Password-protected access to Kaspersky Industrial CyberSecurity for Nodes functions
Configuring user rights lets you restrict access to application management and registered services by configuring user permissions. You can also set password protection in the Kaspersky Industrial CyberSecurity for Nodes settings for additional protection of critical operations.
When a user attempts to perform a password-protected action, Kaspersky Industrial CyberSecurity for Nodes prompts the user for the user name and password or temporary password. Password protection supports the following accounts:
- KLAdmin. An Administrator account with unrestricted access to Kaspersky Industrial CyberSecurity for Nodes. The KLAdmin account has the right to perform any action that is password-protected. The permissions for the KLAdmin account cannot be revoked. When you enable password protection, Kaspersky Industrial CyberSecurity for Nodes prompts you to set a password for the KLAdmin account.
- Account added manually. An account outside the Active Directory domain. You can use this service account instead of KLAdmin if you do not want to share the administrator password. You can set any user name and password and configure individual permissions.
- The Everyone group. A built-in Windows group that includes all users within the corporate network. Users in the Everyone group can access the application according to the permissions that are granted to them.
- Individual users or groups. User accounts for which you can configure individual permissions. For example, if an action is blocked for the Everyone group, you can allow this action for an individual user or a group.
The Kaspersky Industrial CyberSecurity for Nodes interface disguises the specified password on screen. Kaspersky Industrial CyberSecurity for Nodes stores the password as a checksum calculated when the password is entered.
Kaspersky Industrial CyberSecurity for Nodes doesn't check password strength and doesn't block password entry after a number of failed attempts.
When creating a password, you are recommended to meet the following conditions:
- The password doesn't contain the account name or computer name.
- The password is at least 8 characters long.
- The password contains characters that match at least three of the following categories:
- Uppercase Latin letters (A-Z)
- Lowercase Latin letters (a-z)
- Numerals (0-9)
- Exclamation mark (!), dollar sign ($), pound sign (#) and percent sign (%)
How to password-protect access to Kaspersky Industrial CyberSecurity for Nodes functionality in the Kaspersky Security Center Administration Console
- In the Kaspersky Security Center Administration Console tree, select the Policies folder.
- Select the necessary policy and double-click to open the policy properties.
- In the policy properties window, select Supplementary.
- In the User access permissions for application management section, click Settings.
- In the window that opens, select the Allow confirmation of actions with the application using credentials from manually created users check box.
- Specify the password for the KLAdmin user account.
- If necessary, add user accounts to which you want to grant access to application management:
- Click Add.
This opens the form for configuring user access permissions.
- In the window that opens, select the method for adding users: Add a user / group of users manually.
- Specify a user name and password.
- In the Permissions list, configure user access permissions to application functionality.
- Save your changes. To apply the policy on computers, close the locks
.
How to password-protect access to Kaspersky Industrial CyberSecurity for Nodes functionality in the Application Console
- In the Application Console tree, select the Kaspersky Industrial CyberSecurity for Nodes node and select User access permissions for application management from the context menu of the node.
- In the window that opens, select the Allow confirmation of actions with the application using credentials from manually created users check box.
- Specify the password for the KLAdmin user account.
- If necessary, add user accounts to which you want to grant access to application management:
- Click Add.
This opens the form for configuring user access permissions.
- In the window that opens, select the method for adding users: Add a user / group of users manually.
- Specify a user name and password.
- In the Permissions list, configure user access permissions to application functionality.
- Save your changes.
How to password-protect access to Kaspersky Industrial CyberSecurity for Nodes functionality in the Kaspersky Security Center Web Console
- In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
- Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to Supplementary → User access permissions for application management and click the Configure button.
- In the window that opens, select the Allow confirmation of actions with the application using credentials from manually created users check box.
- Specify the password for the KLAdmin user account.
- If necessary, add user accounts to which you want to grant access to application management:
- Click Add.
This opens the form for configuring user access permissions.
- In the window that opens, select the method for adding users: Add a user / group of users manually.
- Specify a user name and password.
- In the Permissions list, configure user access permissions to application functionality.
- Save your changes. To apply the policy on computers, close the locks
.
This password cannot be recovered. Losing your password results in complete loss of control over the application. Moreover, you will not be able to remove the application from the protected device.
You can reset the password at any time. To do that, clear the Allow confirmation of actions with the application using credentials from manually created users check box and save changes. Password protection will be disabled and the old password checksum will be removed. Repeat the password creation process with a new password.
Page top