Select the Activation rules section, and click the Add button.
The New policy profile activation rule wizard starts.
In the Policy profile activation rules window, select the check boxes next to the conditions that must affect activation of the policy profile that you are creating:
Select this check box to set up policy profile activation rules on the device depending on the status of the device offline mode, rule for connection to Administration Server, and tags assigned to the device.
Select this check box to set up rules for policy profile activation on the device depending on the presence of the device in an Active Directory organizational unit (OU), or on membership of the device (or its owner) in an Active Directory security group.
Select this check box to set up rules for policy profile activation on the device depending on the memory volume and the number of logical processors.
The number of additional pages of the wizard depends on the settings that you select at the first step. You can modify policy profile activation rules later.
In the General conditions window, specify the following settings:
In the Device is offline field, in the drop-down list specify the condition for device presence on the network:
In the The device is in the specified network location box, use the drop-down lists to set up the policy profile activation if the Administration Server connection rule is executed / not executed on this device:
Network location description of the device for connection to the Administration Server, whose conditions must be met (or must not be met) for activation of the policy profile.
A network location description of devices for connection to an Administration Server can be created or configured in a Network Agent switching rule.
The General conditions window is displayed if the General rules for policy profile activation check box is selected.
In the Conditions using tags window, specify the following settings:
In the list of tags, specify the rule for device inclusion in the policy profile by selecting the check boxes next to the relevant tags.
You can add new tags to the list by entering them in the field over the list and clicking the Add button.
The policy profile includes devices with descriptions containing all the selected tags. If check boxes are cleared, the criterion is not applied. By default, these check boxes are cleared.
Enable this option if you have to invert your selection of tags.
If this option is enabled, the policy profile includes devices with descriptions that contain none of the selected tags. If this option is disabled, the criterion is not applied.
By default, this option is disabled.
The Conditions using tags window is displayed if the General rules for policy profile activation check box is selected.
In the Conditions using Active Directory window, specify the following settings:
If this option is enabled, the policy profile is activated on the device whose owner is a member of the specified security group. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
If this option is enabled, the policy profile is activated on the device. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
If this option is enabled, the policy profile is activated on the device which is included in the specified Active Directory organizational unit (OU). If this option is disabled, the profile activation criterion is not applied.
By default, this option is disabled.
The Conditions using Active Directory window is displayed if the Rules for Active Directory usage check box is selected.
In the Conditions using the device owner window, specify the following settings:
Enable this option to configure and enable the rule for profile activation on the device according to its owner. In the drop-down list under the check box, you can select a criterion for the profile activation:
The device belongs to the specified owner ("=" sign).
The device does not belong to the specified owner ("#" sign).
If this option is enabled, the profile is activated on the device in accordance with the criterion configured. You can specify the device owner when the option is enabled. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
Enable this option to configure and enable the rule of profile activation on the device by the owner's membership in an internal security group of Kaspersky Security Center. In the drop-down list under the check box, you can select a criterion for the profile activation:
The device owner is a member of the specified security group ("=" sign).
The device owner is not a member of the specified security group ("#" sign).
If this option is enabled, the profile is activated on the device in accordance with the criterion configured. You can specify a security group of Kaspersky Security Center. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
Select this option to configure and enable the rule of profile activation on the device depending on the owner's role. Add the role manually from the list of existing roles.
If this option is enabled, the profile is activated on the device in accordance with the criterion configured.
The Conditions using the device owner window is displayed if the Rules for a specific device owner check box is selected.
In the Conditions using equipment specifications window, specify the following settings:
Enable this option to configure and enable the rule of profile activation on the device by the RAM volume available on that device. In the drop-down list under the check box, you can select a criterion for the profile activation:
The device RAM size is less than the specified value ("<" sign).
The device RAM size is greater than the specified value (">" sign).
If this option is enabled, the profile is activated on the device in accordance with the criterion configured. You can specify the RAM volume on the device. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
Enable this option to configure and enable the rule of profile activation on the device by the number of logical processors on that device. In the drop-down list under the check box, you can select a criterion for the profile activation:
The number of logical processors on the device is less than or equal to the specified value ("<" sign).
The number of logical processors on the device is greater than or equal to the specified value (">" sign).
If this option is enabled, the profile is activated on the device in accordance with the criterion configured. You can specify the number of logical processors on the device. If this option is disabled, the profile activation criterion is not applied. By default, this option is disabled.
The Conditions using equipment specifications window is displayed if the Rules for hardware specifications check box is selected.
In the Name of policy profile activation rule window, in the Rule name field, specify a name for the rule.
The profile will be saved. The profile will be activated on the device when activation rules are triggered.
Policy profile activation rules created for the profile are displayed in the policy profile properties in the Activation rules section. You can modify or remove any policy profile activation rule.
Multiple activation rules can be triggered simultaneously.