About restricting access to Kaspersky Endpoint Security

The implementation of password protection functionality has changed in Kaspersky Endpoint Security 11.1.0 and later versions. In Kaspersky Endpoint Security 11.1.0, you can restrict access to the application for individual users and you are not required to use one account. When upgrading from previous versions of the application, Kaspersky Endpoint Security saves the previously set password if password protection is enabled. When you modify the password protection settings for the first time, use the user name KLAdmin and your previously set password.

Multiple users with different levels of computer literacy can share a computer. If users have unrestricted access to Kaspersky Endpoint Security and its settings, the overall level of computer protection may be reduced. Password protection lets you restrict users' access to Kaspersky Endpoint Security according to the permissions granted to them (for example, permission to exit the application).

Password protection allows you to access the application in the following ways:

When a user attempts to perform a password-protected action, Kaspersky Endpoint Security prompts the user to enter a user name and password or a temporary password (see the figure below).

KES11_Pass_Protect_Notification

Password prompt for accessing Kaspersky Endpoint Security

User name and password

To access Kaspersky Endpoint Security, you must enter your domain account credentials. Password protection supports the following accounts:

Temporary password

A temporary password can be used to grant temporary access to Kaspersky Endpoint Security for an individual computer outside the corporate network. The Administrator generates a temporary password for an individual computer in the computer properties in Kaspersky Security Center. The Administrator selects the actions that will be protected with the temporary password, and specifies the temporary password's validity period.

Password Protection Algorithm

Kaspersky Endpoint Security decides whether to allow or block a password-protected action based on the following algorithm (see the figure below).

KES11_Pass_Protect_Algorithm

Password Protection Algorithm

Page top