Field of the Invention
The present invention relates to an information processing apparatus that distributes settings compliant with a security policy and a control method therefor, an image processing apparatus and a control method therefor, an information processing system and a control method therefor, and a storage medium.
Description of the Related Art
It is desirable that personal computers (hereinafter abbreviated as “PCs”) and server apparatuses, such as a file server and an authentication server, which are connected to a network in an office or the like are operated in compliance with an information security policy defined on an office basis.
The information security policy is a basic policy concerning the information security of an entire company, and is a collection of policies as to the use of information and prevention of invasion from external apparatuses and leakage of information. The security policy is developed, for example, by an administrator in charge of security.
The apparatuses connected to the network in an office include not only the PCs and the server apparatuses but also peripheral apparatuses, such as image processing apparatuses. Recent image processing apparatuses come to not only simply print or transmit images, but also store image data and provide a file service function for the PCs, to thereby play the same roles as played by other server apparatuses existing on the network.
Further, application development environments for recent image processing apparatuses are made open to the public, and similarly to the cases of PCs and the like, applications developed by third parties are made available.
To maintain a safe and secure office environment, the image processing apparatus are requested to be operated in compliance with the information security policy, similarly to the PCs and server apparatuses. What is meant by “being compliant with an information security policy” is that an image processing apparatus in an office complies with restrictions imposed on operation thereof in view of security so as to prevent unauthorized use thereof or leakage of information, e.g. by making user authentication absolutely necessary before the image processing apparatus is operated by a user.
To make users compliant with the information security policy, there is envisaged, for example, a method of distributing settings dependent on an operating system (OS) to PCs and server apparatuses. According to this method, the operation settings of functions provided by the OS are distributed to the PCs and server apparatuses, and the use of the functions is restricted, whereby each user is caused to be compliant with the information security policy.
In the case of PCs and the server apparatuses, the OS provides basic functions to which the information security policy is to be applied, such as an authentication function, and hence by properly configuring the settings of the OS, it is possible to make the PCs and the server apparatuses compliant with the information security policy.
On the other hand, some image processing apparatuses cannot be made compliant with the information security policy by the same method as employed in the PCs and the sever apparatuses. For example, in the case of image processing apparatuses, basic functions to which the information security policy is applied are provided by an application installed therein. In this case, to make the image processing apparatuses compliant with the security policy, distribution of the settings of the OS is not enough, but it is necessary to properly configure the settings of the application.
In relation to this, there has been disclosed a unit configured to process data before transmission according to a function equipped in an apparatus at a transmission destination and then transmit the data to the apparatus (see e.g. Japanese Patent No. 3969467). In this technique, first, when some data is to be transmitted, the transmission unit inquires about processing which can be executed by the apparatus at the transmission destination. Next, the transmission unit processes the data into a form processable by the apparatus at the transmission destination, and then transmits the processed data.
By using this technique, values of settings of the application are changed such that the operation of the application becomes compliant with the information security policy, and then the values of the settings are transmitted to the application, whereby it is possible to make the application compliant with the information security policy.
However, in checking an application in advance which will be stopped by distribution of the settings compliant with the information security policy, the administrator is required to compare between the settings supported by the application and the settings to be distributed. This causes a problem of more time and effort to be expended as the number of image processing apparatuses is larger.
Further, the same problem is also caused in a case where an application which cannot comply with the distributed settings is made compliant by updating the application. More specifically, the administrator is required to check existence of an updated version of the application, and a security policy item with which the application is made compliant by updating the application, and then compare settings to which the updated application can be set and the settings to be distributed. This also causes the problem of more time and effort to be expended as the number of image processing apparatuses is larger.