Password-protected access to Kaspersky Embedded Systems Security functions
You can restrict access to application management and registered services by configuring user permissions. You can also set password protection in the Kaspersky Embedded Systems Security settings for additional protection of critical operations.
Kaspersky Embedded Systems Security requests a password when you attempt to access the following application functions:
- connect to the Application Console;
- uninstall Kaspersky Embedded Systems Security;
- modify Kaspersky Embedded Systems Security components;
- execute command-line commands.
The Kaspersky Embedded Systems Security interface disguises the specified password on screen. Kaspersky Embedded Systems Security stores the password as a checksum calculated when the password is entered.
Kaspersky Embedded Systems Security doesn't check password strength and doesn't block password entry after a number of failed attempts.
When creating a password, you are recommended to meet the following conditions:
- The password doesn't contain the account name or computer name.
- The password is at least 8 characters long.
- The password contains characters that match at least three of the following categories:
- uppercase latin letters (A-Z);
- lowercase latin letters (a-z);
- numbers (0-9);
- symbols of exclamation point (!), dollar sign ($), pound sign (#) and percent sign (%).
You can export and import a password-protected application configuration. A configuration file created by exporting a protected application configuration contains the password checksum and the value of the modifier used to pad the password string.
Do not change the checksum or modifier in the configuration file. Importing a password-protected configuration that has been changed manually may cause access to the application to be entirely blocked.
To protect access to Kaspersky Embedded Systems Security functions:
- In the tree of Kaspersky Security Center Administration Console, expand the Managed devices node. Select the administration group with the protected devices whose application settings you want to configure.
- Perform one of the following actions in the details pane of the selected administration group:
- To configure policy settings for a group of protected devices, select the Policies tab and open the properties of the <Policy name> by means of the context menu.
- If you want to configure application settings for a single protected device, open the required settings in the Application settings window in the Kaspersky Security Center.
- In the Security and reliability section of the Application settings tab, click the Settings button.
The Security settings window opens.
- In the Password protection settings section, select the Apply password protection check box.
The Password and Confirm password fields become active.
- In the Password field, enter the password you want to use to protect access to Kaspersky Embedded Systems Security functions.
- In the Confirm password field, enter your password again.
- Click OK.
The specified settings are saved. Kaspersky Embedded Systems Security will request the specified password to access protected functions.
This password cannot be recovered. Losing your password will result in the complete loss of control of the application. Additionally, it will be impossible to uninstall the application from the protected device.
You can reset the password at any time. To do that, clear the Apply password protection check box and save changes. Password protection will be disabled and the old password checksum will be removed. Repeat the password creation process with a new password.
