Kaspersky Security Center allows you to tag devices. A tag is the ID of a device that can be used for grouping, describing, or finding devices. Tags assigned to devices can be used for creating selections, for finding devices, and for distributing devices among administration groups.
You can tag devices manually or automatically. Tag a device manually in the device properties; you may use manual tagging when you have to tag an individual device. Auto-tagging is performed by Administration Server in accordance with the specified tagging rules.
In the properties of an Administration Server, you can set up auto-tagging for devices managed by this Administration Server. Devices are tagged automatically when specified rules are met. An individual rule corresponds to each tag. Rules are applied to the network properties of the device, operating system, applications installed on the device, and other device properties. For example, you can set up a rule that will assign the Win tag to all devices running Windows. Then, you can use this tag when creating a device selection; this will help you sort out all devices running Windows, and assign them a task.
You can also use tags as conditions of policy profile activation on a managed device in order to apply specific policy profiles only on devices with specific tags. For example, if a device tagged as Courier appears in the Users administration group and if activation of the corresponding policy profile by the Courier tag has been enabled, then the policy created for the Users group will not be applied to this device—but the profile of the policy profile will be applied. The policy profile can allow this device to start some applications that have been blocked from running by the policy.
You can create multiple tagging rules. A single device can be assigned multiple tags if you have created multiple tagging rules and if the respective conditions of these rules are met simultaneously. You can view the list of all assigned tags in the device properties. Each tagging rule can be enabled or disabled. If a rule is enabled, it is applied to devices managed by Administration Server. If you are not using a rule currently but may need it in the future, you do not have to remove it; you can simply clear the Enable rule check box instead. In this case, the rule is disabled; it will not be executed until the Enable rule check box is selected again. You may need to disable a rule without removing it if you have to exclude the rule from the list of tagging rules temporarily and then include it again.