Page 1
Kaspersky Administration
REFERENCE GUIDE
P R O GR A M V ER S IO N : 8 . 0 C R I T I CA L F I X 1
Kit 8.0
Page 2
2
Dear User!
Thank you for choosing our product. We hope that this documentation will help you in your work and will provide answers
regarding this software product.
Reproduction or distribution of any materials in any format, including translations, is allowed only with the written
permission of Kaspersky Lab.
This document, and graphic images related to it, may only be used for informational, non-commercial, and personal
purposes.
Kaspersky Lab reserves the right to amend this document without additional notification. You can find the latest version of
this document at the Kaspersky Lab website, at http://www.kaspersky.com/docs.
Kaspersky Lab shall not be liable for the content, quality, relevance, or accuracy of any materials used in this document
for which the rights are held by third parties, or for any potential or actual losses associated with the use of these
materials.
This document uses registered trademarks and service marks which are the property of their respective owners.
Revision date: 2/3/10
© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
http://www.kaspersky.com
http://support.kaspersky.com
Page 3
3
CONTENTS
KASPERSKY ADMINISTRATION KIT ........................................................................................................................... 8
Distribution package ................................................................................................................................................ 8
Services for registered users ................................................................................................................................... 8
Obtaining information about the application ............................................................................................................. 9
Information sources for further research ............................................................................................................ 9
Contacting the Technical Support Service ....................................................................................................... 10
Discussing Kaspersky Lab's applications on the web forum ............................................................................ 11
Purpose of the document ....................................................................................................................................... 11
Application features ............................................................................................................................................... 11
Hardware and software requirements .................................................................................................................... 12
Application structure .............................................................................................................................................. 14
What's new ............................................................................................................................................................ 15
LAUNCHING THE APPLICATION .............................................................................................................................. 17
QUICK START WIZARD ............................................................................................................................................. 18
Step 1. Adding a license ........................................................................................................................................ 18
Step 2. Network Discovery ..................................................................................................................................... 21
Step 3. Configuring notification settings ................................................................................................................. 22
Step 4. Configuring anti-virus protection ................................................................................................................ 22
Step 5. Downloading updates ................................................................................................................................ 24
Step 6. Completing the wizard ............................................................................................................................... 25
MANAGING ADMINISTRATION SERVERS ............................................................................................................... 26
Connection to the Administration Server................................................................................................................ 26
The utility for selecting the Administration Server service account (klsrvswch) ..................................................... 28
Disconnecting from Server ..................................................................................................................................... 29
Switching between Servers .................................................................................................................................... 30
Adding a Server to the console tree ....................................................................................................................... 30
Granting rights to use a Server .............................................................................................................................. 31
Removing a Server from the console tree .............................................................................................................. 32
Viewing and changing Administration Server settings ........................................................................................... 33
Configuring Administration Server settings ...................................................................................................... 33
General guidelines for relocation of computers ................................................................................................ 53
Compatibility with Cisco Network Admission Control (NAC) ............................................................................ 56
Configuring Integration with Cisco Network Admission Control (NAC) ............................................................. 58
Traffic limit ........................................................................................................................................................ 59
Slave Administration Servers ................................................................ ................................................................. 59
Adding a slave Server ...................................................................................................................................... 59
Configuring the connection of the slave Server to the master Server .............................................................. 60
Viewing administration groups of a slave Administration Server ...................................................................... 62
Connecting to the Administration Server via Internet ............................................................................................. 62
MANAGING ADMINISTRATION GROUPS ................................................................................................................. 64
Adding, moving and deleting a group .................................................................................................................... 64
Creating the structure of administration groups ..................................................................................................... 66
The structure of groups based on the Windows network domains and workgroups ......................................... 67
Group structure based on Active Directory ....................................................................................................... 69
Page 4
R E F E RE N C E G U I D E
4
Group structure based on the content of the text file ........................................................................................ 71
Viewing information about a group ........................................................................................................................ 73
Viewing and changing group settings .................................................................................................................... 74
General settings ............................................................................................................................................... 74
Granting rights to work with a group ................................................................................................................. 76
Conditions that determine computer status ...................................................................................................... 77
Monitoring of client computer activity ............................................................................................................... 79
Automatic installation of applications on client computers................................................................................ 80
Creating the list of Update Agents .................................................................................................................... 81
REMOTE MANAGEMENT OF APPLICATIONS ......................................................................................................... 82
Managing policies .................................................................................................................................................. 82
Creating a policy .............................................................................................................................................. 82
Displaying inherited policy in the nested group results pane ............................................................................ 85
Viewing and configuring policy settings ............................................................................................................ 85
Activating a policy ............................................................................................................................................ 95
Activating a policy based on an event .............................................................................................................. 96
Policy for mobile user ....................................................................................................................................... 96
Deleting a policy ............................................................................................................................................... 98
Copying a policy ............................................................................................................................................... 98
Configuring the Network Agent's policy ............................................................................................................ 98
Configuring the settings of the Administration Server policy .......................................................................... 102
Exporting a policy ........................................................................................................................................... 107
Importing a policy ........................................................................................................................................... 107
Policies conversion ........................................................................................................................................ 108
Local application settings ..................................................................................................................................... 110
Viewing application settings ................................................................ ........................................................... 110
Configuring Network Agent ............................................................................................................................ 113
MANAGING THE OPERATION OF APPLICATIONS ................................................................................................ 115
Creating a group task........................................................................................................................................... 116
Creating an Administration Server task................................................................................................................ 128
Creating a task for specific computers ................................................................................................................. 129
Viewing and changing task settings ..................................................................................................................... 130
Creating a local task ............................................................................................................................................ 136
Displaying an inherited group task in the results pane of a nested group ............................................................ 138
Automatic operating system loading on the client computers before task execution ........................................... 139
Turning off the computer after the task execution ................................................................................................ 139
Restricting time for the task execution ................................................................................................................. 139
Exporting a task ................................................................................................................................................... 140
Importing a task ................................................................................................................................................... 140
Tasks conversion ................................................................................................................................................. 141
Starting and stopping tasks manually .................................................................................................................. 141
Pausing / resuming tasks manually ..................................................................................................................... 141
Monitoring task execution ................................................................ ................................................................ .... 142
Viewing results of the task execution stored on the Administration Server .......................................................... 143
Configuring the event filter for a group task ................................ ................................................................ ......... 144
Configuring event filter for a selected computer ................................................................................................... 146
Removing a filter .................................................................................................................................................. 148
Page 5
C O N T E N T S
5
CLIENT COMPUTERS .............................................................................................................................................. 149
Adding computers to group .................................................................................................................................. 149
Viewing information about a client computer ....................................................................................................... 150
Viewing client system information ........................................................................................................................ 154
Administration Server change task ...................................................................................................................... 161
Client computer management task ...................................................................................................................... 164
Turning on the client computer ....................................................................................................................... 164
Shutting down the client computer ................................................................................................................. 167
Restarting the client computer ........................................................................................................................ 170
Sending a message to the user of the client computer ........................................................................................ 174
Connecting the client computer to the Administration Server manually. The klmover.exe utility .......................... 177
Client-to-Administration Server connection check frequency ............................................................................... 179
Verifying connection of the client computer to Administration Server manually. The klnagchk.exe utility ...... 179
Checking the connection between the client computer and the Administration Server using the Check connection
action.............................................................................................................................................................. 180
Remote diagnostics of client computers utility (klactgui) ...................................................................................... 180
Enabling and disabling trace, downloading the trace file ................................................................................ 181
Downloading application settings ................................................................................................................... 183
Downloading event logs ................................................................................................................................. 185
Launching the diagnostics and downloading the results of its operation ........................................................ 185
Starting, restarting and stopping the applications ........................................................................................... 187
REPORTS AND NOTIFICATIONS ............................................................................................................................ 189
Creating a report template ................................................................................................................................... 189
Viewing statistics ................................................................................................................................................. 192
Creating a statistics page ............................................................................................................................... 193
Changing the set of statistics pages ............................................................................................................... 195
Creating an information panel ........................................................................................................................ 196
Changing the set of information panels .......................................................................................................... 200
Viewing and editing report templates ................................................................................................................... 201
Generating and viewing reports ........................................................................................................................... 205
Reports delivery task ........................................................................................................................................... 208
Administration Servers hierarchy reports ............................................................................................................. 211
Restricting the number of records included in reports .......................................................................................... 212
Notification limit .................................................................................................................................................... 214
Notifications ......................................................................................................................................................... 214
Email notification ............................................................................................................................................ 215
Use NET SEND .............................................................................................................................................. 217
Notification using the executable file to run .................................................................................................... 218
KASPERSKY ADMINISTRATION KIT TASKS .......................................................................................................... 221
TASKS FOR SPECIFIC COMPUTERS ..................................................................................................................... 222
EVENT AND COMPUTER SELECTIONS ................................................................................................ ................. 223
Event selections ................................................................................................................................................... 223
Viewing Kaspersky Administration Kit event log stored on the Administration Server .................................... 223
Creating an event selection ............................................................................................................................ 224
Customizing an event selection ...................................................................................................................... 225
Saving information about events to file........................................................................................................... 229
Deleting events .............................................................................................................................................. 230
Page 6
R E F E RE N C E G U I D E
6
Computer selections ............................................................................................................................................ 230
Viewing a computer selection ......................................................................................................................... 231
Creating a computer selection ........................................................................................................................ 233
Configuring a computer selection ................................................................................................................... 233
UNASSIGNED COMPUTERS ................................................................................................................................... 241
Network Discovery ............................................................................................................................................... 241
Viewing and changing the settings for Windows network polling ................................................................... 242
Viewing and modifying Active Directory group properties .............................................................................. 244
Viewing and modifying the settings for IP subnet polling................................................................................ 245
Viewing and changing domain settings ................................................................................................................ 246
Creating an IP subnet .......................................................................................................................................... 248
Viewing and modifying the IP subnet settings ...................................................................................................... 249
Viewing and modifying the Active Directory group properties .............................................................................. 252
UPDATE ................................................................................................................................................................ .... 253
Creating the task of downloading updates to the repository ................................................................................ 253
Adding an updates source.............................................................................................................................. 256
Configuring connection to the update servers ................................................................................................ 259
Determining the updates list ........................................................................................................................... 261
Configuring other update task settings ........................................................................................................... 263
Testing of downloaded updates ........................................................................................................................... 265
Viewing downloaded updates .............................................................................................................................. 268
Automatic distribution of updates ......................................................................................................................... 269
Automatic distribution of updates to the client computers .............................................................................. 269
Automatic distribution of updates to the slave Servers ................................................................................... 269
Automatic installation of updates to program modules ................................................................................... 269
Creating the list of Update Agents and configuring the agents....................................................................... 270
Update Agent statistics................................................................................................................................... 272
The task of downloading updates by the Update Agents ............................................................................... 275
MANAGING LICENSES ............................................................................................................................................ 278
Viewing information about installed licenses ........................................................................................................ 278
Installing a license ............................................................................................................................................... 281
Running the license installation task creation wizard ........................................................................................... 282
Creating and viewing report on licenses .............................................................................................................. 282
Obtaining license using activation code ............................................................................................................... 283
Automatic distribution of license .......................................................................................................................... 284
REPOSITORIES ....................................................................................................................................................... 285
Installation packages ........................................................................................................................................... 285
Quarantine ........................................................................................................................................................... 285
Viewing the properties of a quarantined object .............................................................................................. 286
Removing an object from Quarantine ............................................................................................................. 287
Scanning the Quarantine folder on the client computer ................................................................................. 287
Restoring an object from the Quarantine........................................................................................................ 287
Saving an object from the Quarantine to disk ................................................................................................. 287
Backup ................................................................................................................................................................. 287
Viewing the properties of an object placed into the Backup ........................................................................... 288
Removing an object from the Backup ............................................................................................................ 289
Restoring the object from the Backup ............................................................................................................ 289
Page 7
C O N T E N T S
7
Saving an object from the Backup to disk ...................................................................................................... 290
Unprocessed files ................................................................................................................................................ 290
Disinfecting the object from the Unprocessed files folder ............................................................................... 290
Saving the object from the Unprocessed files folder to disk ........................................................................... 290
Removing the object from the Unprocessed files folder ................................................................................. 291
Application registry .............................................................................................................................................. 291
ADDITIONAL FEATURES ................................................................ ......................................................................... 296
Monitoring anti-virus protection status using system registry data ....................................................................... 296
Mobile users ........................................................................................................................................................ 297
Creating a profile for the mobile users ........................................................................................................... 298
Creating the Network Agent switching rule..................................................................................................... 301
Adding a condition to the rule ......................................................................................................................... 302
Search ................................................................................................................................................................. 306
Detecting computers ...................................................................................................................................... 307
Searching for administration groups ............................................................................................................... 314
Searching for the slave Administration Servers .............................................................................................. 316
Data backup ......................................................................................................................................................... 318
Data backup task ........................................................................................................................................... 319
Data backup and restoration utility klbackup .................................................................................................. 321
Tracking virus outbreaks ...................................................................................................................................... 325
Enabling virus outbreak detection .................................................................................................................. 325
Changing the application policy when a Virus outbreak event is registered ................................................... 328
Automation of the Kaspersky Administration Kit operation (klakaut) .................................................................... 330
Custom tools ................................ ................................................................ ........................................................ 330
Configuring interface ............................................................................................................................................ 330
REFERENCE INFORMATION .................................................................................................................................. 332
Context menu ...................................................................................................................................................... 332
Results pane ........................................................................................................................................................ 334
Statuses of computers, tasks and policies ........................................................................................................... 340
GLOSSARY ............................................................................................................................................................... 342
KASPERSKY LAB ..................................................................................................................................................... 347
INDEX ....................................................................................................................................................................... 348
Page 8
8
KASPERSKY ADMINISTRATION KIT
IN THIS SECTION
Distribution package .......................................................................................................................................................... 8
Services for registered users ............................................................................................................................................. 8
Obtaining information about the application ...................................................................................................................... 9
Purpose of the document ................................................................................................................................................ 11
Application features ......................................................................................................................................................... 11
Hardware and software requirements.............................................................................................................................. 12
Application structure ........................................................................................................................................................ 14
What's new ...................................................................................................................................................................... 15
Kaspersky Administration Kit provides a centralized solution for managing corporate network anti-virus security
systems based on Kaspersky Lab applications included in Kaspersky Open Space Security products. Kaspersky
Administration Kit supports all network configurations that use the TCP/IP protocol.
