Providing access to a blocked device consists of the following steps:
The user of the protected virtual machine requests access to the device. For this purpose the user creates a file with an access key to the device and transfers this file to the administrator.
The administrator creates a file with an access code to the device and transfers this file to the user.
The user of the protected virtual machine activates the access code.
The user of a protected virtual machine can request and obtain temporary access to a blocked device from the local interface of Light Agent for Windows by using one of the following two methods:
Temporary access to a device from the local interface can be obtained only if the virtual machine is managed by a policy and the Allow request for temporary access check box is selected in the policy properties within Device Control settings.
To request access to a blocked device:
On the protected virtual machine, open the Request access to device window in one of the following ways:
On the Protection and Control tab of the main application window:
On the protected virtual machine, open the main application window and select the Protection and Control tab.
Open the Endpoint control section.
Open the context menu of the Device Control line and select Access to device.
In the left part of the window, in the Endpoint control section, select Device Control.
In the right part of the window, click the Request access button.
From the list of connected devices, select a device to which you want to gain access.
Click the Get access key button.
In the Receive device access key window that opens, in the Access duration field, specify the time interval for which you want to have access to the device.
Click the Save button.
The standard Save access key window of Microsoft Windows opens.
Select the folder in which you want to save a file with a device access key, and click the Save button.
Pass the device access key file to the LAN administrator.
After receiving the request, the organization LAN administrator creates a file with the access code to the device.
To create an access code for a blocked device:
Open Kaspersky Security Center Administration Console.
In the Managed devices folder of the console tree, select the folder with the name of the administration group that contains the virtual machine whose user needs to be granted access to the device.
In the workspace, select the Devices tab.
In the list, select the virtual machine, open the context menu, and select Access to devices and data in offline mode.
In the Granting access to devices and data in offline mode window that opens, use the Browse button to select the file with the device access key received from the user of the protected virtual machine.
Information about the blocked device to which the user has requested access will be displayed.
If necessary, modify the device access settings and save the access code for the device.
Pass the file with the access code to the blocked device to the user of the protected virtual machine.
After receiving the file with the access code from the organization LAN administrator, the user of the protected virtual machine activates the access code.
To activate access to a blocked device:
On the protected virtual machine, open the Request access to device window on the Protection and Control tab of the main application window or in the application settings window.
In the Request access to device window, select the device to which you want to gain access in the list of connected devices and click the Activate access code button.
The standard Open access key window in Microsoft Windows opens.
Select the file with the device access code that was received from the administrator, and click the Open button.
The Activating the access code for the device window opens and displays information about the provided access.
In the Activating the access code for the device window, click OK.
The time period for which access to the device is granted may differ from the amount of time that you requested. Access to the device is granted for the time period that the LAN administrator specifies when generating the device access code.