Thank you for choosing our product. We hope that this document will help you in your work and will provide answers
regarding this software product.
Warning! This document is the property of Kaspersky Lab ZAO (herein also referred to as Kaspersky Lab): all rights to
this document are reserved by the copyright laws of the Russian Federation, and by international treaties. Illegal
reproduction and distribution of this document or parts hereof will result in civil, administrative or criminal liability by
applicable law.
Reproduction or distribution of any materials in any format, including translations, is allowed only with the written
permission of Kaspersky Lab ZAO.
This document, and graphic images related to it, may only be used for informational, non-commercial, and personal
purposes.
Kaspersky Lab ZAO reserves the right to amend this document without additional notification. You can find the latest
version of this document at the Kaspersky Lab website, at http://www.kaspersky.com/docs.
Kaspersky Lab ZAO shall not be liable for the content, quality, relevance, or accuracy of any materials used in this
document for which the rights are held by third parties, or for any potential or actual losses associated with the use of
these materials.
This document uses registered trademarks and service marks which are the property of their respective owners.
ABOUT THIS GUIDE ..................................................................................................................................................... 8
In this document ....................................................................................................................................................... 8
ADDITIONAL DATA SOURCES .................................................................................................................................. 10
Information sources for further research ................................ ................................................................................. 10
Discussing Kaspersky Lab applications in web forum ............................................................................................ 11
Contacting the User documentation development group ........................................................................................ 11
STARTING AND STOPPING THE APPLICATION ...................................................................................................... 12
Connection to the Administration Server ................................................................................................................ 21
The utility for selecting the Administration Server service account (klsrvswch) ...................................................... 23
Disconnecting from Server ..................................................................................................................................... 24
Switching between Servers .................................................................................................................................... 25
Adding a Server to the console tree ....................................................................................................................... 25
Granting rights to use a Server ............................................................................................................................... 26
Removing a Server from the console tree .............................................................................................................. 27
Viewing and changing Administration Server settings ............................................................................................ 28
General Administration Server settings ............................................................................................................. 28
Adding a slave Server ....................................................................................................................................... 51
Configuring the connection of the slave Server to the master Server ............................................................... 53
Viewing administration groups of a slave Administration Server ....................................................................... 54
Connecting to the Administration Server via Internet .............................................................................................. 55
MANAGING ADMINISTRATION GROUPS .................................................................................................................. 56
Adding, moving and deleting a group ..................................................................................................................... 56
Creating the structure of administration groups ...................................................................................................... 58
The structure of groups based on the Windows network domains and workgroups ......................................... 59
Group structure based on Active Directory ....................................................................................................... 61
Group structure based on the content of the text file ........................................................................................ 63
Viewing information about a group ......................................................................................................................... 65
Viewing and changing group settings ..................................................................................................................... 66
General settings ................................................................................................................................................ 66
R E F E R E N C E G U I D E
4
Granting rights to work with a group ................................................................................................................. 68
Conditions that determine computer status ....................................................................................................... 69
Monitoring of client computer activity ................................................................................................................ 70
Automatic installation of applications on client computers ................................................................................ 72
Creating the list of Update Agents .................................................................................................................... 73
REMOTE MANAGEMENT OF APPLICATIONS .......................................................................................................... 74
Creating a policy ............................................................................................................................................... 74
Displaying inherited policy in the nested group results pane ............................................................................ 77
Viewing and configuring policy settings ............................................................................................................ 77
Activating a policy ............................................................................................................................................. 82
Activating a policy based on an event ............................................................................................................... 83
Policy for mobile user ........................................................................................................................................ 83
Deleting a policy ................................................................................................................................................ 84
Copying a policy ................................................................................................................................................ 84
Configuring the Network Agent's policy ............................................................................................................. 84
Configuring the settings of the Administration Server policy ............................................................................. 88
Exporting a policy .............................................................................................................................................. 93
Importing a policy .............................................................................................................................................. 94
Tasks for specific computers ............................................................................................................................. 96
Creating a group task ........................................................................................................................................ 97
Creating an Administration Server task ........................................................................................................... 108
Creating a task for specific computers ............................................................................................................ 109
Creating a local task ....................................................................................................................................... 110
Viewing and changing task settings ................................................................................................................ 112
Displaying an inherited group task in the results pane of a nested group ....................................................... 118
Automatic operating system loading on the client computers before task execution ...................................... 118
Turning off the computer after the task execution ........................................................................................... 119
Restricting time for the task execution ............................................................................................................ 119
Exporting a task .............................................................................................................................................. 119
Importing a task .............................................................................................................................................. 120
Viewing results of the task execution stored on the Administration Server ..................................................... 122
Configuring the event filter for a group task .................................................................................................... 123
Configuring event filter for a selected computer .............................................................................................. 126
