Configuring user access permissions to manage the Kaspersky Security Service
During installation, Kaspersky Industrial CyberSecurity for Nodes registers the application service - Kaspersky Security Service - in Windows. Thus, the application includes functional components that start at operating system startup. To reduce the risk of third-party access to application functionality and security settings of the protected device using the application service, you can restrict the permissions to manage the Kaspersky Security Service.
By default, access permissions for managing the Kaspersky Security Service are granted to users in the Administrators group on the protected device. Read permissions are granted to the SERVICE and INTERACTIVE groups, and read and execute permissions are granted to the SYSTEM group.
You cannot delete the SYSTEM user account or edit permissions for this account. If the permissions for the SYSTEM account are edited, the maximum privileges are restored for this account when you save the changes.
Users who have access to functions of the Edit permissions level can grant access permissions for managing the Kaspersky Security Service to other users registered on the protected device or included in the domain.
You can choose one of the following preset levels of access permissions for a user or group of users of Kaspersky Industrial CyberSecurity for Nodes for managing the Kaspersky Security Service:
- Full control: ability to view and edit general settings and user permissions for the Kaspersky Security Service, and to start and stop the Kaspersky Security Service.
- Read: ability to view Kaspersky Security Service general settings and user permissions.
- Edit: ability to view and edit Kaspersky Security Service general settings and user permissions.
- Execute: ability to start and stop the Kaspersky Security Service.
You can also configure advanced access permissions: allow or deny access to specific Kaspersky Industrial CyberSecurity for Nodes functions (see the table below).
Access permissions for Kaspersky Security Service functions
Feature |
Description |
|---|---|
Read service settings |
Ability to view Kaspersky Security Service general settings and user permissions. |
Request service status from Service Control Manager |
Ability to request the execution status of the Kaspersky Security Service from the Microsoft Windows Service Control Manager. |
Request service status |
Ability to request the service execution status from the Kaspersky Security Service. |
Read list of dependent services |
Ability to view a list of services which the Kaspersky Security Service depends on and which depend on the Kaspersky Security Service. |
Modify service settings |
Ability to view and edit Kaspersky Security Service general settings and user permissions. |
Start service |
Ability to start the Kaspersky Security Service. |
Stop service |
Ability to stop the Kaspersky Security Service. |
Pause / resume service |
Ability to pause and resume the Kaspersky Security Service. |
Read permissions |
Ability to view the list of Kaspersky Security Service users and each user's access privileges. |
Edit permissions |
Ability to:
|
Remove service |
Ability to unregister the Kaspersky Security Service in the Microsoft Windows Service Control Manager. |
User defined requests to service |
Ability to create and send user requests to the Kaspersky Security Service. |
You can edit the list of users and user groups allowed to manage the Kaspersky Security Service, and also edit the access permissions of those users and user groups.
Page top
.
.