Configuring access permissions for Kaspersky Security for Windows Server and the Kaspersky Security Service

You can edit the list of users and user groups allowed to access Kaspersky Security for Windows Server functions and manage the Kaspersky Security Service. You can also edit the access permissions of those users and user groups.

To add or remove a user or group from the list:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
   • To configure the application for a single protected device, select the Devices tab and open the Application settings window.

     If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.

4. In the Supplementary section, perform one of the following steps:
   • Click Settings in the User access permissions for application management subsection if you want to edit the list of users who have access permissions for managing Kaspersky Security for Windows Server functions.
   • Click Settings in the User access permissions for Kaspersky Security Service management subsection if you want to edit the list of users who have access permissions for managing the Kaspersky Security Service.

     The Permissions for Kaspersky Security 11.0.1 for Windows Server group window opens.

5. In the window that opens, perform the following operations:
   • In order to add a user or group to the list, click the Add button and select the user or group that you want to grant privileges to.
   • To remove a user or group from the list, select the user or group whose access you want to restrict, and click the Remove button.
6. Click the Apply button.

The selected users (groups) are added or removed.

To edit the permissions of a user or group to manage Kaspersky Security for Windows Server or the Kaspersky Security Service:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
   • To configure the application for a single protected device, select the Devices tab and open the Application settings window.

     If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.

4. In the Supplementary section, perform one of the following steps:
   • Click Settings in the User access permissions for application management subsection if you want to edit the list of users who have access permissions for managing Kaspersky Security for Windows Server functions.
   • Click Settings in the User access permissions for Kaspersky Security Service management subsection if you want to edit the list of users who have access permissions for managing the application via the Kaspersky Security Service.

     The Permissions for Kaspersky Security group window opens.

5. In the window that opens, in the Group or user names list, select the user or group of users whose permissions you want to change.
6. In the Permissions for <User (Group)> section, select the Allow or Deny check boxes for the following access levels:
   • Full control: full set of permissions to manage Kaspersky Security for Windows Server or the Kaspersky Security Service.
   • Read:
     • The following permissions to manage Kaspersky Security for Windows Server: Retrieve statistics, Read settings, Read logs and Read permissions.
     • The following permissions to manage the Kaspersky Security Service: Read service settings, Request status from Service Control Manager, Request status from service, Read list of dependent services, Read permissions.
   • Modification:
     • All permissions to manage Kaspersky Security for Windows Server, except Edit permissions.
     • The following permissions to manage the Kaspersky Security Service: Modify service settings, Read permissions.
   • Special permissions: the following permissions to manage the Kaspersky Security Service: Starting service, Stop service, Pause / Resume service, Read permissions, User defined requests to service.
7. To configure advanced permissions for a user or group (Special permissions), click the Advanced button.
   1. In the Advanced security settings for Kaspersky Security window that opens, select the desired user or group.
   2. Click the Edit button.
   3. In the drop-down list in the top part of the window, select the type of access control (Allow or Block).
   4. Select the check boxes next to the functions that you want to allow or block for the selected user or group.
   5. Click OK.
   6. In the Advanced security settings for Kaspersky Security window, click OK.
8. In the Permissions for Kaspersky Security window, click the Apply button.

The configured permissions for managing Kaspersky Security for Windows Server or the Kaspersky Security Service are saved.