Managing policies in the Web Console
A policy is a collection of application settings that are specified for an administration group. You can use policies to apply identical Kaspersky Endpoint Security settings to all client computers within an administration group. A policy does not define all application settings.
Multiple policies with different values of the settings can be configured for a single application. However, there can be only one active policy for an application within an administration group at a time. When you create a new policy, all other policies within an administration group become inactive. You can change the policy status later.
Policies have a hierarchy, similarly to administration groups. By default, a child policy inherits the settings from the parent policy. A child policy is a policy of a nested hierarchy level, that is, a policy for nested administration groups and secondary Administration Servers. You can enable inheritance of the settings from the parent policy.
You can locally modify the values of the settings specified by the policy for individual computers within the administration group, if modification of these settings is not prohibited by the policy.
Each policy setting has a "lock" attribute that indicates whether child policy settings and local application settings can be modified. The "lock" status of a setting within a policy determines whether or not an application setting on a client computer can be edited:
- When a setting is "locked" (
), you cannot edit the setting locally. The setting value specified by the policy is used for all client computers within the administration group. - When a setting is "unlocked" (
), you can edit the setting locally. A locally configured setting is applied to all client computers within the administration group. The policy-configured setting is not applied.
The "lock" attribute applies for a child policy only if inheritance of the parent policy settings is enabled for the child policy.
After the policy is applied for the first time, local application settings change in accordance with the policy settings.
You can perform the following operations with a policy:
- Create a policy.
- Edit policy settings.
If the user account under which you accessed the Administration Server does not have rights to edit settings of certain functional scopes, the settings of these functional scopes are not available for editing. Configuration of some settings is not supported in the KESL container.
- Delete a policy.
- Change the policy status.
For more detail about policies, refer to Kaspersky Security Center documentation.