Managing Authentication Agent accounts

Authentication Agent is needed for working with drives that are protected using Kaspersky Disk Encryption (FDE) technology. Before the operating system is loaded, the user needs to complete authentication with the Agent. The Manage Authentication Agent accounts task is designed for configuring user authentication settings. You can use local tasks for individual computers as well as group tasks for computers from separate administration groups or a selection of computers.

You cannot configure a schedule for starting the Manage Authentication Agent accounts task. It is also impossible to forcibly stop a task.

How to create the Manage Authentication Agent accounts task in the Administration Console (MMC)

How to create the Manage Authentication Agent accounts task in the Web Console

To add an Authentication Agent account, you need to add a special command to the Manage Authentication Agent accounts task. It is convenient to use a group task, for example, to add an administrator account to all computers.

Kaspersky Endpoint Security allows you to automatically create Authentication Agent accounts before encrypting a drive. You can enable automatic creation of Authentication Agent accounts in the Full Disk Encryption policy settings. You can also use Single Sign-On (SSO) technology.

How to add an Authentication Agent account through the Administration Console (MMC)

How to add an Authentication Agent account through the Web Console

To change the password and other settings of the Authentication Agent account, you need to add a special command to the Manage Authentication Agent accounts task. It is convenient to use a group task, for example, to replace the administrator token certificate on all computers.

How to change the Authentication Agent account through the Administration Console (MMC)

How to change the Authentication Agent account through the Web Console

To delete an Authentication Agent account, you need to add a special command to the Manage Authentication Agent accounts task. It is convenient to use a group task, for example, to delete the account of a dismissed employee.

How to delete an Authentication Agent account through the Administration Console (MMC)

How to delete an Authentication Agent account through the Web Console

To view the list of users who can complete authentication with the Agent and load the operating system, you need to go to the properties of the managed computer.

How to view the list of Authentication Agent accounts through the Administration Console (MMC)

How to view a list of Authentication Agent accounts through the Web Console

Page top