About using accounts to start tasks
You can specify the account under which you want to run a selected task for the following functional components of Kaspersky Security for Windows Server:
- Rule Generator for Applications Launch Control and Rule Generator for Device Control tasks
- On-Demand Scan task
- Update tasks
By default, these tasks are run using system account permissions.
A different account with proper access permissions is recommended in the following cases:
- In the Update task, if you specified a public folder on a different device on the network as the update source.
- In the Update task, if a proxy server with built-in Windows NTLM authentication is used to access the update source.
- In On-Demand Scan tasks, if the system account does not possess permissions to access any of the scanned objects (for example, access to files in shared folders on the protected device).
- In the Rule Generator for Applications Launch Control task, if after completion of the task the generated rules are exported to a configuration file located at a path that the system account cannot access (for example, in one of the shared folders on the protected device).
You can run Update, On-Demand Scan, and Rule Generator tasks with system account permissions. During execution of these tasks, Kaspersky Security for Windows Server accesses shared folders on another device in the network if this device is registered in the same domain as the protected device. In this case, the system account must possess access permissions for these folders. Kaspersky Security for Windows Server will access the device using permissions of the account <domain name \ device_name>.
