Creating and configuring policies
This section provides information on using Kaspersky Security Center policies for managing Kaspersky Industrial CyberSecurity for Nodes on several protected devices.
Global Kaspersky Security Center policies can be created to manage protection on several devices where Kaspersky Industrial CyberSecurity for Nodes is installed.
A policy enforces the Kaspersky Industrial CyberSecurity for Nodes settings, functions and specified tasks on all the protected devices for one administration group.
Several policies for one administration group can be created and enforced in turns. The policy currently active for a group has active status in the Administration Console.
Information on policy enforcement is logged in the Kaspersky Industrial CyberSecurity for Nodes system audit log. This information can be viewed in the Application Console in the System audit log node.
Kaspersky Security Center offers one way to apply policies on protected devices: Prohibit changing the settings. After a policy has been applied, Kaspersky Industrial CyberSecurity for Nodes uses the values of settings for which you have selected the 
icon in the policy properties on protected devices. In this case, Kaspersky Industrial CyberSecurity for Nodes does not use the values of settings in effect before the policy was applied. Kaspersky Industrial CyberSecurity for Nodes does not apply the values of active policy settings for which the 
icon is selected in the policy properties.
If a policy is active, the values of settings marked with the icon in the policy are displayed in the Application Console but cannot be edited. The values of other settings (marked with the icon in the policy) can be edited in the Application Console.
The settings configured in the active policy and marked with the icon also block changes in Kaspersky Security Center for one protected device in the Properties: <Protected device name> window.
Settings that are specified and sent to the protected device using an active policy are saved in the local task settings after the active policy is disabled.
If the policy defines the settings for a Real-Time Computer Protection task, and if such a task is currently running, then any settings defined by the policy will be modified as soon as the policy is applied. If the task is not running, the settings are applied when it starts.