The application is a tool for corporate network administrators and anti-virus security officers.
DISTRIBUTION PACKAGE
The product is provided free of charge with all Kaspersky Lab applications included in the Kaspersky Open Space
Security kit (retail). It is also available for download from the Kaspersky Lab website (http://www.kaspersky.com).
SERVICES FOR REGISTERED USERS
Kaspersky Lab offers a large service package, enabling its legal users to enjoy all available features of the application.
If you purchase licenses for a Kaspersky Lab product included in Kaspersky Open Space Security, you become a
registered user of Kaspersky Administration Kit. During the license validity period, you are entitled to:
hourly updates of the application database and program modules of that software product;
phone or email consultation on matters related to the installation, configuration and operation of the anti-virus
application;
When you contact the Technical Support Service, please provide information about your license for the
Kaspersky Lab application with which Kaspersky Administration Kit is being used.
notifications about releases of new Kaspersky Lab software products and about new viruses that appear
worldwide. This service is provided to users who subscribe to the Kaspersky Lab newsletter at the web site of
the Technical Support Service at http://support.kaspersky.com/subscribe/.
Kaspersky Lab does not provide support on issues related to the operation and use of your operating system or
Page 9
K A S P E R S K Y AD M I N I S T R A T I O N K IT
9
other technologies.
IN THIS SECTION
Information sources for further research............................................................................................................................ 9
Contacting the Technical Support Service ....................................................................................................................... 10
Discussing Kaspersky Lab's applications on the web forum ........................................................................................... 11
OBTAINING INFORMATION ABOUT THE APPLICATION
If you have any questions regarding purchasing, installing or using Kaspersky Administration Kit, answers are readily
available.
Kaspersky Lab provides various sources of information about the application. You can choose the most suitable,
according to the importance and urgency of your question.
INFORMATION SOURCES FOR FURTHER RESEARCH
You can view the following sources of information about the application:
the application's page on Kaspersky Lab's website;
the application's Knowledge Base page on the Technical Support Service website;
electronic help system;
documentation.
The application's page at the Kaspersky Lab website
http://www.kaspersky.com/administration_kit
This page will provide you with general information about the application's features and options.
The application's Knowledge Base page at the Technical Support Service website
http://support.kaspersky.com/remote_adm
This page contains articles by the Technical Support Service.
These articles contain useful information, recommendations, and the Frequently Asked Questions (FAQ) page, and
cover purchasing, installing and using the application. The articles are sorted by subject, such as "License
management", "Database updates", and "Troubleshooting". The articles aim to answer questions about not only this
application but other Kaspersky Lab products as well. They may also contain news from the Technical Support
Service.
The electronic help system
The application installation package includes full help files, which contain step by step descriptions of the
application's features.
To open the help file, select Kaspersky Administration Kit help system in the console Help menu.
If you have a question about a specific application window, you can use context-sensitive help.
Page 10
R E F E RE N C E G U I D E
10
To open context-sensitive help, in the corresponding window, press the Help button or the F1 key.
Documentation
The documentation supplied with the application aims to provide all the information you will require. It includes the
following documents:
Administrator's Guide describes the purpose, basic concepts, features and general schemes for using
Kaspersky Administration Kit.
Deployment Guide contains a description of the installation procedures for the components of Kaspersky
Administration Kit as well as remote installation of applications in computer networks using simple configuration.
Getting Started guide gives a step by step guide to anti-virus security administrators, enabling them to start
using Kaspersky Administration Kit quickly, and to deploy Kaspersky Lab's anti-virus applications across a
managed network.
Reference Guide contains an overview of Kaspersky Administration Kit, and step by step descriptions of its
features.
The documents are supplied in PDF format in Kaspersky Administration Kit's distribution package (installation CD).
You can download the documentation files from the application's page at Kaspersky Lab's website.
CONTACTING THE TECHNICAL SUPPORT SERVICE
You can obtain information about the application from the Technical Support Service, by phone or on the Internet. When
contacting the Technical Support Service, you will need to provide information about the license for the Kaspersky Lab
product with which you are using the application.
The Technical Support Service will answer any questions related to the installation and use of the application that are not
covered in help topics. If your computer has been infected, they will help you to neutralize the consequences of malware
activity.
Before contacting the Technical Support Service, please read the support rules for Kaspersky Lab's products
http://support.kaspersky.com/support/rules.
Technical Support by email
You can send your question to the Technical Support Service by filling out a Helpdesk web form for client questions
at http://support.kaspersky.com/helpdesk.html.
You can ask your question in Russian, English, German, French or Spanish.
To send an email request, you should specify your customer ID, which you received while registering at the
Technical Support Service's website, and the corresponding password.
If you are not yet a registered user of Kaspersky Lab's applications, you can fill out a registration form
(https://support.kaspersky.com/en/personalcabinet/registration/form/). During registration you will need to enter either
your application's activation code, or the key file.
The Technical Support service will respond to your request in your Personal Cabinet
https://support.kaspersky.com/en/PersonalCabinet), and to the email address you specified in your request.
In the website's request form, please describe the problem you have encountered. In the mandatory fields, specify:
Request type. Questions which users often ask divided into separate topics, for example: "Problems with
Setup / Remove application" or "Virus disinfection". If you do not find an appropriate topic, select "General
question".
Page 11
K A S P E R S K Y AD M I N I S T R A T I O N K IT
11
Application name and version number.
Request description. Describe the problem you encountered in as much detail as possible.
Customer ID and password. Enter the client number and the password you received when you registered at
the Technical Support Service's website.
Email address. The Technical Support Service will reply to your question at this email address.
Technical support by phone
If you have an urgent problem, you can call your local Technical Support Service. Before contacting Russianspeaking (http://support.kaspersky.ru/support/support_local) or international
(http://support.kaspersky.com/support/international) Technical Support, please have the necessary information
(listed at http://support.kaspersky.com/support/details) about your computer to hand. This will let our specialists help
you more quickly.
DISCUSSING KASPERSKY LAB'S APPLICATIONS ON THE WEB FORUM
If your question does not require an immediate answer, you can discuss it with Kaspersky Lab's experts and other users
in our forum at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics and use the search engine.
PURPOSE OF THE DOCUMENT
This Guide contains the purpose of Kaspersky Administration Kit and step by step descriptions of the features it offers.
The basic concepts and general schemes for working with the application are described in the Kaspersky Administration
Kit Administrator's Guide.
APPLICATION FEATURES
The application enables the corporate network administrator to:
Perform remote installation and removal of Kaspersky Lab applications across the network in a centralized
manner. This feature enables the administrator to copy the required set of Kaspersky Lab applications to a
selected computer, and then install these applications remotely on the network computers.
Remotely manage Kaspersky Lab applications in a centralized manner. The administrator can create a multi-
level anti-virus protection system, and manage the operation of all applications from his workstation. This is
particularly important for larger companies whose local network consists of a large number of computers that
may be located in several separate buildings or offices. This feature includes:
creating the hierarchy of Administration Servers;
joining hosts into administration groups based on the functions performed by the computers and on the set
of applications installed on them;
configuring the application settings in a centralized way by creating and applying policies;
configuring the application settings for particular individual computers;
managing the operation of applications in a centralized manner by creating and running group tasks and
tasks for sets of computers and the Administration Server;
building individual schemes for the application's operation by creating and running tasks for a set of
computers from different administration groups.
Page 12
R E F E RE N C E G U I D E
12
Automatically update the anti-virus database and application modules on computers. This feature can update
the anti-virus databases for all installed Kaspersky Lab applications in a centralized manner, rather than each
computer accessing Kaspersky Lab's Internet updates server for each individual update. Updating can be
performed automatically according to the schedule set up by the administrator. The administrator can monitor
distribution of updates to client computers.
Receive reports using a dedicated system. This feature can collect statistics about the operation of all installed
Kaspersky Lab applications in a centralized manner, and create reports based on the statistics. The
administrator can create a cumulative network report about application operation, or reports about the operation
of all applications installed on individual computers.
Use events notification system. Delivery of notifications. The administrator can create a list of events which
occur when applications are running about which he or she wants to be notified. The list of such events may
include, for example, detection of a new virus, an error that occurred due to incorrect termination of the
database updating on a computer, or detection of a new computer on the network.
Manage licenses. This feature allows the administrator to install licenses for all installed Kaspersky Lab
applications in a centralized manner, to monitor the observance of the license agreement (that is, that the
number of applications operating in the network is less than or equal to the number of licenses) and the
expiration date.
HARDWARE AND SOFTWARE REQUIREMENTS
Administration Server
Software requirements:
Microsoft Data Access Components (MDAC) 2.8 or higher.
MSDE 2000 with installed Service Pack 3, or Microsoft SQL Server 2000 with installed Service Pack 3 or
higher, or MySQL Enterprise 5.0.32 and 5.0.70, or Microsoft SQL 2005 or higher; or Microsoft SQL Express
2005 or higher, Microsoft SQL Express 2008, Microsoft SQL 2008.
It is recommended to use Microsoft SQL 2005 with Service Pack 2, Microsoft SQL Express 2005 with
Service Pack 2 and later versions.
Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with
installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows
Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with
installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current
updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft
Windows Server 2008; Microsoft Windows Server 2008 deployed in the Server Core mode; Microsoft
Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows
Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7.
When using Microsoft Windows 2000 with Service Pack 4 installed, it is necessary to install the following
updates for Microsoft Windows before deploying Administration Server: 1) Update Rollup 1 for Windows
2000 SP4 (KB891861); 2) Security Update for Windows 2000 (KB835732).
Hardware requirements:
Intel Pentium III 800 MHz or higher;
256 MB RAM;
1GB of available disk space.
Page 13
K A S P E R S K Y AD M I N I S T R A T I O N K IT
13
Administration Console
Software requirements:
Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with
installed Service Pack 2 or higher; Microsoft Windows XP Home Edition with installed Service Pack 2 or
higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server 2003 or higher;
Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service Pack 1 or
higher, Microsoft Windows Vista x64, Microsoft Windows Vista x64 with installed Service Pack 1 and all
current updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed;
Microsoft Windows Server 2008; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all
current updates, for Microsoft Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be
installed; Microsoft Windows 7.
Microsoft Management Console 1.2 or higher.
Work with Microsoft Windows 2000 requires Microsoft Internet Explorer 6.0.
Work with Microsoft Windows 7 E Edition and Microsoft Windows 7 N Edition requires Microsoft Internet
Explorer 8.0 or higher.
Hardware requirements:
Intel Pentium III 800 MHz or higher;
256 MB RAM;
70 MB of available disk space.
Network Agent
Software requirements:
For Windows systems:
Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with
installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows
Server 2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with
installed Service Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current
updates, for Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft
Windows Server 2008; Microsoft Windows Server 2008 deployed in the Server Core mode; Microsoft
Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft Windows
Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7.
For Novell systems:
Novell NetWare 6 SP5 or higher; Novell NetWare 6.5 SP7 or higher.
For Linux systems:
The supported version of the operating system is determined by the requirement of the compatible
Kaspersky Lab application installed on the client computer.
Hardware requirements:
For Windows systems:
Intel Pentium 233 MHz or higher;
RAM size - 32 MB;
20 MB of available disk space.
Page 14
R E F E RE N C E G U I D E
14
For Novell systems:
Intel Pentium 233 MHz or higher;
RAM size - 32 MB;
Available disk space - 32 MB.
