Offline mode for granting access

You can grant access to a blocked device in offline mode only if Kaspersky Security Center is deployed in the organization and a policy has been applied to the computer. In the policy settings, in the Device Control section, the Allow requests for temporary access check box must be selected.

A user requests access to a blocked device as follows:

1. Connect the device to the computer.

   Kaspersky Endpoint Security will show a notification stating that access to the device is blocked (see the figure below).

2. Click the Request temporary access link.

   The Request access to device window opens with a list of connected devices.

3. In the list of connected devices, select the device to which you want to gain access.
4. Click the Generate request access file button.
5. In the Access duration field, specify the period of time for which you want to have access to the device.
6. Save the file to computer memory.

As a result, a request access file with the *.akey extension will be downloaded to computer memory. Use any available method to send the device request access file to the corporate LAN administrator.

Device Control notification

The administrator creates an access key for a blocked device as follows:

1. Open the Kaspersky Security Center Administration Console.
2. In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration group to which the relevant client computer belongs.
3. In the workspace, select the Devices tab.
4. In the list of client computers, select the computer whose user needs to be granted temporary access to a locked device.
5. In the context menu of the computer, select Grant access in offline mode.
6. In the opened window, select the Device Control tab.
7. Click the Browse button and download the request access file received from the user.

   You will see information about the blocked device to which the user has requested access.

8. If necessary, change the value of the Access duration setting.

   By default, the Access duration setting takes the value that was indicated by the user when creating the access request file.

9. Specify the value of the Activate by setting.

   This setting defines the time period during which the user can activate access to the blocked device by using the provided access key.

10. Save the access key file to computer memory.

As a result, the blocked device access key will be downloaded to computer memory. An access key file has the *.acode extension. Use any available method to send the blocked device access key to the user.

The user activates the access key as follows:

1. In the lower part of the main application window, click the button.
2. In the application settings window, select Protection → Security Controls → Device Control.
3. In the Access request block, click the Request access to device button.
4. In the opened window, click the Activate access key button.
5. In the opened window, select the file with the device access key received from the corporate LAN administrator. Click the Open button.

   This opens a window containing information about access provision.

6. Click OK.

As a result, the user receives access to the device for the time period set by the administrator. The user receives the full set of rights for accessing the device (read and write). When the key expires, access to the device will be blocked. If the user requires permanent access to the device, add the device to the trusted list.