Oct 23, 2023
A policy is a collection of Kaspersky Thin Client operating settings defined for an administration group. You can configure multiple policies with different values for one device. For different administration groups, the settings of the application may be different. Each administration group can create its own policy for the application. For more detailed information on using Kaspersky Security Center policies to manage the application, please refer to the Policies and policy profiles section of the Kaspersky Security Center Online Help Guide.
Policy settings are configured in the Kaspersky Security Center Web Console by using the web plug-in and are transmitted to Kaspersky Thin Client when the application synchronizes with Kaspersky Security Center. The synchronization period can be changed in the policy settings.
Active and inactive policy
A policy is intended for a group of managed devices and can be active or inactive. The settings of an active policy are saved on client devices during synchronization. You cannot simultaneously apply multiple policies to one device, therefore only one policy can be active in each group.
You can create an unlimited number of inactive policies. An inactive policy does not affect application settings on devices in the network. Inactive policies are intended as preparations for emergency situations, such as a virus attack. If there is an attack via flash drives, you can activate a policy that blocks access to flash drives. In this case, the active policy automatically becomes inactive.
Policies, like administration groups, have a hierarchy. By default, a child policy inherits the settings from the parent policy. A child policy is a policy for nested hierarchy levels. In other words, it is a policy for nested administration groups and secondary Administration Servers. You can turn off inheritance of settings from the parent policy.
Each policy setting has the attribute, which indicates if the settings can be modified in policies or in the local application settings. Depending on the status of this attribute, one of the following values is displayed next to a setting:
- Undefined. If an open lock icon is displayed next to a setting and the toggle button is disabled, this setting is not defined in the policy. A user can change these settings in the local interface of the Kaspersky application. These settings are referred to as unlocked.
- Enforced. If a closed lock icon is displayed next to a setting and the toggle button is enabled, this setting is applied to devices on which the policy is applied. A user cannot change the values of these settings in the local interface of the Kaspersky application. These settings are referred to as locked.
The attribute applies for a child policy only if inheritance of the parent policy settings is enabled for the child policy.