Configuring access permissions for Kaspersky Embedded Systems Security for Windows and the Kaspersky Security Service

You can edit the list of users and user groups allowed to access Kaspersky Embedded Systems Security for Windows functions and manage the Kaspersky Security Service. You can also edit the access permissions of those users and user groups.

To add or remove a user or group from the list:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
   • To configure the settings of a task or application for an individual protected device, select the Devices tab and go to local task settings or application settings.
4. In the Supplementary section, perform one of the following steps:
   • Click the Settings button in the User access permissions for application management subsection if you want to edit the list of users who have access permissions for managing Kaspersky Embedded Systems Security for Windows functions.
   • Click the Settings button in the User access permissions for Kaspersky Security Service management subsection if you want to edit the list of users who have access permissions for managing the Kaspersky Security Service.

     The Permissions for Kaspersky Embedded Systems Security 3.3 for Windows window opens.

5. In the window that opens, perform the following operations:
   • In order to add a user or group to the list, click the Add button and select the user or group that you want to grant privileges to.
   • To remove a user or group from the list, select the user or group whose access you want to restrict, and click the Remove button.
6. Click the Apply button.

The selected users (groups) are added or removed.

To edit the permissions of a user or group to manage Kaspersky Embedded Systems Security for Windows or the Kaspersky Security Service:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
   • To configure the settings of a task or application for an individual protected device, select the Devices tab and go to local task settings or application settings.
4. In the Supplementary section, perform one of the following steps:
   • Click the Settings button in the User access permissions for application management subsection if you want to edit the list of users who have access permissions for managing Kaspersky Embedded Systems Security for Windows functions.
   • Click the Settings button in the User access permissions for Kaspersky Security Service management subsection if you want to edit the list of users who have access permissions for managing the application via the Kaspersky Security Service.

     The Permissions for Kaspersky Embedded Systems Security for Windows window opens.

5. In the window that opens, in the Group or user names list, select the user or group of users whose permissions you want to change.
6. In the Permissions for <User (Group)> section, select the Allow or Deny check boxes for the following access levels:
   • Full control: full set of permissions to manage Kaspersky Embedded Systems Security for Windows or the Kaspersky Security Service.
   • Read:
     • The following permissions to manage Kaspersky Embedded Systems Security for Windows: Retrieve statistics, Read settings, Read logs and Read permissions.
     • The following permissions to manage the Kaspersky Security Service: Read service settings, Request status from Service Control Manager, Request status from service, Read list of dependent services, Read permissions.
   • Modification:
     • All permissions to manage Kaspersky Embedded Systems Security for Windows, except Edit permissions.
     • The following permissions to manage the Kaspersky Security Service: Modify service settings, Read permissions.
   • Special permissions: the following permissions to manage the Kaspersky Security Service: Starting service, Stop service, Pause / Resume service, Read permissions, User defined requests to service.
7. To configure advanced permissions for a user or group (Special permissions), click the Advanced button.
   1. In the Advanced security settings for Kaspersky Embedded Systems Security for Windows window that opens, select the desired user or group.
   2. Click the Edit button.
   3. In the drop-down list in the top part of the window, select the type of access control (Allow or Block).
   4. Select the check boxes next to the functions that you want to allow or block for the selected user or group.
   5. Click the OK button.
   6. In the Advanced security settings for Kaspersky Embedded Systems Security for Windows window, click OK.
8. In the Permissions for Kaspersky Embedded Systems Security for Windows window, click the Apply button.

The configured permissions for managing Kaspersky Embedded Systems Security for Windows or the Kaspersky Security Service are saved.