This section provides information on using Kaspersky Security Center policies for managing Kaspersky Security for Windows Server on several protected devices.
Global Kaspersky Security Center policies can be created to manage protection on several devices where Kaspersky Security for Windows Server is installed.
A policy enforces the Kaspersky Security for Windows Server settings, functions and specified tasks on all the protected devices for one administration group.
Several policies for one administration group can be created and enforced in turns. The policy currently active for a group has active status in the Administration Console.
Information on policy enforcement is logged in the Kaspersky Security for Windows Server system audit log. This information can be viewed in the Application Console in the System audit log node.
Kaspersky Security Center offers one way to apply policies on protected devices: Prohibit changing the settings. After a policy has been applied, Kaspersky Security for Windows Server uses the values of settings for which you have selected the icon in the policy properties on protected devices. In this case, Kaspersky Security for Windows Server does not use the values of settings in effect before the policy was applied. Kaspersky Security for Windows Server does not apply the values of active policy settings for which the icon is selected in the policy properties.
If a policy is active, the values of settings marked with the icon in the policy are displayed in the Application Console but cannot be edited. The values of other settings (marked with the icon in the policy) can be edited in the Application Console.
The settings configured in the active policy and marked with the icon also block changes in Kaspersky Security Center for one protected device in the Properties: <Protected device name> window.
Settings that are specified and sent to the protected device using an active policy are saved in the local task settings after the active policy is disabled.
If the policy defines the settings for a Real-Time Server Protection task or Network Attached Storage Protection task, and if such a task is currently running, then any settings defined by the policy will be modified as soon as the policy is applied. If the task is not running, the settings are applied when it starts.