Applies to Kaspersky Administration Kit 8.0
One of the main functions of Kaspersky Administration Kit is centralized management of antivirus software settings. Configuration of the major part of the settings is realized via a policy for a given application. A policy created for one application will not be applied to any other applications.
The rest of protection and update settings are configured via tasks or local Kaspersky Anti-Virus interface.
A policy is assigned to an administration group and is applicable to client PCs belonging to:
- the given administration group;
- all administration subgroups within the given administration group;
- administration groups of Administration Servers which belong to the given administration group.
It is recommended to distribute client PCs in such a manner that all PCs within a group might be assigned with the same protection settings.
The policies you create are placed into the console tree node Policies of corresponding administration groups. From here you can create new policies and change the existing ones. As soon as any policy setting changes have been applied, Administration Server will attempt to connect to the Agent in order to transmit the changes to client PCs. You can view the status of applied policy changes in policy properties tab General.
Besides policies for antivirus applications, you can create policies for Administration Server and Network Agent. Agent policies serve to apply Agent settings on client PCs. Administration Server policy is needed to configure settings for slave Administration Servers.
As soon as you install Kaspersky Administration Kit, all PCs which have Administration Server component installed on them, will be automatically added to the administration group Managed computers. So if you create an Administration Server policy, it will apply to the given Servers.
It is possible to create any number of policies for one application, but only one of them may be active at a given moment of time – the one which is assigned with the status of Active policy. Additionally, it is possible to create a Mobile policy for Kaspersky Anti-Virus for Windows Workstations. Kaspersky Anti-Virus will switch to a mobile policy if it cannot establish a connection to the Administration Server for a long time (there failed attempts to synchronize Agent with Server). It is sensible to create policies of this type for groups with assigned notebooks of officers who are often on business trips.
Each parameter of a policy has a lock option. You can lock or unlock them. When a policy is created, its default parameters will be locked.
Locked parameters are enforced and cannot be changed by default:
- on the client PCs to which this policy is a applied (including all levels of subgroups and slave Administration Servers);
- in group tasks (including current and all lower levels and slave Administration Servers);
- in policies of lower-level groups and on slave Administration Servers.
Unlocked policy parameters do not apply to the objects assigned with this policy. If you unlock a parameter, its value is saved (as it was before unlocking) but becomes changeable.
Administrator may want sometimes to unassign a policy for a particular client PC or change policy settings for a subgroup.
It is only possible to unassign policies for client PCs which have one of the following applications installed:
- Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 (build 6.0.4.*);
- Kaspersky Anti-Virus 6.0 for Windows Servers MP4 (build 6.0.4.*);
- Kaspersky Anti-Virus SOS 6.0 MP4 (build 6.0.4.*).
In order to unassign a policy to a particular client PC:
- Open policy for the desired application, go to Settings tab and choose Interaction with user in the drop-down menu.
- In the section Password Protection check the option Enable password protection and click Settings.
- In the new window enter a password twice and choose the desired option in the section Scope. If the option
Selected operations is chosen, you also need to check the box Disabling Kaspersky Administration Kit policy.
- Right-click on Kaspersky Anti-Virus icon on the client PC to open, select Disable policy, enter the password and click OK.
The policy will not affect the given PC until you enable it (Enable policy in the righ-click menu of the Kaspersky Anti-Virus icon) or restart Kaspersky Anti-Virus.
There is only way you can remotely return a PC to use a policy. To do it, open properties of that PC on the tab Applications, select Kaspersky Anti-Virus, open the righ-click menu. Click Stop, then Start.
To change settings of a subgroup policy affected by a parent policy:
- Open the subgroup policy you want to change settings for, go to the tab General and click the link Advanced.
- In the new window uncheck the box Inherit settings from parent policy. Click OK twice. Within a few seconds you will be able to change parameters of this policy and of all objects it is assigned to.
When you disable the option Inherit settings from parent policy, lock status and values of the policy parameters do not change.