You may need to create several copies of a policy for different administration groups; you may also need to modify settings of these policies in a centralized way. These copies can differ by one or two settings. For example, all accountants in the organization are governed by the same policy, but senior accountants are allowed to use USB drives, and junior accountants are not allowed to. In this case, applying policies to devices solely through the administration group hierarchy might prove inconvenient.
To avoid creating several copies of the same policy, Kaspersky Security Center allows to create policy profiles. Policy profiles are necessary for devices within a single administration group to run under different policy settings.
A policy profile is a named subset of policy settings. This subset of settings is applied to devices with the policy and supplements the policy if a certain condition is fulfilled; this condition is called the profile activation condition. Profiles only contain settings that differ from the "basic" policy, which is active on the managed device. When the profile is activated, the settings of the "basic" policy governing the device are amended. Those settings take values that have been specified in the profile.