For Linux systems:
Intel Pentium® 133 MHz or higher;
RAM size - 64 MB;
100 MB of available disk space.
Update Agent
Software requirements for Windows systems:
Microsoft Windows 2000 with installed Service Pack 4 or higher; Microsoft Windows XP Professional with
installed Service Pack 2 or higher; Microsoft Windows XP Professional x64 or higher; Microsoft Windows Server
2003 or higher; Microsoft Windows Server 2003 x64 or higher; Microsoft Windows Vista with installed Service
Pack 1 or higher, Microsoft Windows Vista x64 with installed Service Pack 1 and all current updates, for
Microsoft Windows Vista x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows Server
2008; Microsoft Windows Server 2008 x64 with installed Service Pack 1 and all current updates, for Microsoft
Windows Server 2008 x64 the Microsoft Windows Installer 4.5 should be installed; Microsoft Windows 7.
Hardware requirements for Windows systems:
Intel Pentium III 800 MHz or higher;
256 MB RAM;
500 MB of available disk space.
APPLICATION STRUCTURE
Kaspersky Administration Kit includes three major components:
Administration Server (hereinafter also referred to as the Server) performs the functions of centralized storage of
information about Kaspersky Lab applications installed in the corporate network and about the management of
these applications.
Network Agent (hereinafter also referred to as the Agent) coordinates interaction between the Administration
Server and Kaspersky Lab applications installed on a specific network node (a workstation or a server). This
component supports all Windows applications included in Kaspersky Open Space Security products. Separate
versions of Network Agent exist for Kaspersky Lab's Novell and Unix applications.
Administration Console (hereinafter also referred to as the Console) provides a user interface to the
administration services of the Administration Server and Network Agent. The management module is
implemented as a snap-in for the Microsoft Management Console (MMC). The Administration Console allows
connection to the remote Administration Server via Internet.
Page 15
K A S P E R S K Y AD M I N I S T R A T I O N K IT
15
WHAT'S NEW
Changes introduced in Kaspersky Administration Kit 8.0 as compared with Kaspersky Administration Kit 6.0:
A simplified application installation mode has been introduced.
Several accounts can be specified in a remote deployment task.
The application kit now includes the distribution package of MS SQL 2005 Express: it is installed automatically if
standard setup is selected.
Support for SNMP monitoring of basic parameters of anti-virus protection in corporate LAN has been added.
The possibility of creating a standalone installation package for Kaspersky Lab applications has been added.
User interface of the product has been redesigned significantly: the results panel, reports layout, and information
panels.
Capability to collect information about the applications installed on the client computers has been added
(applications registry) (see section "Applications registry" on page 291).
System of access rights has been redesigned and extended.
Support for Microsoft NAP has been added.
The possibility of switching mobile clients between administration servers has been added.
Criteria for switching clients between the mobile and regular policies have been extended.
Capabilities for automatic relocation of computers to administration groups have been extended (see section
"General guidelines for relocation of computers" on page 53).
Capability to create the administration groups based on Active Directory has been added (see section "Group
structure based on Active Directory" on page 69).
New reports and the capability to create custom reporting systems have been added, and information displayed
in reports has been extended (see section "Reports and notifications" on page 189).
The possibility of exporting reports to PDF and XML (Excel) formats has been added.
The possibility of collecting detailed data during the creation of summary reports has been added.
Data caching functionality for generation of summary reports including information from slave Administration
Servers has been implemented.
Support for two sets of columns in the Administration Console has been added, and the set of columns has
been extended.
New columns for the list of computers have been added: "Restart", "Status description", "Network Agent
version", "Protection version", "Database version", and "Turn-on time".
New criteria have been added which are used to create computer statuses (see section "Statuses of computers,
tasks and policies" on page 340).
New selections of computers created by default have been added, capability to create selections of computers
using data from the slave Administration Servers has been added (see section "Computer selections" on
page 230).
Capability to maintain a list of administrator comments has been added (see section "Viewing client system
information" on page 154).
Page 16
R E F E RE N C E G U I D E
16
Capability to view the current user sessions on a computer and user contact information has been added (see
section "Viewing client system information" on page 154).
Graphical interface for the klbackup utility has been added (see section "Data backup" on page 318).
Files of policies and group tasks are distributed using multi-address IP delivery (see section "Creating the list of
Update Agents and configuring the agents" on page 270).
Wake On LAN functionality is available for clients in subnetworks other than the Administration Server subnet
and in the event of manual task launch (see section "Turning on the client computer" on page 164).
Restart settings for client computers can be specified in the properties of a remote deployment task.
Functionality for limiting the notifications sent within a specified time interval has been modified. Now the
limitations are separate for each individual type of events (see section "Notification limit" on page 214).
Functionality for searching for groups and slave Administration Servers by Server hierarchy has been added
(see section "Search" on page 306).
The Update Agents Statistics has been extended.
The task for removal of external applications can now remove several applications at once.
Utility has been developed for preparation of computers included in a workgroup for remote deployment.
Functionality for retrieval of updates necessary for an application immediately after the creation of its installation
package has been implemented.
When downloading updates, programs already connected to slave Administration Servers are taken into
account.
Classification of possible errors returned by the application deployment subsystem has been introduced and
guidelines for troubleshooting typical problems have been added.
A mechanism for automatic application of update modules of the administration system components has been
added.
Page 17
17
LAUNCHING THE APPLICATION
To open the application,
select the Kaspersky Administration Kit in the Kaspersky Administration Kit program group on the standard
Start Programs menu. This program group is created only on the administrator's workstation, when the
Administration Console is installed.
Page 18
18
QUICK START WIZARD
IN THIS SECTION
Step 1. Adding a license .................................................................................................................................................. 18
Step 2. Network Discovery .............................................................................................................................................. 21
Step 3. Configuring notification settings .......................................................................................................................... 22
Step 4. Configuring anti-virus protection .......................................................................................................................... 22
Step 5. Downloading updates .......................................................................................................................................... 24
Step 6. Completing the wizard ......................................................................................................................................... 25
The Wizard can configure the minimum settings for centralized management of anti-virus protection.
The wizard opens at the first connection to an Administration Server established after installation.
STEP 1. ADDING A LICENSE
During this stage, the method of adding a license for the applications (see the figure below) that will be managed by the
administrator using Kaspersky Administration Kit should be selected.
Select the method of adding a license:
Figure 1. Selecting the method of adding a license
Page 19
Q U I C K S T A R T W I Z A R D
19
Enter activation code – you will be asked to specify the code obtained when you purchased a commercial
version of the application (see the figure below).
Figure 2. Entering the activation code
If you wish to automatically apply the license to the computers in the administration groups, check the box in the
corresponding field.
Page 20
R E F E RE N C E G U I D E
20
Load from key file – you will be asked to specify the key file (see the figure below).
Figure 3. Selecting the key file
If you wish to automatically apply the license to the computers in the administration groups, check the box in the
corresponding field.
Add license later. A license can be installed later using the license installation task (see section "Installing a
license" on page 281).
Page 21
Q U I C K S T A R T W I Z A R D
21
STEP 2. NETWORK DISCOVERY
During this stage the computer network is polled, and computers within this network are identified (see the figure below).
Based on the results of this scan, a service group Unassigned computers is formed together with its Domains, Active
Directory and IP subnets subfolders. The information obtained will be used to automatically create the administration
groups.
Figure 4. The Quick Start Wizard window. Network Discovery
To view the structure of the computer network, use the Detected computers link. Click the View Kaspersky
Administration Kit introduction link to view the description of the main features offered by Kaspersky Administration
Kit.
Page 22
R E F E RE N C E G U I D E
22
STEP 3. CONFIGURING NOTIFICATION SETTINGS
During the next stage you will have to configure the settings for delivery of email notifications generated by Kaspersky
Lab applications.
Figure 5. Configuring delivery of notifications
If the SMTP server uses authorization, check the Use ESMTP authorization box and fill in the User name, Password
and Confirm password fields. These settings will be used as the default settings for application policies.
To check the correctness of the specified settings, press the Test button. This will open a test notification sending
window. In the event of errors, detailed error information will be displayed in it.
STEP 4. CONFIGURING ANTI-VIRUS PROTECTION
During this stage, you should configure the anti-virus protection system (see the figure below).
The Quick Start Wizard creates an anti-virus protection system for the client computers within administration groups,
using Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. In this case, the Administration Server creates a policy
and defines a minimum set of tasks for the highest hierarchy level of Kaspersky Anti-Virus 6.0 for Windows Workstations
MP4, as well as downloading updates and data backup.
The objects created by the Wizard are displayed in the console tree:
the policies for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows
Servers MP4 – in the Policies folder of the Managed computers group under the names Protection policy -
Windows Workstations and Protection policy - Windows Servers, and with the default settings;
the tasks for updating the anti-virus database for Kaspersky Anti-Virus for Windows Workstations and Kaspersky
Anti-Virus 6.0 for Windows Servers MP4 – in the Group tasks folder of the Managed computers group under
the names Update – Windows Servers and Update – Windows Workstations, and with the default settings;
Page 23
Q U I C K S T A R T W I Z A R D
23
on-demand scanning tasks for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for
Windows Servers MP4 – in the Group tasks folder of the Managed computers group under the names Virus
Scan – Windows Workstations and Virus Scan – Windows Servers, and with the default settings;
downloading updates to the repository – in the Kaspersky Administration Kit tasks folder under the name
Download updates to repository, and with the default settings;
the Administration Server data backup task – in the Kaspersky Administration Kit tasks folder under the
name Administration Server data backup, and with the default settings.
A policy for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 is not created if a policy for that application already
exists in the Managed computers folder. If group tasks for the Managed computers group and the Download updates
to repository with these names already exist, they are not created either.
Figure 6. Configuring anti-virus protection
The wizard window displays the process of creating the tasks and the policies. If errors occur, an error message will be
displayed on the screen.
Page 24
R E F E RE N C E G U I D E
24
STEP 5. DOWNLOADING UPDATES
During this step the wizard downloads updates to the repository by the Administration Server: the task defines the list of
files for download and downloads them (see the figure below).
Figure 7. Configuring retrieval of updates
You don't need to wait for completion of the updates retrieval task. The downloading of updates will continue using the
Download updates to the repository task (see section "Determining the updates list" on page 261).
Page 25
Q U I C K S T A R T W I Z A R D
25
STEP 6. COMPLETING THE WIZARD
When the Quick Start Wizard completes, you will be invited to start the deployment of anti-virus protection. You can use
this wizard to install the Network Agent. If you do not wish to install applications immediately after the Quick Start Wizard
completion, uncheck the Start deployment box (see the figure below).
Figure 8. Completing the Quick Start Wizard
A detailed description of how to work with the Remote Install Wizard is provided in the Deployment Guide.
Page 26
26
MANAGING ADMINISTRATION SERVERS
IN THIS SECTION
Connection to the Administration Server ................................................................ ................................ ......................... 26
The utility for selecting the Administration Server service account (klsrvswch) ............................................................... 28
Disconnecting from Server .............................................................................................................................................. 29
Switching between Servers ............................................................................................................................................. 30
Adding a Server to the console tree ................................................................................................................................ 30
Granting rights to use a Server ........................................................................................................................................ 31
Removing a Server from the console tree ....................................................................................................................... 32
Viewing and changing Administration Server settings ..................................................................................................... 33
Slave Administration Servers .......................................................................................................................................... 59
Connecting to the Administration Server via Internet ...................................................................................................... 62
The Administration Server is a computer on which the Administration Server component is installed. A corporate
network can include several such Servers. The following operations are supported for the Administration Servers:
connection / disconnection;
adding / removal from the console tree;
switching between the Administration Servers;
building an Administration Servers hierarchy;
creation and configuration of tasks for delivery of reports, updating and backup copying.
CONNECTION TO THE ADMINISTRATION SERVER
To connect to an Administration Server,
select the node corresponding to the required Administration Server in the console tree.
After this, the Administration Console tries to connect to the Administration Server. If there are several Administration
Servers on your network, the Console will connect to the server it last connected to during the previous Kaspersky
Administration Kit session. When the application is launched for the first time after installation, it is assumed that the
Administration Server and Administration Console are running on the same computer. Therefore, the Administration
Console will try to detect the Administration Server on this computer.
If the Server is not found, you will be asked to specify the Server address manually in the Connection settings dialog
box (see the figure below). Enter the required Server address in the Server address field. You can enter either the IP
address or the computer name in the Windows network.
Page 27
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
27
To connect to the Administration Server through a port that differs from the default one, enter <Server name>:<Port> in
the Server address field.
