Auditing actions on a remote client device

The application enables auditing of the administrator's actions on a remote client devices running Windows. During the audit, the application saves, on the device, information about files that have been opened and/or modified by the administrator. Audit of the administrator's actions is available when the following conditions are met:

• The Vulnerability and patch management license is in use.
• The administrator has the right to start shared access to the desktop of the remote device.

To enable auditing of actions on a remote client device:

1. In the console tree, select the administration group for which the audit of the administrator's actions should be configured.
2. In the workspace of the group, select the Policies tab.
3. Select a policy of Kaspersky Security Center Network Agent, then select Properties in the context menu of the policy.
4. In the policy properties window, select the Windows Desktop Sharing section.
5. Select the Enable audit check box.
6. In the Masks of files to monitor when read and Masks of files to monitor when modified lists, add file masks on which the application must monitor actions during the audit.

   By default, the application monitors actions on files with .txt, .rtf, .doc, .xls, .docx, .xlsx, .odt, and .pdf extensions.

7. Click OK to save changes and close the policy properties window.

This results in configuration of the audit of the administrator's actions on the user's remote device with shared desktop access.

Records of the administrator's actions on the remote device are logged:

• In the event log on the remote device.
• In a file with the syslog extension located in the Network Agent folder on a remote device (for example, C:\ProgramData\KasperskyLab\adminkit\1103\logs).
• In the events database of Kaspersky Security Center.