Configuring access permissions

To configure access permissions for a device or class of devices described in a Device Control rule:

1. Go to the Device Control settings in the policy that you want to configure.
   1. In the main window of the Kaspersky Security Center Web Console, select Devices → Policies & profiles.
   2. Click the policy name you want to configure.
   3. In the <Policy name> window that opens, select the Application settings tab.
   4. Select the Local activity control section.
   5. Under Device Control, click Settings.

      The Device Control window opens.

2. Open the Rules tab.
3. Select the check box next to the name of the device control rule you want to configure access permissions for.
4. Click the Edit button.
5. In the Rule properties window that opens, click Configure access rules under the Access rights for user or user group field.

   Access permissions cannot be configured in Device Control rules created for Bluetooth devices, USB keyboards, and USB mice, as well as in all Device Control rules created for computers running Windows XP or Windows Server 2003 operating systems. These rules allow full access by all users by default.

   The Setting access rights window opens.

6. Add rules for accessing the device:
   1. Click the Add button.
   2. In the User or user group access rights window that opens, click Configure access rules.
   3. In the window that opens, select a user or group and click OK.
   4. In the Access rights drop-down list, select a level of access to the device:
      • Full control. All operations on the device contents are allowed.
      • Read. You can view files and folders, and run files stored on the device.
   5. Click the OK button.
   6. Repeat steps a through e to add the next device access rule.
   7. Click OK in the Setting access rights window.
7. Rules for accessing the device will be displayed in the Access rights for user or user group field.
8. Click the OK button.

The configured access permissions for a device or a class of devices described in the Device Control rule will be saved.

After applying the modified Kaspersky Security Center policy, access to devices is provided as follows.

• If a user or group has been granted full access in the Device Control rule settings, they can perform any action on files once the device is connected.
• If a user or group has been granted read access in the Device Control rule settings, they can view files and folders, and open files once the device is connected.
• If a user or group has no specific access rules set in the Device Control rule settings, they will be able to see the device in File Explorer after connecting it, but they will not be able to view its contents.
• If a user or group has its access permissions defined across multiple access rules, the most permissive device access rule will be applied.

To control access to SD card readers connected to the PCI bus after applying a Kaspersky Security Center policy, either restart your computer or remove and re-connect the device for the changes to take effect.

Page top