Figure 9. Connecting to the Administration Server
Press the Advanced button to show or hide the following advanced connection settings:
Use SSL connection. Check this box to transmit data between the Administration Server and Administration
Console via the Secure Sockets Layer protocol (SSL). Uncheck this box if you do not want to communicate via
SSL. However, this will lower the security of data transmissions against modification or interceptions.
Use data compression. Check this box to increase the rate of data transfer between the Administration
Console and the Server, by decreasing the amount of information being transferred and hence lowering the load
on the Administration Server.
Enabling this setting will increase the load on the central processor of the computer which is hosting the
Administration Console.
Use proxy server. Check this box if you want to connect to the Administration Server via a proxy server (see
the figure above). Enter the address for connecting to the proxy server in the Address field. Fill in the User
name and Password fields if user authorization is required to access this proxy server.
When the connection settings have been confirmed, the Administration Console verifies the user's rights to connect to the
Administration Server. If the secure connection is SSL-enabled, the Administration Console authenticates the
Administration Server before verifying user rights.
When you connect to the server for the first time, and also if the server certificate for this session differs from your local
copy, a request to connect to the server and receive a new certificate will be displayed (see the figure below). Select one
of the following:
I want to connect to the server and download the certificate from it – to connect to the Administration
Server and receive a new certificate.
I want to specify the certificate file location – specify the Server certificate manually. In that case, select the
certificate file using the Select button. The certificate file has the extension .cer, and is located in the Cert
subfolder of the Kaspersky Administration Kit program folder specified during application installation. The
Console will attempt to re-authenticate the server using the certificate you specified.
Page 28
R E F E RE N C E G U I D E
28
You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure
access settings for the Server.
Figure 10. Request to connect to the Administration Server
User rights are verified using the Windows user authentication procedure. If the user is not authorized to access the
Administration Server, i.e. he/she is not an operator (KLOperators) or administrator of Kaspersky Administration Kit
(KLAdmins), he/she will be asked to register to access the Administration Server (see the figure below). In the
corresponding form, specify a user account (name and password) which has Kaspersky Administration Kit operator or
administrator rights.
If the connection to the Administration Server has been established successfully, the structure of this Server's folders and
its settings appear in the console tree.
THE UTILITY FOR SELECTING THE ADMINISTRATION SERVER SERVICE ACCOUNT (KLSRVSWCH)
You can use this utility to specify an account for launching the Administration Server service on this computer (see the
figure below). Launch the utility and select one of the two following options:
Local System account – the Administration Server will start using the Local System account and its
credentials.
Figure 11. Registering a user to access the Administration Server
Page 29
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
29
Correct operation of Kaspersky Administration Kit requires that the account used to start the Administration
Server should have the administrator's rights on the resource where the Administration Server database is
hosted.
Specified account – the Administration Server will start using the account included in a domain. In this case the
Administration Server will initiate all operations using the credentials of that account. Use the Find now button
to select the user whose account will be used and enter the password.
If the domain user account is selected as an account for launching the Administration Server, you will be asked
to define this user and specify the password for his/her account.
Figure 12. Selecting account
When using the SQL-server in the Windows authentication mode, the user account should be provided with an access to
the database. The user account should be the owner of the Kaspersky Anti-Virus database. By default, the dbo scheme
must be used.
DISCONNECTING FROM SERVER
To disconnect from an Administration Server:
1. In the console tree, select the node corresponding to the Administration Server that should be disconnected.
2. Open the context menu.
3. Select the Disconnect from Administration Server command.
Page 30
R E F E RE N C E G U I D E
30
SWITCHING BETWEEN SERVERS
If several Administration Servers have been added to the console tree, you can switch between those servers while
working with them.
To switch to another Administration Server:
1. Select in the console tree the node under the necessary Server name.
2. Open the context menu and select the Connect to Administration Server command.
In the Connection settings window that opens, enter the name of the Server, which you intend to manage, and
specify the necessary settings for connection to the server (see section "Connecting to Server" on page 26).
If you have no Kaspersky Administration Kit operator or administrator rights, access to the Administration Server
will be denied.
3. Press the OK button to complete switching between the Servers.
If the connection to the Server has been established successfully, the contents of the corresponding node will be
updated.
ADDING A SERVER TO THE CONSOLE TREE
To add a new Administration Server to the console tree:
1. In the main Kaspersky Administration Kit application window select the Kaspersky Administration Kit node.
2. Open the context menu and select the New Administration Server command.
This will create a new node with the name Kaspersky Administration Server - <Computer name> (Not
connected) in the console tree. Use this node to connect to any other Administration Server installed on the
network.
Figure 13. Connecting to the Administration Server
Page 31
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
31
GRANTING RIGHTS TO USE A SERVER
To grant rights to work with an Administration Server:
1. In the main Kaspersky Administration Kit application window select the node corresponding to the required
Administration Server in the console tree, open its context menu and select the Properties command.
2. In the Administration Server <Computer name> Properties window that opens (see the figure below), switch
to the Security tab.
Figure 14. Granting rights to access the Administration Server
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
View Configuring interface menu and enable the option to Display security settings tabs.
The upper part of the tab contains the list of users registered on the computer hosting the Administration Console. The
lower part contains the list of possible permissions:
All: includes all permissions (see below).
Reading:
connection to the Administration Server;
viewing the structure of Administration Server folders;
Page 32
R E F E RE N C E G U I D E
32
viewing parameter values of policies and tasks;
generation of reports.
Writing:
creation of administration groups, addition of child groups and client computers to them;
creating and configuring policies, and tasks for groups and computer selections;
centralized management of applications, receiving reports about their operation using services provided by
the Administration Server, the Network Agent and the Administration Console components.
Execution: starting and stopping of existing tasks for groups, specific computers and Administration Server.
Modify access privileges: granting to users, and groups of users, access rights to the functionality of
Kaspersky Administration Kit.
Edit event log settings.
Edit notification settings.
Remote install of Kaspersky Lab applications.
Remote install of external applications: preparation of installation packages and remote installation of third-
party applications and Kaspersky Lab applications on client computers.
Edit Administration Server hierarchy settings.
Saving network lists content: copying files from the backup storage, quarantine and files for postponed
disinfection from client computers to the computer where the Administration Console is installed.
Creating tunnels: creating a tunneled connection between a computer with the installed Administration Console
and a client computer.
To assign specific rights:
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check
the All box, all the boxes in the column will automatically be checked.
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that
group. If you check the All box, all the boxes in the column will automatically be checked.
You can add a new group or a new user using the Add button. You can only add users, or groups of users,
which are registered within the domain or on the computer.
To remove a user or a group, select the corresponding object in the list and press the Remove button.
The group of Kaspersky Administration Kit administrators (KLAdmins) cannot be removed.
4. Once settings are configured, click Apply or OK.
REMOVING A SERVER FROM THE CONSOLE TREE
To remove an Administration Server from the console tree:
1. Select the node corresponding to the required Administration Server in the console tree.
Page 33
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
33
2. Open the context menu.
3. Select the Delete command.
VIEWING AND CHANGING ADMINISTRATION SERVER
SETTINGS
The links in the task pane of the Administration Server allow fast access to the following server features:
installation of anti-virus protection;
organization of administration groups;
configuration of update, protection and scanning settings;
viewing of statistics and configuration of notifications.
You can use the Administration Server properties window to view its parameters and modify them as necessary.
To open the Server properties window:
1. Select the necessary Server in the console tree.
2. Open the context menu.
3. Select the Properties command.
The window that opens contains a set of tabs, on which you can view and configure the following settings:
connection to the Administration Server (see section "Connecting to the Administration Server" on page 26);
hierarchy of Servers;
delivery of notifications (see section "Viewing and configuring policy settings" on page 85);
registration of events (see section "Viewing and configuring policy settings" on page 85);
relocation of computers (see section "General guidelines for relocation of computers" on page 53);
traffic limit for IP ranges and IP subnetworks (see section "Traffic limit" on page 59);
configuring the Virus outbreak event (see section "Tracking virus outbreaks" on page 325);
granting rights to access the Administration Server (see section "Granting rights to use a Server" on
page 31).
CONFIGURING ADMINISTRATION SERVER SETTINGS
To view the Administration Server settings:
1. Select the node corresponding to the required Administration Server in the console tree.
2. Open the context menu and select the Properties command.
This will open the <Administration Server name> Properties dialog containing the General, Events, Settings, Virus
outbreak, Traffic, Cisco NAC, Computer relocation and the Security tabs.
Page 34
R E F E RE N C E G U I D E
34
The General tab (see the figure below) contains the following information:
name of the component (Administration Server) and the computer name within the Windows network on which
this component is installed;
version number of the installed application.
Figure 15. Viewing the Administration Server properties. The General tab
Clicking the Advanced link opens a window containing the following information:
Path to the shared folder used for storing application deployment files and the updates downloaded from the
update source to the Administration Server. You can change the location of the shared folder using the
Modify button.
Page 35
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
35
The Administration Server operation statistics hyperlink is used to open the window which displays
general statistics about the Administration Server.
Figure 16. Administration Server properties. The Advanced window
Click the Information about the Administration Server plug-in link to view the plug-in properties
(see the figure below). This window displays the following information:
Name and full path to the plug-in file.
File version.
Information about the manufacturer (Kaspersky Lab) and copyright information.
Page 36
R E F E RE N C E G U I D E
36
Date and time of the management plug-in file creation.
Figure 17. The properties of the application plug-in window
Page 37
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
37
Using the Information about the plug-ins installed for the application link, you can open a window that
contains the list of plug-ins installed on the Administration Server (see the figure below). For each plug-in
the application name and plug-in versions are provided. By pressing the Information button in this window
you can view detailed information about the selected application management plug-in.
Figure 18. The list of application management plug-ins installed on the Administration Server
Clicking the Current database information link opens the current database properties window (see the
figure below) containing the following information:
name of the database server used;
name of the database service use occurrence;
Page 38
R E F E RE N C E G U I D E
38
database name.
Figure 19. Viewing information about the database
To open the settings window for Administration Servers hierarchy (see the figure below), press the Settings
button in the Administration Servers hierarchy section. In this window you can:
Specify whether this Administration Server is a slave server by checking This Administration Server
is a slave server in the server hierarchy box.
Specify the address and port of the master Administration Server in the Address field.
Specify or modify the path to the master Administration Server certificate using the Select button.
Set proxy server parameters to connect to the master Administration Server.
These settings cannot be modified if the current Administration Server policy does not have the option to
Allow hierarchy settings modification on slave servers checked.
Page 39
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
39
Figure 20. Configuring the slave Administration Server's connection to the master Administration Server
The Settings tab (see the figure below) contains the Administration Server settings. The Administration Server
connection settings group of fields contains port numbers through which the following connections are established:
Connection to the Administration Server. The default port number is 14000 but if this port is in use, you can
change it.
Secure connection to the Administration Server using SSL protocol. By default, port 13000 will be used.
Connection of mobile devices to the Administration Server. The default port number is 13292. To enable this
port on the Administration Server, check the Open port for mobile devices box.
You can also use the corresponding field to specify the maximum number of events stored in the database on
the Administration Server.
In the Computer visibility timeout (min) field of the Computer visibility on the network group, you can
specify the time during which a client computer will be considered visible in the network after it was
disconnected from the Administration Server. The default interval is 60 minutes. After the specified period
expires, the Administration Server will consider the client computer inactive. You can modify the value, if
necessary.
Page 40
R E F E RE N C E G U I D E
40
These parameters can be redefined, if necessary.
Figure 21. Viewing the Administration Server properties. The Settings tab
The Events tab (see the figure below) contains the parameters that determine the rules for handling runtime
Administration Server events.
For the Administration Server, as well as for other Kaspersky Lab applications managed via Kaspersky Administration Kit,
events can have one of the four severity levels: Critical event, Error, Warning, and Info.
The list below shows events included in each severity level:
Critical event:
The license restriction for this license has been exceeded. For example, the client computer on which the
license is installed, exceeds the restriction on the number of computers specified in it.
Virus outbreak - virus activity in administration groups exceeds the preset limit.
The response of the Administration Server to the Virus outbreak event is extremely important, especially
during virus outbreaks or increased risk of virus attacks.
Connection with client computer lost (unable to establish connection with the Network Agent installed on the
client computer).
Page 41
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
41
Host status is Critical - a computer with settings matching the status Critical has been detected within the
network.
Figure 22. Viewing the Administration Server properties. The Events tab
Error:
No free space on hard drive - there is no free space on the disk where the Administration Server saves
operational information.
The shared folder is not available - the shared folder containing updates of the anti-virus database and
application modules is unavailable.
The Administration Server information database is unavailable.
There is no space in the Administration Server information database.
An error occurred while copying updates to the specified folder.
Warning:
License restriction for the key is exceeded.
The computer has remained inactive in the network for too long.
Conflict of computer names - the uniqueness of client names within one hierarchical level is violated.
Volumes are almost full - little or no free space is left on the hard drives.
Page 42
R E F E RE N C E G U I D E
42
There is little free space in the Administration Server information database.
