Using the KLAdmin password in Kaspersky Endpoint Security for Windows
Multiple users with different levels of computer literacy can share a computer with Kaspersky Endpoint Security for Windows installed. If users have unrestricted access to Kaspersky Endpoint Security for Windows and its settings, the overall level of computer protection may be reduced. Password protection allows you to restrict users' access to Kaspersky Endpoint Security for Windows, according to the permissions granted to them (for example, permission to exit the application).
One of the ways to restrict access to Kaspersky Endpoint Security for Windows and its parameters is to use a KLAdmin account. The KLAdmin account is an administrator account with unrestricted access to Kaspersky Endpoint Security for Windows. The KLAdmin account has the right to perform any password-protected action in Kaspersky Endpoint Security for Windows. The permissions for the KLAdmin account cannot be revoked. You can set the password for the KLAdmin account in the properties of the Kaspersky Endpoint Security for Windows policy. The Kaspersky Endpoint Security for Windows administrator is fully responsible for the safe use of the password for the KLAdmin account. If your organization has its own password policy, follow the instructions of that policy.
Our recommendations for protecting the organization from theft of the KLAdmin password are as follows:
Do not use the account name or part of the name as the password.
Create a password that is at least 10 characters in length.
Set a complex password that contains characters from different categories: lowercase and uppercase letters, numbers, and special characters.
Set a minimum password expiration date of 90 days. A new password must not match any of the last 24 passwords.