Asset Intelligence Security Best Practices and Privacy Information
Updated: October 1, 2009
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
|The information in this topic applies only to Configuration Manager 2007 SP1 and later.|
Asset Intelligence extends the inventory capabilities of Microsoft System Center Configuration Manager 2007 to provide a higher level of asset visibility in the enterprise. If you perform a new installation of Configuration Manager 2007, Asset Intelligence information collection is not enabled, by default. When a Systems Management Server 2003 SP3 site with the Asset Intelligence feature already installed and enabled is upgraded to Configuration Manager 2007 , Asset Intelligence data collection will remain enabled. You can modify the type of information collected. For more information, see How to Enable Asset Intelligence in the Configuration Manager Documentation Library.
Asset Intelligence information is stored in the site database in the same manner as inventory information. In native mode, the data is always encrypted during transfer to the management point, and in mixed mode, you have the option of encrypting inventory data transfer between the client and the management point. Inventory data is not stored in encrypted form in the database. Information is retained in the database until deleted by the site maintenance tasks Delete Aged Inventory History every 90 days. You can configure the deletion interval.
In Configuration Manager 2007, Asset Intelligence information is not sent back to Microsoft. In Configuration Manager 2007 SP1 or later, you can choose to send System Center Online requests for categorization, which means that you can tag one or more software titles which are uncategorized and send them to System Center Online for research and categorization. After a software title is uploaded, Microsoft researchers identify, categorize, and then make that knowledge available to all customers utilizing the on-line service. You should be aware of the following privacy implications of submitting information to System Center Online:
Upload applies only to generic software title information (name, publisher, and so on) that you choose to send to System Center Online. Inventory information is not sent with an upload.
Upload never happens automatically, and the system was not designed for this task to be automated—you must manually select and approve the upload of each software title.
A dialog box will show you exactly what data is going to be uploaded, prior to the actual upload process.
License information is not sent to Microsoft. The license information is stored in a separate area of the database, and there is no way to send it to Microsoft.
Any software title that is uploaded becomes public, in the sense that the knowledge of that given application and its categorization become part of the System Center Online catalog, and will then be downloaded to other consumers of the catalog.
The source of the software title is not recorded in the catalog and is not made available to other customers. However, you still need to verify that you do not load any application titles that contain any private information.
Uploaded data cannot be recalled.
Before configuring Asset Intelligence data collection and deciding whether or not to submit information to System Center Online, consider your privacy requirements.
For additional information, see Configuration Manager 2007 Information and Support.
To contact the documentation team, email SMSdocs@microsoft.com.