Host status is Warning - a computer with settings matching the Warning status has been detected within the
network.
Disconnected from the master Administration Server.
Disconnected from the slave Administration Server.
Incompatible application was installed.
Info.
The number of clients using the license is over 90% of the maximum number allowed in the license.
New computer is found - network polling has found a new client.
Client computer was automatically added to group - a new client has been automatically included in a group
in accordance with the Unassigned computers group settings.
This client computer has been inactive for too long and is removed from the group.
Connection to the slave Administration Server is established.
Connection to the master Administration Server is established.
Monitored application from the applications registry has been installed.
Updates are copied successfully to the specified folder.
Audit: Connection to the Administration Server.
Audit: Object modified.
Audit: Object status modified.
Audit: Group settings modified.
Event handling rules are defined separately for each severity level.
1. Select the event importance level from the drop-down list: Critical, Error, Warning or Info.
2. Events corresponding to the selected severity level will be displayed in the table below. The list of events is
specific to each application. For more information about events, see the application documentation. Select the
types of events to be recorded using the Shift and Ctrl keys on your keyboard. Click the Select All button to
select all event types.
3. Then click the Properties button for the selected event types.
4. To record event information in event logs, check the following boxes in the Event registration section (see the
figure below):
On Administration Server for (days) box to make the Administration Server log application events that
occur on all clients in the group in a centralized manner. In the field on the right, specify the number of days
during which the server will store information. When the specified period has elapsed, the entry
corresponding to this event will be deleted.
You can view event logs stored on the Administration Server through the Administration Console on the
administrator workstation. It is shown in the Events folder of the console tree.
In the event log on client computer to save information about events locally in the Windows Event Log of
each client computer.
Page 43
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
43
In the event log on Administration Server to enable centralized logging of all application events on all
clients in this group in the specified Administration Server's Windows Event Log.
The information in Windows event logs can be viewed using Displays client computer events, a standard
Windows event management tool.
Figure 23. Editing event properties
5. To enable notification about selected events, specify the notification methods by checking appropriate columns
in the Event notification section:
Notify by email.
Notify through NET SEND.
Notification using NET SEND is not available in Microsoft Windows Vista and later versions.
Notify by running executable or script.
Notify via SNMP.
Notify via SNMP is configured directly in the application working with SNMP.
Page 44
R E F E RE N C E G U I D E
44
To configure notifications, use the Settings link and in the window that opens (see the figure below) define the
settings.
Figure 24. Configuring event notifications
In the upper part of the window select the notification method that you wish to modify. If the Use Administration Server
settings box is checked, the values specified on the Notification tab under the Administration Server properties are
used by default. To modify notification settings, uncheck the Use Administration Server settings box and select the
following from the drop-down list:
Email (see the figure above). Under this option:
In the Recipient field, specify the email address of the notification recipient. Several addresses may be
entered as a list separated by commas or semicolons.
In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows
network name can be used);
In the SMTP server port field, specify the SMTP server connection port number (the default is port 25);
Page 45
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
45
The sender and subject for the message that will be delivered as a notification. To do this, press the
Properties button and in the window that opens (see the figure below), fill in the Subject field. In the lower
entry field, specify the email address which will be used as a sender's address. In the same window, enter
User name, Password, and Confirm password in the relevant fields if ESMTP authorization is being
used.
Figure 25. Configuring notification settings. Specifying the Sender and Subject
Page 46
R E F E RE N C E G U I D E
46
NET SEND (see the figure below). Under this option, use the field below to enter recipient host addresses for
network notifications. An IP address or a Windows network name may also be used. Several addresses may be
entered as a list separated by commas or semicolons. For successful notification, a messaging service
(Messenger) must be installed on the Administration Server and on all recipient computers.
Figure 26. Configuring notifications. Notification using NET SEND
Executable file to run (see the figure below). Under this option, use the Select button to select an executable
module to run when an event occurs.
Page 47
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
47
Executable environment variable names are the same as the names of placeholders used to create the
message text (see below).
Figure 27. Configuring notifications. Notification using executable files
Enter the message which will be delivered as notification in the Notification message section at the bottom of the
window (see the figure above). If the Use Administration Server settings box is checked, the message text specified
on the Notification tab of the Administration Server settings will be used by default. To modify the message, uncheck the
Use Administration Server settings box and enter a new message.
The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them
from the drop-down list accessible by clicking the button .
Event severity;
From computer;
Domain;
Event;
Event description;
Time raised;
Task name;
Application;
Page 48
R E F E RE N C E G U I D E
48
Version number;
IP-address;
IP address of the connection.
To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press
the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed
error information will be displayed in it.
Figure 28. Configuring notification settings. Sending a test notification
The message which will be delivered as a notification. To do this, create a template in the Notification text
section.
The notification text may include information about the event recorded. Enter appropriate placeholders (see
section "Viewing and configuring policy settings" on page 85), by selecting them from the drop-down list
accessible by clicking the button .
The sender and subject for the message that will be delivered as a notification. To do this, click the Settings
button and in the window that opens, enter the necessary settings (see section "Viewing and configuring policy
settings" on page 85).
These are the default policy settings used in Kaspersky Lab applications.
On the Virus outbreak tab (see the figure below) you can set the maximum number of viruses found within a certain time
interval after which new detected virus instances will be considered a Virus outbreak event. The property is important
during virus outbreak periods since it enables administrators to react in a timely manner to occurring virus outbreak
threats.
Check the desired application types:
Anti-virus for workstations and file servers.
Page 49
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
49
Perimeter defense anti-virus.
Mail system anti-virus.
Set the virus activity threshold for each application type which when exceeded will trigger a Virus outbreak event:
In the Viruses field – the number of viruses found within by the applications of that type.
In the in (min) field – time during which the specified number of viruses was detected.
Figure 29. Viewing the Administration Server properties. The Virus outbreak tab
Page 50
R E F E RE N C E G U I D E
50
Click the Configure policies to activate on "Virus outbreak" event link to open the Policy activation window (see the
figure below), and create a list of policies to be used by applications as active policies on "Virus outbreak" event in
administration groups. To do this, use the Add or Remove buttons.
Figure 30. Configuring policies to activate on virus outbreak
Page 51
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
51
The Security tab is used (see the figure below) to configure the rights to access the Administration Server (see section
"Granting rights to use a Server" on page 31).
Figure 31. Granting rights to access the Administration Server
Page 52
R E F E RE N C E G U I D E
52
The Cisco NAC tab (see the figure below) contains parameters required for the integration of Kaspersky Administration
Kit and Cisco Network Admission Control (NAC). This provides a mapping between client antivirus protection conditions
and Cisco NAC statuses.
Figure 32. Viewing the Administration Server properties. The Cisco NAC tab
This tab does not appear if the Kaspersky Lab Cisco NAC Posture Validation Server component was not installed
together with the Administration Server (for details please refer to the Kaspersky Administration Kit Deployment Guide).
In the upper field select one of the Cisco NAC statuses: Healthy, Checkup, Quarantine or Infected. The table below
contains the anti-virus protection conditions which are mapped to the above statuses using checkboxes. Threshold
values may be modified for some conditions. Select a condition in the Condition column and use the Modify button to
open an editing window (see the figure below). Define the necessary settings in this window in the Value field.
Page 53
M A N A G I NG A D M I N I S T R A T I O N S E R V E R S
53
In the PVS port number field specify the number of the policy server port (Posture Validation Server) used to exchange
data with the Cisco server. The default port number is 18000.
Figure 33. Editing computer antivirus protection status selection conditions
GENERAL GUIDELINES FOR RELOCATION OF COMPUTERS
You can use the Computer relocation tab (see the figure below) to specify the rules for relocation of network computers
to specified administration groups.
Page 54
R E F E RE N C E G U I D E
54
The order of rules in the Computer relocation rule list section determines a rule's application priority. To delete or move
a rule in the list, use the corresponding buttons to the right.
Figure 34. The Administration Server properties window. The Computer relocation tab
To review or modify the settings of an existing rule, press the Properties button.
Page 55
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
55
To add a rule, press the Add button. Use the displayed window (see the figure below) to enter the following rule settings:
Figure 35. The properties window of a rule for computer relocation. The General tab
On the General tab specify:
name of the rule;
group to which computers will be moved in accordance with the rule;
rule application order:
Run once for each computer, if the rule must be applied to each host only once.
Run once for each computer then at every Network Agent install on computer.
Rule works permanently.
If computers already included in administration groups must not be relocated to other groups in accordance with
the rule, check the Move only computers not added to administration groups box.
To apply a rule during the operation, check the Enable rule box.
Use the Network tab to specify the criteria that a computer must comply with to be relocated to the selected
administration group:
Computer name in the Windows network.
Domain.
Page 56
R E F E RE N C E G U I D E
56
Computer domain name.
DNS domain.
If a computer IP address must be within a certain IP range, check the IP address range box and specify the
upper and lower values of the range.
If IP address to connect to server is considered while the computer is running, check the corresponding box
and specify the upper and lower values of the range, which must include the connection IP address.
Check the Computer is in IP subnet box and press the Select button to specify the IP subnet to which the host
must belong. IP-ranges are selected from the list of ranges contained in the Unassigned computers folder of
the console tree.
Use the Active Directory tab to perform the following actions:
If a computer must belong to a specific Active Directory unit, check the Computer is located in Active
Directory organization unit box and press the Select button to select the Active Directory group. Active
Directory organization units are selected from the list of groups displayed in the Unassigned computers folder.
To process computers included in nested organization units, check the Computer is member of Active
Directory group box.
Use the Applications tab to select the following from the drop-down lists:
criteria of the presence of the Network Agent running on the computer: Installed or Not installed;
version of the operating system that must be installed on the computer.
For criteria, which should not be considered in a rule, uncheck their corresponding boxes and leave their fields empty.
A host will be moved to an administration group if it matches all the criteria defined in a rule.
To apply created rules, press OK.
If you wish to forcibly apply the rule, irrespective of the applied rules, select the necessary rule and press the Force
button.
If several rules described above apply to the same computer, the top priority will belong to the Active Directory group rule,
then the rule for IP subnets will follow, and then the domain rule.
COMPATIBILITY WITH CISCO NETWORK ADMISSION CONTROL (NAC)
Kaspersky Administration Kit allows the administrator to associate the conditions of computer anti-virus protection and
the security statuses assigned by Cisco Network Admission Control (NAC).
Page 57
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
57
To ensure that the corresponding status is assigned to the client computer:
1. Select the Administration Server in the console tree and select Properties from its context menu. This will open
the Server settings configuration window. Switch to the Cisco NAC tab (see the figure below).
Figure 36. The Cisco NAC tab
2. Select a Cisco NAC host state from the drop-down list: Healthy, Checkup, Quarantine or Infected.
3. Check the necessary boxes in the table below to select the anti-virus protection conditions that are mapped to
the above statuses.
The Healthy status is only assigned if all the selected conditions are met; the Checkup, Quarantine or Infected
statuses apply if at least one of the selected conditions is fulfilled. Threshold values may be modified for some
conditions. Select a condition in the Condition column and use the Modify button to open an editing window
(see the figure below).
Figure 37. The Edit condition window
Page 58
R E F E RE N C E G U I D E
58
4. Use the PVS port number field to set the Posture Validation Server port used for communication with the Cisco
server. The default port number is 18000.
5. Click Apply or OK to complete the configuration.
CONFIGURING INTEGRATION WITH CISCO NETWORK ADMISSION CONTROL (NAC)
To configure a mapping between Cisco NAC statuses and anti-virus protection conditions:
1. Select in the console tree the node corresponding to the necessary Administration Server, open the context
menu and use the Properties command. This will open the Administration Server <server name> Properties
dialog window.
2. Open the Cisco NAC tab (see the figure below).
3. In the upper field, select one of the Cisco NAC statuses: Healthy, Checkup, Quarantine or Infected.
4. Check the anti-virus protection conditions mapping by the status in question. If necessary, change the threshold
values for conditions (see section "Viewing and configuring policy settings" on page 85).
5. In the PVS port number field specify the port of the policy server (Posture Validation Server) used to exchange
data with the Cisco server.
Figure 38. Viewing the Administration Server properties. The Cisco NAC tab
Page 59
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
59
TRAFFIC LIMIT
To decrease the network load, you can restrict the rate of data transfer to an Administration Server for individual IP
subnets and IP ranges. Maximum allowed data transfer rates and the interval for which they should apply are specified in
rules. The rules are listed in the Traffic tab of the Administration Server properties window.
To add a rule, press the Add button and use the displayed window to specify its parameters:
1. In the IP address range to limit traffic section select the method used to define a subnet or range:
Specify range as address and network mask and enter the subnet parameters in the Subnet address
and Subnet mask fields.
Specify IP range as start and end addresses and enter the range boundaries in the Start and End fields.
