uninstall button” (S13). If the user does not click, the process returns to S10. If the user clicks, the instructed uninstallation is executed (S14 in FIG. 28), and the installed application DB is updated (S15). When there is no unprocessed incompatible application in S11, the process is terminated.

  FIG. 29 is a flowchart of DB update management in the management apparatus. This processing is executed in the computer system management apparatus, and first acquires the date and time (S1 in FIG. 29), and then acquires the date and time when the essential application DB or the nonconforming application DB is updated from the management information of each DB (S2 of the same). ). It is determined whether N days (preset period) have passed since this update date and time (S3 in FIG. 29). If not, the process ends. A list of machine (computer) names is created (S4). This list is created by referring to the access log DB (21a in FIG. 2). Next, machine names are extracted one by one from the top of the computer information table (21c in FIG. 6) of the computer information management DB (21 in FIG. 2) (S5 in FIG. 29), and it is determined whether there is an unmatched machine name ( S6), if not, the process ends; if there is, it is determined whether there is a description in the updated access machine name list (this list is created in the computer information management DB in step S4) (S6) If there is a description, the process returns to S5, and if there is no description, the essential application list from the essential application DB or the nonconforming application list from the nonconforming application DB is attached to the mail and sent to the user of the machine (computer) (S8). In this S8, the essential application list or the non-conforming application list is attached to the mail and sent to the machine, but as another method, it is recorded on a portable recording medium (FD, CD, DVD, etc.) There is a method of transferring the recording medium to each computer and reproducing it.

  INDUSTRIAL APPLICABILITY The present invention is applied to a computer system in which a plurality of computers are connected by a network, in which each computer maintains and manages security against data destruction due to viruses, hackers, etc., information leakage, etc. It can be used effectively.

1 Computer system management device 2 Database 20 Device number management database (DB)
21 Computer Information Management Database (DB)
22 Required application database (DB)
23 Non-conforming application database (DB)
24 Installation program database (DB)
3 Check unit 30 User-reported program non-installation detection means 31 Essential application non-installation detection means 32 Non-conforming application detection means 33 Designated application non-installed computer list display means 4 Installation section 5 Management input / output section 6 Communication means 7 Computer 70 Installation Application storage 71 User-side reporting program 8 External connection means

Claims (5)

A computer that manages a plurality of computers provided and operated in an organization and a computer system management apparatus that manages the plurality of computers to ensure that the necessary measures are taken for the security of a computer system connected via a network;
An essential application storage means for storing application information designated and set by the organization as an essential component that must be installed in each computer constituting the system;
Means for receiving information of an application installed on each computer that is reported at startup or periodically from each of the plurality of computers and storing it as installed application information for each computer;
Means for comparing the stored installed application information of each computer with the required application information stored in the required application storage means to detect that the required application is not installed;
A means to detect and output a list of computers that do not have the required application installed;
A computer system management program that functions as means for notifying a computer in which an essential application is not installed to prompt installation of the essential application. A computer that manages a plurality of computers provided and operated in an organization and a computer system management apparatus that manages the plurality of computers to ensure that the necessary measures are taken for the security of a computer system connected via a network;
An essential application storage means for storing application information designated and set by the organization as an essential component that must be installed in each computer constituting the system;
Means for receiving information of an application installed on each computer that is reported at startup or periodically from each of the plurality of computers and storing it as installed application information for each computer;
Means for comparing the stored installed application information of each computer with the required application information stored in the required application storage means to detect that the required application is not installed;
A means to detect and output a list of computers that do not have the required application installed;
Means for notifying a computer in which the required application is not installed to prompt the installation of the required application;
A computer system management program which causes an installation means for installing the essential application to the computer. A computer that manages a plurality of computers provided and operated in an organization and a computer system management apparatus that manages the plurality of computers to ensure that the necessary measures are taken for the security of a computer system connected via a network;
An essential application storage means for storing application information designated and set by the organization as an essential component that must be installed in each computer constituting the system;
A non-conforming application database that stores information on non-conforming applications that do not conform to each of the essential applications that must be installed on each computer that constitutes the system, or that are incompatible with the normal operation of the computer system;
Means for receiving information of an application installed on each computer that is reported at startup or periodically from each of the plurality of computers and storing it as installed application information for each computer;
Means for comparing the stored installed application information of each computer with the required application information stored in the required application storage means to detect that the required application is not installed;
A means to detect and output a list of computers that do not have the required application installed;
Means for notifying a computer in which the required application is not installed to prompt the installation of the required application;
Checking that the application information of each computer stored in the installed application database and the information of each application stored in the nonconforming application database are collated and functioning as a means for detecting that the nonconforming application is installed. A computer system management program characterized by the above. Computer system management apparatus for managing a plurality of computers provided and operated in an organization and a computer system management apparatus for managing the plurality of computers to ensure that necessary measures are taken for security of a computer system connected via a network Computer,
An essential application storage means for storing application information designated and set by the organization as an essential component that must be installed in each computer constituting the system;
Means for receiving information about applications installed on each computer that is reported at startup or periodically from each of the plurality of computers and storing the information as installed application information for each computer;
Means for comparing the stored installed application information of each computer with the required application information stored in the required application storage means and detecting that the required application is not installed;
A means of detecting and outputting a list of computers that do not have the required application installed;
Means for notifying a computer in which an essential application is not installed to prompt installation of the essential application;
A computer of a computer system management apparatus for managing a computer system. Computer system for managing a computer system in which a plurality of computers provided and operated in an organization and a computer system management apparatus for managing the plurality of computers are connected by a network to ensure that necessary measures are taken for security Management method,
Store the application information designated and set by the organization as an indispensable item that must be installed on each computer constituting the system in the essential application storage means.
When receiving information on applications installed on each computer that is reported at startup or periodically from each of the plurality of computers, it is stored as installed application information for each computer,
Collating the information of the installed application of each stored computer with the information of the essential application stored in the essential application storage means to detect that the essential application is not installed,
A notice that prompts the computer that the required application is not installed to install the required application is provided.
Output a list of computers that do not have the required applications installed,
A method for managing a computer system.

Images