Configuration Manager 中资产智能的安全和隐私Security and privacy for Asset Intelligence in Configuration Manager

适用范围: Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

本主题包括有关 Configuration Manager 中资产智能的安全和隐私的信息。This topic contains security and privacy information for Asset Intelligence in Configuration Manager.

资产智能安全最佳方案Security best practices for Asset Intelligence

在使用资产智能时,请使用以下安全最佳方案。Use the following security best practices for when you use Asset Intelligence.

最佳安全方案Security best practice 更多信息More information
导入许可证文件(Microsoft 批量许可文件或常规许可声明文件)时,请确保文件和通信通道的安全。When you import a license file (Microsoft Volume Licensing file or a General License Statement file), secure the file and communication channel. 在导入过程中,使用 NTFS 文件系统权限来确保只有经授权的用户可以访问许可证文件,并在将数据传输到站点服务器时使用服务器消息块 (SMB) 签名来确保其完整性。Use NTFS file system permissions to ensure that only authorized users can access the license files and use Server Message Block (SMB) signing to ensure the integrity of the data when it is transferred to the site server during the import process.
使用最低权限的原则导入许可证文件。Use the principle of least permissions to import the license files. 使用基于角色的管理来向导入许可证文件的管理用户授予管理资产智能权限。Use role-based administration to grant the Manage Asset Intelligence permission to the administrative user who imports license files. 资产管理员的内置角色包括此权限。The built-in role of Asset Manager includes this permission.

资产智能的隐私信息Privacy information for Asset Intelligence

资产智能扩展 Configuration Manager 的清单功能,帮助提供更高级别的企业资产可见性。Asset Intelligence extends the inventory capabilities of Configuration Manager to provide a higher level of asset visibility in the enterprise. 不会自动启用资产智能信息收集。Asset Intelligence information collection is not automatically enabled. 你可以通过启用硬件清单报表类来修改所收集信息的类型。You can modify the type of information collected by enabling hardware inventory reporting classes. 有关详细信息,请参阅配置资产智能For more information, see Configuring Asset Intelligence.

资产智能信息按照与清单信息相同的方式存储在 Configuration Manager 数据库中。Asset Intelligence information is stored in the Configuration Manager database in the same manner as inventory information. 当客户端使用 HTTPS 连接到管理点时,在传输到管理点的过程中始终加密数据。When clients connect to management points by using HTTPS, the data is always encrypted during transfer to the management point. 当客户端使用 HTTP 连接时,可以配置对清单数据传输进行签名和加密。When clients connect by using HTTP, you can configure the inventory data transfer to be signed and encrypted. 清单数据不会以加密格式存储在数据库中。Inventory data is not stored in encrypted format in the database. 信息将保留在数据库中,直到被每 90 天一次的站点维护任务“删除过期的清单历史记录” 删除。Information is retained in the database, until the site maintenance task Delete Aged Inventory History deletes it in intervals of every 90 days. 可以配置删除间隔。You can configure the deletion interval.

资产智能不会向 Microsoft 发送关于用户和计算机或许可证使用的信息。Asset Intelligence does not send information about users and computers or license usage to Microsoft. 你可以选择发送 System Center Online 分类请求,这意味着你可以标记一个或多个未分类的软件标题,将它们发送给 System Center Online 进行研究和分类。You can choose to send System Center Online requests for categorization, which means that you can tag one or more software titles that are uncategorized and send them to System Center Online for research and categorization. 在上载软件标题后,Microsoft 研究人员会进行识别、分类,然后将此信息提供给使用在线服务的所有客户。After a software title is uploaded, Microsoft researchers identify, categorize, and then make that knowledge available to all customers who use the on-line service. 您应该注意下列有关向 System Center Online 提交信息的隐私隐患:You should be aware of the following privacy implications of submitting information to System Center Online:

  • 上载只适用于您可以选择向 System Center Online 发送的一般软件标题信息(名称、发布者等)。Upload applies only to generic software title information (name, publisher, and so on) that you choose to send to System Center Online. 清单信息不通过上载发送。Inventory information is not sent with an upload.

  • 上载决不会自动发生,系统并不打算自动进行此任务。Upload never occurs automatically, and the system is not designed for this task to be automated. 你必须手动选择并批准上载每个软件标题。You must manually select and approve the upload of each software title.

  • 在上载过程开始之前,将会出现一个对话框,向你显示将上载的确切数据。A dialog box shows you exactly what data is going to be uploaded, before the upload process starts.

  • 许可证信息不会发送到 Microsoft。License information is not sent to Microsoft. 许可证信息存储在 Configuration Manager 数据库的一个独立区域,不能将其发送给 Microsoft。The license information is stored in a separate area of the Configuration Manager database, and it cannot be sent to Microsoft.

  • 上载的任何软件标题都会变为公用,表现为指定的应用程序及其分类的信息将成为 System Center Online 资产智能目录的一部分,之后会下载到该目录的其他用户。Any software title that is uploaded becomes public, in the sense that the knowledge of that given application and its categorization become part of the System Center Online Asset Intelligence catalog, and then is downloaded to other consumers of the catalog.

  • 软件标题的来源不会记录在资产智能目录中,也不会提供给其他客户。The source of the software title is not recorded in the Asset Intelligence catalog, and it is not made available to other customers. 但是,你仍必须验证以确保没有加载包含任何隐私信息的任何应用程序标题。However, you must still verify that you do not load any application titles that contain any private information.

  • 无法取消上载的数据。Uploaded data cannot be recalled.

    在配置资产智能数据收集以及确定是否将信息提交给 System Center Online 之前,请考虑组织的隐私要求。Before you configure Asset Intelligence data collection and decide whether to submit information to System Center Online, consider the privacy requirements of your organization.