Removing a filter ............................................................................................................................................. 128
Local application settings...................................................................................................................................... 128
Adding computers to group................................................................................................................................... 133
Viewing information about a client computer ........................................................................................................ 134
C O N T E N T S
5
Viewing client system information ......................................................................................................................... 138
Administration Server change task ....................................................................................................................... 145
Turning on the client computer ........................................................................................................................ 148
Shutting down the client computer .................................................................................................................. 151
Restarting the client computer ........................................................................................................................ 154
Sending a message to the user of the client computer ......................................................................................... 158
Connecting the client computer to the Administration Server manually. The klmover.exe utility .......................... 161
Client-to-Administration Server connection check frequency................................................................................ 162
Verifying connection of the client computer to Administration Server manually. The klnagchk.exe utility ....... 162
Checking the connection between the client computer and the Administration Server using the
Launching the diagnostics and downloading the results of its operation ......................................................... 168
Starting, restarting and stopping the applications ........................................................................................... 170
REPORTS AND NOTIFICATIONS ............................................................................................................................. 172
Creating a report template .................................................................................................................................... 172
Creating a statistics page ................................................................................................................................ 176
Changing the set of statistics pages ............................................................................................................... 178
Creating an information panel ......................................................................................................................... 179
Changing the set of information panels ........................................................................................................... 183
Viewing and editing report templates .................................................................................................................... 184
Generating and viewing reports ............................................................................................................................ 190
Use NET SEND .............................................................................................................................................. 203
Notification using the executable file to run ..................................................................................................... 204
EVENT AND COMPUTER SELECTIONS .................................................................................................................. 207
Creating an event selection............................................................................................................................. 208
Customizing an event selection ...................................................................................................................... 209
Saving information about events to file ........................................................................................................... 213
Viewing and changing the settings for Windows network polling .................................................................... 226
Viewing and modifying Active Directory group properties ............................................................................... 228
Viewing and modifying the settings for IP subnet polling ................................................................................ 229
Viewing and changing domain settings ................................................................................................................ 230
Creating an IP subnet ........................................................................................................................................... 232
Viewing and modifying the IP subnet settings ...................................................................................................... 233
Viewing and modifying the Active Directory group properties ............................................................................... 236
Creating the task of downloading updates to the repository ................................................................................. 237
Adding an update source ................................................................................................................................ 240
Configuring connection to the update servers ................................................................................................. 243
Determining the updates list............................................................................................................................ 245
Configuring other update task settings ............................................................................................................ 247
Automatic distribution of updates .......................................................................................................................... 253
Automatic distribution of updates to the client computers ............................................................................... 253
Automatic distribution of updates to the slave Servers ................................................................................... 253
Automatic installation of updates to program modules .................................................................................... 253
Creating the list of Update Agents and configuring the agents ....................................................................... 254
The task of downloading updates by the Update Agents ................................................................................ 256
Viewing information about installed licenses ........................................................................................................ 259
Installing a license ................................................................................................................................................ 262
Running the license installation task creation wizard ............................................................................................ 263
Creating and viewing report on licenses ............................................................................................................... 263
Obtaining license using activation code ................................................................................................ ................ 264
Automatic distribution of license ........................................................................................................................... 265
ADDITIONAL FEATURES .......................................................................................................................................... 277
Monitoring anti-virus protection status using system registry data ........................................................................ 277
Mobile users ......................................................................................................................................................... 278
Creating a profile for the mobile users ............................................................................................................ 279
Creating the Network Agent switching rule ..................................................................................................... 282
Adding a condition to the rule.......................................................................................................................... 283
Searching for administration groups ............................................................................................................... 295
Searching for the slave Administration Servers .............................................................................................. 297
Data backup ......................................................................................................................................................... 299
Data backup task ............................................................................................................................................ 300
Data backup and restoration utility klbackup ................................................................................................... 302
REFERENCE INFORMATION ................................................................................................................................... 313
Context menu ....................................................................................................................................................... 313
Statuses of computers, tasks and policies ............................................................................................................ 321
KASPERSKY LAB ZAO ............................................................................................................................................. 327
INDEX ................................................................................................ ................................................................ ........ 328
8
ABOUT THIS GUIDE
IN THIS SECTION
In this document ................................................................................................................................................................ 8
This Guide contains the purpose of Kaspersky Administration Kit and step by step descriptions of the features it offers.
