Business products
Workstations & Servers protection

Workstation protection

File server protection

Mail system protection

Perimeter protection

Administration Kit

Kaspersky Administration Kit 8.0

Kaspersky Administration Kit 6.0 MP1/MP2

Operating principles

Implementing in network

Complex-components uninstalling

Troubleshooting

All articles

Kaspersky Administration Kit 5.0 MP3 (builds 5.0.1104 - 5.0.1152)

Support lifecycle of applications for remote management

Kaspersky Hosted Security Services

Fighting malicious programs
How to disinfect...

Training and Certification
Take an educational course and become a certified anti-virus security specialist

Self Service
More help online

Support contacts and conditions
Information about support services and rules

You are visiting our Support Website and we thank you in advance for your participation in this poll and your feedbacks.

Please vote honestly, we will analyze the results and will do our best to improve our service as soon as possible.

Read the same in:

Home / Business products / Administration Kit / Kaspersky Administration Kit 6.0 MP1/MP2 / Operating principles

Kaspersky Administration Kit 6.0 MP1/MP2

Operating principles [39]

More Sections

Access rights to logical network
ID Article: 283	Other languages:	26	2009 Feb 02 12:14	Printable version

Concerning to:

Kaspersky Administration Kit 6.0 MP1

Kaspersky Administration Kit 5.0 MP3 (builds 5.0.1104 - 5.0.1152)

In Kaspersky Administration Kit, user rights are assigned in accordance with the Windows user authentication on the local network.

Four groups of users have rights to administer applications through Kaspersky Administration Kit after the Administration Server is installed. These are:

Logical network administrators are users included to the KLAdmins group.
Logical network operators are users included to the KLOperators group. The group is created when the Administration Server is being installed.
Local administrators of the computer running the Administration Server application. Local administrators have the Local administrators rights.
Domain administrators whose computers are incorporated into the logical network. Domain administrators have the Logical network administrators rights.

The Logical network administrator is a user who installs and configures the Kaspersky Administration Kit software package on network computers and manages Kaspersky Lab applications on remote computers on a logical network. The logical network administrator has full control over all available functions of Kaspersky Administration Kit – i.e. administrator has permissions for Reading, Writing and Executing.

The Logical network operator is a user who monitors the structure of the logical network, tasks and policies settings, who can start created tasks and generate virus protection reports. The operator has limited rights to the Kaspersky Administration Kit functionality – permissions for Reading and Executing.

If several computers on the same domain are included in several logical networks, the administrator of this domain is the logical network administrator for all these logical networks. All operations initiated by logical network administrators will inherit rights of the corresponding administration server. The domain administrator configures and manages Kaspersky Lab applications only on the computers of this domain. If this logical network includes computers from various domains, do the following to grant the logical network administrator rights to a domain administrator:

Enable trust relationships between the domains
Add this administrator to the administrators group on every domain included in the logical network.

If a Network Agent is already installed on all computers of the logical network, then to build and manage the logical network, to install the Antivirus applications remotely and to configure policies and tasks you do not need to have so vast rights. It is enough to have the rights of the logical network administrator.

Different permission rights to the Administration Server can be granted to administrators and to each administration group (Administration Server/group > Properties > the Security tab) to organize work of several administrators within the logical network.

The Groups group security settings are inherited from the Administration Server. Child/nested groups inherit the settings from parent groups. To inherit the settings check the Inherit checkbox in each group properties.

To cancel inheritance or/and to change permissions and population of users/groups that have access to the group and to its settings and tasks, uncheck the Inherit checkbox. But remember, you cannot change permissions of the KLAdmins (local and domain) group.

Permission for Reading allows viewing the structure of groups and its subgroups, and generating the reports.

Permissions for Writing allows configuring policies and tasks settings as well as list of computers included to groups and subgroups.

Permission for Executing right allows starting created tasks and connecting slave Servers.

NOTE!

1. Nested groups inherit permissions if the Inherit checkbox is checked in the nested groups' settings.

2. If the Reading permission is not checked you cannot view list of computers of the group, its settings, policies and tasks.

3. Before a user is granted permissions to the group he/she should be given access permission to he Server (Administration Server > Properties > the Security tab)

4. The system allows multiple administrators to work simultaneously with the same resources. The latest changes will overwrite previously saved settings. For this reason, joint work of multiple logical network administrators must be coordinated to prevent misunderstanding.

5. Changes in the list of users (and their permissions) are applied dynamically: the Administration Server service should not be restarted.