Conditions for a device moving rule
Expand all | Collapse all
When you create or copy a rule to move client devices to administration groups, on the Rule conditions tab you set conditions for moving the devices. To determine which devices to move, you can use the following criteria:
- Tags assigned to client devices.
- Network parameters. For example, you can move devices with IP addresses from a specified range.
- Managed applications installed on client devices, for instance, Network Agent or Administration Server.
- Virtual machines, which are the client devices.
Below, you can find the description on how to specify this information in a device moving rule.
If you specify several conditions in the rule, the AND logical operator works and all the conditions apply at the same time. If you do not select any options or keep some fields blank, such conditions do not apply.
Tags tab
On this tab, you can configure a device moving rule based on device tags that were previously added to the descriptions of client devices. To do this, select the required tags. Also, you can enable the following options:
- Apply to devices without the specified tags
If this option is enabled, all devices with the specified tags are excluded from a device moving rule. If this option is disabled, the device moving rule applies to devices with all the selected tags.
By default, this option is disabled.
- Apply if at least one specified tag matches
If this option is enabled, a device moving rule applies to client devices with at least one of the selected tags. If this option is disabled, the device moving rule applies to devices with all the selected tags.
By default, this option is disabled.
Network tab
On this tab, you can specify the network data of devices that a device moving rule considers:
- DNS name of the device
DNS domain name of the client device that you want to move. Fill this field if your network includes a DNS server.
If case sensitive collation is set for the database that you use for Kaspersky Security Center Linux, keep case when you specify a device DNS name. Otherwise, the device moving rule will not work.
- DNS domain
A device moving rule applies to all devices included in the specified main DNS suffix. Fill this field if your network includes a DNS server.
- IP range
If this option is enabled, you can enter the initial and final IP addresses of the IP range in which the relevant devices must be included.
By default, this option is disabled.
- IP address for connection to Administration Server
If this option is enabled, you can set the IP addresses by which client devices are connected to Administration Server. To do this, specify the IP range that includes all necessary IP addresses.
By default, this option is disabled.
- Connection profile changed
Select one of the following values:
- Yes. A device moving rule only applies to client devices with a changed connection profile.
- No. The device moving rule only applies to the client devices whose connection profile has not changed.
- No value is selected. The condition does not apply.
- Managed by a different Administration Server
Select one of the following values:
- Yes. A device moving rule only applies to client devices managed by other Administration Servers. These Servers are different from the Server on which you configure the device moving rule.
- No. The device moving rule only applies to client devices managed by the current Administration Server.
- No value is selected. The condition does not apply.
Device owner tab
On this tab, you can configure a device moving rule based on the device owner, security group membership, and role:
Applications tab
On this tab, you can configure a device moving rule based on the managed applications and operating systems installed on client devices:
- Network Agent is installed
Select one of the following values:
- Yes. A device moving rule only applies to client devices with Network Agent installed.
- No. The device moving rule only applies to client devices on which Network Agent is not installed.
- No value is selected. The condition does not apply.
- Applications
Specify what managed applications should be installed on client devices, so a device moving rule applies to these devices. For example, you can select Kaspersky Security Center 15 Network Agent or Kaspersky Security Center 15 Administration Server.
If you do not select any managed application, the condition does not apply.
- Operating system version
You can cull client devices based on the operating system version. For this purpose, specify operating systems that should be installed on the client devices. As a result, a device moving rule applies to the client devices with the selected operating systems.
If you do not enable this option, the condition does not apply. By default, the option is disabled.
- Operating system bit size
You can cull client devices by the operating system bit sizes. In the Operating system bit size field, you can select one of the following values:
To check the operating system bit size of the client devices:
- In the main menu, go to the Assets (Devices) → Managed devices section.
- Click the Columns settings button () on the right.
- Select the Operating system bit size option, and then click the Save button.
After that, the operating system bit size is displayed for every managed device.
- Operating system service pack version
In this field, you can specify the package version of the operating system (in the X.Y format), which will determine how the moving rule is applied to the device. By default, no version value is specified.
- User certificate
Select one of the following values:
- Installed. A device moving rule only applies to mobile devices with a mobile certificate.
- Not installed. The device moving rule only applies to mobile devices without a mobile certificate.
- No value is selected. The condition does not apply.
- Operating system build
This setting is applicable to Windows operating systems only.
You can specify whether the selected operating system must have an equal, earlier, or later build number. You can also configure a device moving rule for all build numbers except the specified one.
- Operating system release number
This setting is applicable to Windows operating systems only.
You can specify whether the selected operating system must have an equal, earlier, or later release number. You can also configure a device moving rule for all release numbers except the specified one.
Virtual machines tab
On this tab, you can configure a device moving rule according to whether client devices are virtual machines or part of a virtual desktop infrastructure (VDI):
- This is a virtual machine
In the drop-down list, you can select one of the following:
- N/A. The condition does not apply.
- No. Move devices that are not virtual machines.
- Yes. Move devices that are virtual machines.
- Virtual machine type
- Part of Virtual Desktop Infrastructure
In the drop-down list, you can select one of the following:
- N/A. The condition does not apply.
- No. Move devices that are not part of VDI.
- Yes. Move devices that are part of VDI.
Domain controller tab
On this tab, you can specify that it is necessary to move devices included in the domain organizational unit. You can also move devices from all child organizational units of the specified domain organizational unit:
- Device is included in the following organizational unit
If this option is enabled, a device moving rule applies to devices from the domain controller organizational unit specified in the list under the option.
By default, this option is disabled.
- Include child organizational units
If this option is enabled, the selection includes devices from all child organizational units of the specified domain controller organizational unit.
By default, this option is disabled.
- Move devices from child units to corresponding subgroups
- Create subgroups corresponding to containers of newly detected devices
- Delete subgroups that are not present in the domain
- Device is included in the following domain security group
If this option is enabled, a device moving rule applies to devices from the domain security group specified in the list under the option.
By default, this option is disabled.
Page top