You can configure user access rights by device type or to trusted devices.
Differentiation of user access rights by device type
Device Control allows configuring user access rights to data on storage devices. For such devices, you can configure write and read permissions. Device Control supports the following types of storage devices:
Hard drives.
Removable drives (including USB flash drives)
Floppy disks.
CD/DVD drives.
Portable devices (MTP). Portable devices (MTP) include, for example, mobile devices, photo cameras, media players, and so on.
In this way you can, for example, allow using removable media only to the group of administrators. For other device types, you can deny or allow access for all users. You can also configure user access rights to use printers.
Open the Kaspersky Security Center Administration Console.
In the console tree, select Policies.
Select the necessary policy and double-click to open the policy properties.
In the policy window, select Security Controls → Device Control.
Under Device Control settings, select the Types of devices tab.
The Types of devices tab shows access rules for all devices that are included in the Device Control classification.
To configure storage device access rules, double-click to open the list of rules.
Configure the storage device access rule:
In the Access rules block, click the Add button.
This opens a window for adding a new storage device access rule.
In the Rule priority field, set the rule write priority. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.
Under Rule for users and groups, select users or groups of users. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.
Click OK.
Under Schedules for the selected access rule, configure a storage device access schedule for users.
For example, you can allow users to use storage devices only during working hours.
Configure users' access permissions to storage devices in the file manager (Read / Write).
Save your changes. To apply the policy on computers, close the padlocks .
In the main window of the Web Console, select the Assets (Devices) → Policies & profiles tab.
Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
Select the Application settings tab.
Go to Security Controls → Device Control.
In the Device Control Settings block, click the Access rules for devices and Wi-Fi networks link.
The table lists access rules for all devices that are present in the classification of the Device Control component.
In the Access To Storage Devices block, open the properties of the access rule for storage devices.
In the Configuring device access rules block, select By rules.
Configure the storage device access rule:
In the Users block, click the Add button.
This opens a window for adding a new storage device access rule.
In the Priority field, set the rule write priority. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.
Under Users, select users or groups of users. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.
Under Schedule for access to devices, configure a storage device access schedule for users.
For example, you can allow users to use storage devices only during working hours.
Configure users' access permissions to storage devices in the file manager (Read / Write).
Click OK.
Save your changes. To apply the policy on computers, close the padlocks .
In the application settings window, select Security Controls → Device Control.
In the Access settings block, click the Devices and Wi-Fi networks link.
The table lists access rules for all devices that are present in the classification of the Device Control component.
To configure storage device access rules, right-click to open the list of rules.
Configure the storage device access rule:
In the Users' rights block, click the Add button.
This opens a window for adding a new storage device access rule.
In the Priority field, set the rule write priority. A rule includes the following attributes: user account, schedule, permissions (read/write), and priority.
A rule has a specific priority. If a user has been added to multiple groups, Kaspersky Endpoint Security regulates device access based on the rule with the highest priority. Kaspersky Endpoint Security allows to assign priority from 0 to 10,000. The higher the value, the higher the priority. In other words, an entry with the value of 0 has the lowest priority.
For example, you can grant read-only permissions to the Everyone group and grant read/write permissions to the administrators group. To do so, assign a priority of 1 for the administrators group and assign a priority of 0 for the Everyone group.
The priority of a block rule is higher than the priority of an allow rule. In other words, if a user has been added to multiple groups and the priority of all rules are the same, Kaspersky Endpoint Security regulates device access based on any existing block rule.
Under Users, select users or groups of users. You can select users in Active Directory or enter a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.
Click OK.
Under Schedule for access to devices, configure a storage device access schedule for users.
For example, you can allow users to use storage devices only during working hours.
Configure users' access permissions to storage devices in the file manager (Read / Write).
Save your changes.
Differentiation of user access rights to trusted devices
Trusted devices are devices to which users that are specified in the trusted device settings have full access at all times. To work with trusted devices, you can grant access to an individual user, to a group of users, or to all users of the organization. You can configure user access rights in the properties of the trusted device.
.
.
button.