2. Use the Traffic limit section to specify:
Borders of the time interval during which the traffic limitation will be enabled in the Time period field.
Maximum value of the data transfer rate for information upload to Administration Server in the Limit (KB/s);
the limitation will be enabled during the time interval specified in the Time period field.
Maximum value of the data transfer rate during time other than the period defined in the Traffic limit the
remainder of the time (KB/s) field, if traffic intensity must be restricted all the time.
When the rule settings have been edited, the rule appears in the list. The name of the rule is generated automatically
based on the data that defines the range of IP addresses.
If the limits of the IP range, addresses or subnet mask in the rule properties are modified, the rule name in the list
changes in accordance with the new values.
To delete a rule, select it in the list and press the Remove button.
To view or modify the settings of an existing rule, select it in the list and press the Properties button.
SLAVE ADMINISTRATION SERVERS
Administration Servers can be arranged a "master server – slave server" type hierarchy. Each Administration Server can
have several slave Administration Servers on different nesting levels. The nesting level for slave servers is not limited.
The administration groups of the master Server will then include the contents of the administration groups of all slave
Servers.
ADDING A SLAVE SERVER
To add a slave Administration Server:
1. Select in the administration group the Administration Servers node, open the context menu and select the
New Administration Server command. A wizard will start. Follow the wizard's instructions.
2. Specify the network address of the slave Administration Server. In this case, the master Administration Server
will connect to the slave Server and transfer all properties, including the network address of the master
Administration Server and certificate of the master Administration Server.
3. In the next window of the wizard, specify the name of the slave Administration Server. The new Administration
Server will be displayed under this name in the administration group. The name must be unique within one level
of the hierarchy.
Page 60
R E F E RE N C E G U I D E
60
If you specified the Server address during the previous step, the Slave Administration Server display name
field will contain the following value: Administration Server <computer name>, where <computer name>
stands for the name of the host specified in the address, which must be added as a slave Server.
4. If you have not defined the slave Administration Server address earlier, use the Select button to specify the path
to the Administration Server certificate.
5. If you have previously specified the slave Server's address, specify the settings for connecting the slave
Administration Server to the master Server.
Specify the address of the master Administration Server. You can use either its IP address or the
computer's name in the Windows network as the computer's address.
If a proxy server is used for connection, configure the connection settings in the Proxy server settings
group of fields.
Check the Use proxy server box. Enter the proxy server address in the Address field. Fill in the fields
User name, Password and Confirm password if user authentication is required to access the proxy
server.
If the address of the slave server has not been specified, this step will be skipped.
6. Please wait until the following operations have been completed:
Connection of the Administration Console to the slave Server.
Information about the slave Server is added to the master Administration Server's database.
If you have defined the slave Administration Server address earlier, enter in the displayed prompt the
information of an account (user name and password) that is authorized to connect to the computer, which
you plan to use as a slave Server.
The settings used to connect the slave Administration Server to the master Server are configured.
If the slave Server's address has not been specified, you will have to perform the following actions manually
after the wizard completes:
connect the Administration Console to the slave Server;
configure the connection between the slave Administration Server and the master Server.
7. Press the Next button. The progress of the action will be displayed in the wizard window. If errors occur, an
error message will be displayed.
8. In the last wizard window press the Finish button.
When the wizard completes, the master Administration Server will add information about the slave Server to its database.
The icon and the name of the slave Server will appear in the Administration Servers folder within the corresponding
administration group.
CONFIGURING THE CONNECTION OF THE SLAVE SERVER TO THE
MASTER SERVER
To configure the connection of a slave Server to the master Administration Server:
1. Add the slave Administration Server to the console tree (see section "Adding a Server to the console tree", on
page 30) as a managed Administration Server.
2. Select the Administration Server and use the Properties command of the context menu to open its properties
window.
Page 61
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
61
3. In the Administration Server <Computer name> Properties window that opens, on the General tab, click on
the Advanced link. In the window that opens press the Settings button in the Administration Servers
hierarchy section.
4. In the next Master Administration Server settings window that opens (see the figure below), check the box
This Administration Server is a slave server in the server hierarchy.
Then in the block of parameters below specify:
Address of the master Administration Server. You can use either its IP address or the computer's name in
the Windows network as the computer's address.
Certificate of the master Administration Server. The path to the certificate file can be specified using the
Select button.
If you are connecting via a proxy server, check the Use proxy server box. Enter the address for connecting to
the proxy server in the Address field. Fill in the fields User name, Password and Confirm password if user
authentication is required to access the proxy server.
5. To confirm the settings, press the OK or Apply button.
As a result, the slave Administration Server will connect to the master Server and will receive from it all the policies and
tasks for the group to which the slave Server now belongs. You can then connect to the slave Server via the master
Server from the Administration Server node.
Figure 39. Configuring the slave Administration Server's connection to the master Administration Server
Page 62
R E F E RE N C E G U I D E
62
VIEWING ADMINISTRATION GROUPS OF A SLAVE ADMINISTRATION SERVER
To view the administration groups of a slave Administration Server via the master Server, connect the Console to the
slave server:
1. In the console tree of the master Administration Server, select the Administration Servers node in the folder of
the required group.
2. In the Administration Servers node select the required slave Server.
3. Open the context menu and select the Connect to Administration Server command.
The Administration console will reflect the structure of the administration groups of the slave Administration Server. Then
you can view the structure of the groups (see section "Viewing information about groups" on page 73).
The slave Administration Server inherits from the master Server all the group tasks and policies of the group to which it
belongs. Inherited policies and tasks are indicated on the slave Server as follows:
The icon will be displayed next to the names of the policy inherited from the master Administration Server (the
regular policy icon is ).
The settings of the inherited policy will not be accessible for changes on the slave Server on shut down.
The settings that are specified as not modifiable in the inherited policy are indicated by the "locked" icon in all
application policies on the slave Server, and use values specified in the inherited policy.
Values of the settings that are not "locked" in the inherited policy are indicated by the "unlocked" icon ( ). If the
setting is specified as modifiable in the slave Server policy, it can be changed in the application settings (see
section "Viewing and configuring policy settings" on page 85) and task settings (see section "Viewing and
changing task settings" on page 130).
The icon will be displayed next to the names of group tasks inherited from the master Administration Server
(the regular task icon is ).
The policies and tasks received by the slave Administration Server from the master Administration Server
cannot be modified.
The Administration Server tasks and the tasks for specific computers are not transferred to slave Servers.
To manage a slave Administration Server via the Console of the master Server,
add a computer on which the slave Administration Server is installed to the console tree as a new Server (see
section "Adding a slave Server" on page 59), and switch to the node corresponding to this Server.
CONNECTING TO THE ADMINISTRATION SERVER VIA INTERNET
To connect to an Administration Server via Internet, the following requirements should be satisfied:
The Administration Server in the main office should have an external IP address, and the incoming ports 13000
and 14000 should be open on it.
The external IP address of the master Administration Server should be specified during the installation of the
Network Agent to remote office computers. If an installation package is used for installation, the external IP
address is specified manually in the properties of this package on the Settings tab.
Page 63
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
63
The Network Agent should be installed on remote office computers first.
To establish a connection between a client computer and the Administration Server, the Server sends a special
packet to the Network Agent through port 15000. If port 15000 on the remote client computer is not accessible
(closed in the settings, Network Agent policies, behind a firewall or inaccessible because of network structure
peculiarities), if the administrator is fulfilling real time operations, on the General tab check the Do not
disconnect from the Administration Server box in the properties of the client computer. The real-time
operations include the following actions:
starting / stopping the application (without using the application start/stop task);
starting / stopping the local tasks;
viewing statistics on the application operation;
forcing synchronization.
After this option is enabled, wait for synchronization with the remote client computer. This box can be checked
simultaneously for up to 100 client computers.
Furthermore, the capability to send a packet from the Administration Server to the Network Agent via port 15000 can
accelerate operations such as distribution of policies, group tasks, licenses, etc.
Page 64
64
MANAGING ADMINISTRATION GROUPS
IN THIS SECTION
Adding, moving and deleting a group .............................................................................................................................. 64
Creating the structure of administration groups ............................................................................................................... 66
Viewing information about a group .................................................................................................................................. 73
Viewing and changing group settings .............................................................................................................................. 74
The Administration Server and the hosts in the corporate network (client computers) interact using the Network Agent.
This component must be installed on all computers running the Kaspersky Lab applications managed via Kaspersky
Administration Kit.
Client computers may be combined into administration groups (groups) in accordance with the corporate structure. The
following settings can be defined for client computers within a single group:
common application settings (through policies);
common operation mode of the applications (through creation of group tasks).
The administrator can create a hierarchy of Servers and groups with any nesting level if that can simplify the
management of installed applications. A single hierarchy level can include slave Administration Servers, groups and
client computers.
ADDING, MOVING AND DELETING A GROUP
To create a group:
1. In the console tree, open the Managed computers.
2. Select the folder corresponding to the group which should include the new group. If you create a group at the
highest hierarchy level, select the Managed computers folder.
3. Open the context menu and use the New Group command or the Create a subgroup link in the task pane.
4. Enter the group name in the window that opens (see the figure below) and press the OK button.
Page 65
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
65
A new subfolder with the specified name will appear in the Managed computers folder in the console tree. This new
folder will automatically contain the following nested folders: Policies, Group tasks, Administration Servers, and
Client computers. They will be filled during the definition of group policies, the creation of group tasks and the addition
of slave Administration Servers.
Figure 40. Creating a group
To change a group name:
Select the group folder in the console tree, open its context menu and select the Properties command or click the
Group properties link in the task pane. In the <Group name> Properties window that opens, rename the group
using the General tab (see the figure below).
You cannot rename the Managed computers folder because it is an in-built element of the Administration Console.
Figure 41. Viewing the group properties. The General tab
Page 66
R E F E RE N C E G U I D E
66
To move a group to another folder of the console tree:
Select the folder to move and use the standard Cut / Paste commands of the context menu or drag it with the
mouse.
To delete a group:
Select the group folder in the console tree and use the Delete command.
A group can only be deleted if it does not contain slave Servers, nested groups or client computers.
CREATING THE STRUCTURE OF ADMINISTRATION GROUPS
Kaspersky Administration Kit can create a structure of administration groups based on:
the Windows network domains and workgroups (see section "The structure of groups based on the Windows
network domains and workgroups" on page 67).
Active Directory (see section "Group structure based on Active Directory" on page 69).
the content of the text file (see section "Group structure based on the content of the text file" on page 71).
If for some reason a computer is not registered in the Unassigned computers group during the creation of a
group structure (if it is turned off or disconnected from the network), it will not be added to the logical network.
You can do this later manually.
Creating a group structure using the wizard does not disturb network integrity: new groups are added, but do not
replace the existing groups. A client computer that has already been assigned to an existing group will not be
added again because the Unassigned computers group displays computers that are not included in the logical
network.
Page 67
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
67
THE STRUCTURE OF GROUPS BASED ON THE WINDOWS NETWORK
DOMAINS AND WORKGROUPS
To create a structure of administration groups based on the Windows network domains and workgroups:
1. Open the context menu of the Managed computers folder and select All tasks Create groups structure.
This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 42. Group structure creation wizard
2. In the window that opens, select Microsoft Windows Domains and Workgroups (see the figure below).
Page 68
R E F E RE N C E G U I D E
68
The group structure will be created based on the information about the structure of Windows network domains
obtained during the last network polling and the Unassigned computers presented in the group. Press the
Next button.
Figure 43. Determining the group creation method
3. In the following window select the group and press the Browse button located next to the Target group field.
This will open a window that contains a hierarchy of groups created for the Administration Server. To select a
group from the existing groups, open the Managed computers folder. If such a group does not exist, create a
new one by pressing the Create group button and select it. The specified group will be created automatically in
the Managed computers group. Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
Page 69
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
69
GROUP STRUCTURE BASED ON ACTIVE DIRECTORY
To create a structure of administration groups based on Active Directory:
1. Open the context menu of the Managed computers folder and select All tasks Create groups structure.
This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 44. Group structure creation wizard
2. In the window that opens, select Active Directory (see the figure below).
Page 70
R E F E RE N C E G U I D E
70
The group structure will be created based on the information about the network structure of Active Directory
units obtained during the last polling of the network and the Unassigned computers presented in the group.
Press the Next button.
Figure 45. Determining the group creation method
3. In the following window select the group and press the Browse button located next to the Target group field.
This will open a window that contains a hierarchy of groups created for the Administration Server. To select a
group from the existing groups, open the Managed computers folder. If such a group does not exist, create a
new one by pressing the Create group button and select it. The specified group will be created automatically in
the Managed computers group. Select the source Active Directory organization unit by pressing the Browse
button located next to the Source Active Directory organization unit field. Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
Page 71
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
71
GROUP STRUCTURE BASED ON THE CONTENT OF THE TEXT FILE
To create a group structure based on the content of the text file:
1. Open the context menu of the Managed computers folder and select All tasks Create groups structure.
This will open the group structure creating wizard (see the figure below). Press the Next button.
Figure 46. Group structure creation wizard
2. In the window that opens, select the Text file item (see the figure below).
Page 72
R E F E RE N C E G U I D E
72
The group structure will be created in accordance with the text file created by the administrator. If you select this
Example:
Office 1
Office 2
Office 3
Three groups of the first hierarchy level will be created in the target group.
Example:
option, during the next step of the wizard select a group to which the nested subgroups would be added and
specify the text file containing the group structure.
Figure 47. Determining the group creation method
3. In the next window:
Select a group and press the Browse button located next to the Target group field. This will open a
window that contains a hierarchy of groups created for the Administration Server. To select a group from the
existing groups, open the Managed computers folder. If such group does not exist, create a new one by
pressing the New group button and select it. The specified group will be created automatically in the
Managed computers group.
Specify the file based on which the hierarchy will be created for the group specified using the Target group
field. To do this, click the Browse button located next to the Text file with group names field, and select
the text file created earlier according to the following rules:
The name of each new group must begin with a new line; and the delimiter must begin with a line
break. Blank lines will be ignored during the creation of the file.
The name of the nested group should be entered using a slash (/).
Page 73
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
73
Office 1/Division 1/Department 1/Group 1
Four subgroups nested into each other will be created in the target group.
In order to create several nested groups of the same hierarchy level, you should specify the "full path to
Example:
Office 1/Division 1/Department 1
Office 1/Division 2/Department 1
Office 1/Division 3/Department 1
Office 1/Division 4/Department 1
One group of first hierarchy level Office 1 will be created in the destination group; this group will
include four nested groups of the same hierarchy level "Division 1", "Division 2", "Division 3", and
"Division 4". Each of these groups will include one more group - "Department 1".
the group".
Press the Next button.
4. In the next wizard window, press the Finish button to complete the administration group task creation.
VIEWING INFORMATION ABOUT A GROUP
To view information about the structure of a group:
1. Open the Managed computers.
2. Select the folder with the name of the required group.
A list of objects included in this group will be displayed in the results pane. You can also expand the
corresponding branch of the console tree.
To view information about group policies, select the Policies folder.
If policies have been defined for the group, they will be displayed in the console tree, otherwise the folder
will be empty.
To view information about group tasks, select the Group tasks folder.
If tasks have been defined for the group, they will be displayed in the console tree, otherwise the folder will
be empty.
To work with slave Administration Servers, select the Administration Servers folder.
To work with clusters and arrays of servers, select the Clusters and server arrays folder. This folder will
be displayed in the console tree only if the cluster is included in the logical network.
The items listed above depend on the user interface settings.
To view the list of client computers, select the Client computers folder. The list of client computers will be
displayed in the results pane.
Page 74
R E F E RE N C E G U I D E
74
Administration Console information updates automatically for objects of the console tree and information panel diagrams
only. To update the data in the results pane, use one of the following options: the F5 key, the Refresh item in the context
menu, or the Refresh link in the task pane.
VIEWING AND CHANGING GROUP SETTINGS
To view or change group settings:
1. Open the Managed computers folder in the console tree.
2. Select the necessary group.
3. Open the context menu.
4. Select the Properties command.
This will open the group properties window that contains a set of tabs, which you can use to view and change the security
options and the settings for communication with client computers; establish the procedure for interaction with the
Administration Server, and specify the set of conditions determining the computer status.
To open the group properties window, you can also click the Group properties link in the task pane.
GENERAL SETTINGS
You can view and edit the group name on the General tab (see the figure below): The name must be unique within one
level of the folder or group hierarchy.
You cannot rename the Managed computers folder because it is an in-built element of the Administration Console.
This tab also displays the following information:
Parent group: the name of the group that includes this group. For the groups at the highest hierarchy level this
field contains the name of the Administration Server associated with this group.
Contains: statistics on the group structure – the number of nested groups and total number of client computers,
including client computers in nested groups.
Created: the date when the group was created.
Modified: the date when the name or attributes of the group were last modified. If the group name and group
properties have not been modified since their creation, the value is <Unknown>.
Page 75
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
75
The Reset button in the Detected virus counter section allows you to clear the counter of detected viruses for all client
computers in a group.
Figure 48. Viewing the group properties. The General tab
Page 76
R E F E RE N C E G U I D E
76
GRANTING RIGHTS TO WORK WITH A GROUP
The Security tab (see the figure below) is intended for configuration of access to an administration group.
Figure 49. Granting rights to access the Administration Group
By default, the rights to work with a group are inherited from the Administration Server properties (see section "Granting
rights to use a Server" on page 31), where the rights to work with all objects managed by the Server are defined. To
configure individual access rights for an administration group that are different from those specified in the Administration
Server settings, uncheck the Inherit box.
The upper part of the tab contains the list of users registered on the computer hosting the Administration Console. The
lower part contains the list of possible permissions:
All: includes all permissions (see below).
Reading:
connection to the Administration Server;
viewing the structure of Administration Server folders;
viewing the values of applications' policies, tasks, and settings.
Writing:
creation of administration groups, addition of child groups and client computers to them;
Page 77
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
77
installation of the Network Agent component on client computers;
updating the version of applications installed on client computers;
creation of policies and tasks for groups and for individual computers, and configuring the application
settings;
centralized management of applications, receiving reports about their operation using services provided by
the Administration Server, the Network Agent and the Administration Console components.
Execution: starting and stopping of existing tasks for groups, specific computers and Administration Server.
Modify access privileges: granting to users, and groups of users, access rights to the functionality of
Kaspersky Administration Kit.
Edit event log settings.
Edit notification settings.
Remote install of Kaspersky Lab applications.
Remote install of external applications: preparation of installation packages and remote install of third-party
applications to the client computers.
Edit Administration Server hierarchy settings.
Saving network lists content: copying files from the backup storage, quarantine and files for postponed
disinfection from client computers to the computer where the Administration Console is installed.
Creating tunnels: creating a tunneled connection between a computer with the installed Administration Console
and a client computer.
To assign specific rights:
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check
the All box, all the boxes will automatically be checked.
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that
group. If you check the All box, all the boxes will automatically be checked.
You can add a new group or a new user using the Add button. You can add only users, or groups of users, which are
registered within the domain.
To remove a user or a group, select the corresponding object in the list and press the Remove button.
The group of Kaspersky Administration Kit administrators (KLAdmins) cannot be removed.
CONDITIONS THAT DETERMINE COMPUTER STATUS
Use the Computer status properties window of the Administration Server's policy (see the figure below) to specify
criteria for determining whether a client computer will be assigned one of the statuses, Critical or Warning. If the client
computer does not match any of the conditions listed, it will be assigned the status OK.
Threshold values may be modified for some conditions. To change the value, double click a condition in the Condition
column to open the editing window.
Page 78
R E F E RE N C E G U I D E
78
For example, you can specify the maximum number of days during which the client computer has not connected to the
Administration Server. After this period, the computer will be assigned the status Critical.
Figure 50. Configuring the client computer's status diagnostics
If the computer status is OK, then an icon will be displayed next to its name, for example in the task pane of the main
application window. If the computer has the status Warning, an amber icon will be displayed. If the computer status
has the status Critical, a red icon will be displayed.
The criteria for determining the status of the client computer are defined in the settings at the level of the parent group,
and are inherited by all administration groups. To configure individual criteria for a group, uncheck the Inherit box and
configure the settings (for the top hierarchy level the Inherit box is inactive).
Clicking the link Computer visibility on the network opens the Computer visibility window. In the Computer visibility
timeout (min) field of the window that opens, you can specify the time during which a client computer will be considered
visible in the network after it was disconnected from the Administration Server. The default interval is 60 minutes. After
the specified period expires, the Administration Server will consider the client computer inactive. If necessary, you can
modify this value in the Kaspersky Administration Kit policy settings (see section "Configuring the settings of the
Administration Server policy" on page 102).
Page 79
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
79
MONITORING OF CLIENT COMPUTER ACTIVITY
Use the Client computers properties window of the administration group (see the figure below) to specify the following
parameters:
Figure 51. The group properties window. The Client computers tab
The Client computer activity in the network section specifies how the Administration Server reacts to the
inactivity of client computers of this group:
If you wish the Kaspersky Administration Kit administrator to be notified after a period of inactivity, check the
Notify the administrator if the computer is not active for longer than (days) box and specify the
number of days in the field to the right of the box. When the period expires, the Administration Server will
perform the necessary actions.
Notification shall be performed in accordance with the settings specified in the properties of the
Administration Server (see section "Viewing and changing Administration Server settings" on page 33).
If you want inactive client computers to be deleted from the group, check the Delete the computer from
the group if it is not active for longer than (days) box and specify the number of days in the field to the
right of the box. Once the specified period has expired, the client computer will be automatically deleted
from the group and moved to the Unassigned computers group.
Specify the settings for inheriting values, specified on this tab:
Inherit from parent group –to ensure that the specified values are inherited from the group of the previous
hierarchy level. If this box is checked, the settings on the tab cannot be changed.
Page 80
R E F E RE N C E G U I D E
80
Force inheritance in child groups – to ensure that the specified values are distributed to subgroups. If this
box is checked, in the child groups properties the settings specified on the tab will be locked for
modification.
AUTOMATIC INSTALLATION OF APPLICATIONS ON CLIENT
COMPUTERS
On the Automatic installation tab you can specify which installation packages should be used for automatic remote
installation of Kaspersky Lab applications to client computers that have recently been added to the group. If a package is
used, the box corresponding to its name is selected. To prevent automatic deployment of an application, uncheck its box
next to the name of the corresponding installation package. By default, no software is automatically installed. For all
installation packages for which boxes are checked, remote deployment group tasks under the name Installation <Name
of the selected installation package> will be created. You can run these tasks manually.
To automatically install Kaspersky Lab applications on new computers running the Microsoft Windows 98 / ME operating
systems, install the Network Agent on these computers in advance.
If some installation packages of one application were selected for automatic installation, the installation task will be
created for the most recent application version only.
Figure 52. The group properties window. The Automatic installation tab
Page 81
M A N A G I N G A D M I N I S T R A T I O N G R O U P S
81
CREATING THE LIST OF UPDATE AGENTS
The Update Agents tab (see the figure below) is used to create a list of computers (see section "Creating the list of
Update Agents and configuring the agents" on page 270), which are used within a group to distribute updates, installation
packages and group tasks and policies.
Figure 53. Creating the list of Update Agents
Page 82
82
REMOTE MANAGEMENT OF APPLICATIONS
IN THIS SECTION
Managing policies ............................................................................................................................................................ 82
Local application settings .............................................................................................................................................. 110
Kaspersky Administration Kit enables remote management of the applications installed on the computers within
administration groups and corporate networks. The applications are managed via:
the creation of policies regulating the configuration of operation settings for the applications installed on client
computers;
creation and launch of tasks (see section "Managing the operation of applications" on page 115), designed for
administration groups, the Administration Server or selected computers;
configuration of local settings for the applications installed on individual network computers.
MANAGING POLICIES
Application settings on client computers are centrally configured through definition of policies.
Policies created for applications within a group appear in the corresponding folder of the console tree. The name of each
policy is preceded by an icon indicating its status (see section "Statuses of computers, tasks and policies" on page 340).
CREATING A POLICY
To create a new policy for a group:
1. In the console tree, select the group for which you want to create a policy, select the Policies subfolder, open
the context menu and use the Create Policy command, or click the Create a new policy link in the task
pane. A wizard will start. Follow the wizard's instructions.
Use the links Create a new Kaspersky Anti-Virus for Windows Workstations policy and Create a new
Kaspersky Anti-Virus for Windows Servers policy in the task pane to create the policies for the
corresponding applications. You will then not have to specify the application in the policy configuration wizard.
2. You must specify the policy name and select the application for which this policy is being created.
The policy name is assigned in a standard manner. If a policy with this name already exists, the (1) ending will
be automatically added to the end of the name of the new policy.
Page 83
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
83
Select an application from the drop-down list (see the figure below). The drop-down list includes all applications
that have their administration plug-ins installed on the administrator's workstation.
Figure 54. Selecting an application for policy creation
3. Use the displayed window (see the figure below) to specify the policy status. Select one of the following:
Active policy. The policy being created will be used as the application's current policy.
Inactive policy. The policy will be saved in the Policies folder. If required, it can be activated (see section
"Activating a policy" on page 95).
Mobile user policy. This policy will be applied after you disconnect the computer from the corporate
network. This type of policy is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.
Page 84
R E F E RE N C E G U I D E
84
Several policies can be created in a group for one application, but only one policy can be active. Activating a
new policy makes the previously active policy inactive.
Figure 55. Policy creation wizard. Activating the policy
4. Then, you must specify the general settings for the policy and edit settings for the selected application
(see the figure below). You can lock policy settings for nested groups, application settings, or task settings.
Policy settings that can be locked are marked with the icon . To lock a setting, click this icon. The icon will
change to .
A policy has a higher priority compared with the local settings only if it prohibits modification of parameters (are locked
).
When creating a policy, you can specify a minimum set of parameters required for application to run. All other
settings are set to the default values applied during the local installation of the application. You can modify the
policy by editing it (see section "Viewing and configuring policy settings" on page 85).
Page 85
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
85
For details on configuring policy settings for the applications, please refer to their corresponding documentation.
Figure 56. Creating a policy for Kaspersky Anti-Virus for Windows Workstations
1. In the last wizard window press the Finish button.
Once a policy is created, the parameters which may not be modified are applied on clients for which the policy was
created (are "locked" ).
DISPLAYING INHERITED POLICY IN THE NESTED GROUP RESULTS
PANE
To display inherited policies in the Policies folder of a child group:
1. Select the Policies folder of a nested group in the console tree.
2. Open the context menu, select View, and check the Inherited policies box.
This will display inherited policies in the console tree with the icon . You can view the inherited policies properties.
While policy inheritance is enabled, inherited policies can only be edited within the group under which they were created.
VIEWING AND CONFIGURING POLICY SETTINGS
To view group settings or modify them:
1. In the console tree, open the Policies folder of the administration group that you wish to configure.
2. Select the necessary policy.
3. Open the context menu and choose the Properties command.
Page 86
R E F E RE N C E G U I D E
86
To navigate quickly to the policy properties, select it in the console tree and use the Edit policy link in the Actions
section of the task pane.
This will open the <Policy name> properties window with several tabs in which you can configure a policy for an
application. The contents of the tabs are specific to each application, and their description is provided in the
documentation for the applications. The General, Events, and Settings policy configuration tabs are common for all
applications.
The General tab (see the figure below) contains the following policy information:
policy name;
the application for which the policy is created (for example, Kaspersky Administration Kit);
policy creation date and time;
date and time of the last policy modification;
policy status;
information about the results of policy enforcement.
You can use the tab to:
change the policy name;
view the results of policy enforcement;
Figure 57. The policy properties window
Page 87
R E M O T E M A N A G EM E N T O F A P P L I C A T I ONS
87
access and configure the additional settings by clicking the Advanced link.
The Enforcing the policy on the client computers section also contains reference information about the results of
policy application on the client computers within the selected group, indicating the number of computers:
for which the policy was defined;
where the policy was enforced;
where the policy enforcement failed.
To update the information about the results of policy enforcement, press the Refresh button.
Detailed information about the results of policy enforcement on each client is available in the window (see the figure
below) accessed by pressing the Details button. The window displays a table that has the following columns:
Computer – client name.
Domain – name of the domain to which the client belongs.
Status – the policy status, which may have one of the following values:
Modified – settings for this policy have been changed on the Administration Server, but they were not yet
synchronized with the client computer;
Finished – the policy for an application on this computer has been successfully applied;
Pending – the policy for an application on this computer has not been applied yet;
Failed – the policy for an application on this computer has failed (the computer was turned off,
disconnected, the application did not run, or was not installed, etc.).
Date – date and time when the event occurred.
Figure 58. Information about policy enforcement on clients of one group
Page 88
R E F E RE N C E G U I D E
88
Local parameters are modified automatically based on the settings selected when a policy is first applied on a client
computer.
After a policy is deleted or revoked, the application will continue working with the settings specified in the policy. The
settings may subsequently be modified manually.
Applying a policy to a large number of clients will significantly increase the load on the Administration Server and the
amount of network traffic.
To access and configure the additional policy settings, click the Advanced link.
To define policy status, in the window that opens (see the figure below) in the Policy status section, select one of the
following options:
Active policy;
Mobile user policy;
Inactive policy.
To enable inheritance, i.e. prohibit modification of "locked" policy settings in the configuration of child policies, check the
Inherit settings from parent policy box. To disable inheritance, uncheck the Inherit settings from parent policy box.
To force inheritance of settings in child policies, enable the checkbox next to the corresponding item. After changes in a
policy are applied, the following steps will be performed:
specified values will be distributed to the policies of nested administration groups, i.e. to the child policies;
the Inherit settings from parent policy box will be checked in child policies;
the values of the settings in child policies will remain "locked" until the Force inheritance of settings in child
policies box is checked.
Figure 59. Configuring additional policy settings
Page 89
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
89
The Events tab (see the figure below) represents the information on events that are fixed in the application operation.
The event types are divided into three groups according to their severity level.
Figure 60. Editing a policy. The Events tab
Immediately after the policy has been created, the values on the Events tab will match the default application settings.
The settings are specific to each Kaspersky Lab application, and more information about them is available in user guides
for each application. If necessary, you can change the policy settings.
For all Kaspersky Lab applications, events related to anti-virus protection may have the following severity levels:
Critical (e.g., virus outbreak).
Error (e.g., a shared folder is inaccessible).
Warning (e.g., a client computer has been invisible on the Windows network for a long time).
Info (e.g., a new client computer was found).
Event handling rules are defined separately for each severity level.
1. Select the event importance level from the drop-down list: Critical, Error, Warning or Info.
2. Events corresponding to the selected severity level will be displayed in the table below. The list of events is
specific to each application. For more information about events, see the application documentation. Select the
types of events to be recorded using the Shift and Ctrl keys on your keyboard. Click the Select All button to
select all event types.
3. Then click the Properties button for the selected event types.
Page 90
R E F E RE N C E G U I D E
90
4. To record event information in event logs, check the following boxes in the Event registration section
(see the figure below):
On Administration Server for (days) box to make the Administration Server log application events that
occur on all clients in the group in a centralized manner. In the field on the right, specify the number of days
during which the server will store information. When the specified period has elapsed, the entry
corresponding to this event will be deleted.
You can view event logs stored on the Administration Server through the Administration Console on the
administrator workstation. It is shown in the Events folder of the console tree.
In the event log on client computer to save information about events locally in the Windows Event Log of
each client computer.
In the event log on Administration Server to enable centralized logging of all application events on all
clients in this group in the specified Administration Server's Windows Event Log.
The information in Windows event logs can be viewed using Displays client computer events, a standard
Windows event management tool.
5. To enable notification about selected events, specify the notification methods by checking appropriate columns
in the Event notification section:
Figure 61. Editing event properties
Notify by email.
Notify through NET SEND.
Notification using NET SEND is not available in Microsoft Windows Vista and later versions.
Notify by running executable or script.
Page 91
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
91
Notify via SNMP.
Notify via SNMP is configured directly in the application working with SNMP.
To configure notifications, use the Settings link and in the window that opens (see the figure below) define the
settings.
Figure 62. Configuring event notifications
In the upper part of the window select the notification method that you wish to modify. If the Use Administration Server
settings box is checked, the values specified on the Notification tab under the Administration Server properties are
used by default. To modify notification settings, uncheck the Use Administration Server settings box and select the
following from the drop-down list:
Email (see the figure above). Under this option:
In the Recipient field, specify the email address of the notification recipient. Several addresses may be
entered as a list separated by commas or semicolons.
In the SMTP server field, specify the address of the mail server connection (an IP address or a Windows
network name can be used);
In the SMTP server port field, specify the SMTP server connection port number (the default is port 25);
Page 92
R E F E RE N C E G U I D E
92
The sender and subject for the message that will be delivered as a notification. To do this, press the
Properties button and in the window that opens (see the figure below), fill in the Subject field. In the lower
entry field, specify the email address which will be used as a sender's address. In the same window, enter
User name, Password, and Confirm password in the relevant fields if ESMTP authorization is being
used.
Figure 63. Configuring notification settings. Specifying the Sender and Subject
Page 93
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
93
NET SEND (see the figure below). Under this option, use the field below to enter recipient host addresses for
network notifications. An IP address or a Windows network name may also be used. Several addresses may be
entered as a list separated by commas or semicolons. For successful notification, a messaging service
(Messenger) must be installed on the Administration Server and on all recipient computers.
Figure 64. Configuring notifications. Notification using NET SEND
Executable file to run (see the figure below). Under this option, use the Select button to select an executable
module to run when an event occurs.
Page 94
R E F E RE N C E G U I D E
94
Executable environment variable names are the same as the names of placeholders used to create the
message text (see below).
Figure 65. Configuring notifications. Notification using executable files
Enter the message which will be delivered as notification in the Notification message section at the bottom of the
window (see the figure above). If the Use Administration Server settings box is checked, the message text specified
on the Notification tab of the Administration Server settings will be used by default. To modify the message, uncheck the
Use Administration Server settings box and enter a new message.
The notification text may include information about the event recorded. Enter appropriate placeholders by selecting them
from the drop-down list accessible by clicking the button .
Event severity;
From computer;
Domain;
Event;
Event description;
Time raised;
Task name;
Application;
Page 95
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
95
Version number;
IP-address;
IP address of the connection.
To check the correctness of the settings specified on this tab, you can send a test message manually. To do this, press
the Test button. This will open a test notification sending window (see the figure below). In the event of errors, detailed
error information will be displayed in it.
Figure 66. Configuring notification settings. Sending a test notification
ACTIVATING A POLICY
For the policy to become active:
1. Select the required policy in the console tree.
2. Open the context menu and select the Properties command or use the Edit policy link in the Actions section
of the task pane.
3. Select the General tab (see the figure below) in the <Policy name> Properties application policy configuration
window.
4. Click the Advanced link to open the advanced settings window. In the Policy status section select Active
policy.
To deactivate a policy, select Inactive policy.
Page 96
R E F E RE N C E G U I D E
96
To change the policy status quickly, use the Active policy and Inactive policy links in the task pane of the selected
policy.
Figure 67. The policy properties window
ACTIVATING A POLICY BASED ON AN EVENT
To activate a policy automatically when a certain event occurs,
in the Administration Server settings configured on the Virus outbreak the policy must be included in the
corresponding list (see section "Changing the application policy when a Virus outbreak event is registered" on
page 328).
If you activate a policy by event, you can return to the previous policy manually only.
POLICY FOR MOBILE USER
This policy type is available for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4.
To configure the enforcement of a policy when a client computer disconnects from the corporate network:
1. Select the required policy in the console tree, open its context menu and choose Properties.
Page 97
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
97
2. Select the General tab (see the figure below) in the Properties: <Policy name> application policy configuration
window.
Figure 68. The policy properties window
3. Click the Advanced link to open the additional policy settings window (see the figure below).
Figure 69. Additional policy settings window
Page 98
R E F E RE N C E G U I D E
98
4. In the Policy status section select Mobile user policy.
DELETING A POLICY
To delete a policy:
Select the necessary policy in the Policies folder within the console tree and use the Remove command from the
context menu or the Remove policy link in the task pane.
COPYING A POLICY
To copy a policy:
1. Select the Policies folder in the results pane and use the Copy command from the context menu.
2. Go to the Policies folder of the required group (or remain in the same folder) and use the Paste command from
the context menu.
An active policy becomes inactive when copied. If required, you can make this policy active (see section "Activating a
policy" on page 95).
As a result, the policy will be copied with all its settings and applied to the computers within the group into which it was
copied. If a policy with the same name exists in the folder, the _1 ending will be automatically added to its name.
CONFIGURING THE NETWORK AGENT'S POLICY
You can define the following parameters in the Settings window (see the figure below) while creating a policy for the
Network Agent:
In the Event log group use the Maximum size of event log, MB field to define maximum disk space that the
events log will be allowed to occupy.
Page 99
R E M O T E M A N A G EM E N T O F A P P L I C A T I O N S
99
In the Application uninstallation password group press the Modify button and enter the password. This
password must be specified in the task of remote uninstallation of the Network Agent.
Figure 70. Creating a Network Agent policy. The Settings window
Page 100
R E F E RE N C E G U I D E
100
In the Repositories window specify the options for the system of collecting information about the applications installed on
computers within a group and objects in repositories. To reflect the information about applications in the applications
registry (see section "Applications registry" on page 291), check the Information about installed applications box. To
display information about objects placed in repositories by applications of version 6.0 MP3, in the corresponding folders
of the Repositories folder, check the Quarantined objects and Backup objects boxes.
Figure 71. Creating a Network Agent policy. The Repositories window
In the Network window (see the figure below) you can specify the settings for connection to an Administration Server.
In the Connect to the Administration Server field specify the following:
In the Synchronization interval (min) field specify the time interval (in minutes) between attempts to
synchronize data of the client computers and the Administration Server.
Check the Use SSL connection box if you wish the connection to be secure (using SSL protocol).
Check the Compress network traffic box to increase the rate of the data transfer by the Network Agent, by
decreasing the amount of the information transferred and hence decreasing the load on the Administration
Server.
If you enable this setting, the load on the central processor of the client computer may be increased.
Loading...