The basic concepts and general schemes for working with the application are described in the Kaspersky Administration
Kit Administrator's Guide.
IN THIS DOCUMENT
The following sections are included in the document:
Additional data sources (see page 10). The section tells you how to get information about the application apart
from the documentation included in the distribution package.
Starting and stopping the application (see page 12). The section tells you how to start Kaspersky Administration
Kit.
Quick Start Wizard (see page 13). This section describes the initial configuration steps used to build the anti-
virus protection management system using Kaspersky Administration Kit.
Managing Administration Servers (see page 21). This section contains data on operations with Administration
Server in Kaspersky Administration Kit.
Managing Administration groups (see page 56). This section presents the operating layout of Kaspersky
Administration Kit and administration groups.
Managing applications remotely (see page 74). This section describes remote application management using
Kaspersky Administration Kit.
Client computers (see page 133). The section contains information on client computer management when
working with Kaspersky Administration Kit.
Reports and notifications (see page 172). This section describes the peculiarities of managing reports and
notifications in Kaspersky Administration Kit.
Event and computer selections (see page 207). This section contains data on how to monitor anti-virus
protection system using Kaspersky Administration Kit.
Unassigned computers (see page 225). This section describes main issues related to corporate network
computers not included in administration group.
Update (see page 237). This section covers the procedures for updating the databases and program modules
managed via Kaspersky Administration Kit.
Managing licenses (see page 259). This section contains data on centralized licenses management using
Kaspersky Administration Kit services.
Repositories (see page 266). This section describes operations with objects used to monitor the status of client
computers and perform their maintenance.
A B O U T T H I S G U I D E
9
SAMPLE TEXT
DOCUMENT CONVENTIONS DESCRIPTION
Note that...
Warnings are highlighted in red and enclosed in frames. Warnings contain
important information: for example, information related to operations critical to
computer safety.
It is recommended to use...
Notes are framed in dotted-line box. Notes contain additional detail and
reference information.
Example:
...
Example blocks have a yellow background, and the heading "Example".
Update means...
New terms are italic.
ALT+F4
Names of keyboard keys are bold and are all uppercase.
Names of the keys followed by a plus sign (+) indicate a combination of keys.
Enable
Names of interface elements are bold; for example, input fields, menu
commands, and buttons.
To configure a task schedule:
Procedure headings are italic.
help
Text in the command line and text of messages displayed on the screen have a
special font.
<IP address of your computer>
Variables are enclosed in angle brackets. Instead of a variable, the
corresponding value must be entered in each case; angle brackets are omitted.
Additional features (see page 277). This section describes some additional features of Kaspersky Administration
Kit designed to extend the opportunities for centralized management of applications in computer networks.
Reference information (see page 313). This section contains reference information about the context menu
items of the Administration Console objects, results pane objects and the meaning of statuses assigned to
network objects and administration groups.
Glossary. The section enumerates the terms used in the document.
Kaspersky Lab ZAO (see page 327). The section provides information on Kaspersky Lab ZAO.
Index. Using this section, you can easily find the required data in the document.
DOCUMENT CONVENTIONS
Document conventions used in this document are described in the following table.
Table 1. Document conventions
10
ADDITIONAL DATA SOURCES
IN THIS SECTION
Information sources for further research ......................................................................................................................... 10
Discussing Kaspersky Lab applications in web forum ..................................................................................................... 11
Contacting the User documentation development group ................................................................................................ 11
If you have any questions regarding purchasing, installing or using Kaspersky Administration Kit, answers are readily
available.
Kaspersky Lab provides various sources of information about the application. You can choose the most suitable,
according to the importance and urgency of your question.
INFORMATION SOURCES FOR FURTHER RESEARCH
You can view the following sources of information about the application:
the application's page on Kaspersky Lab website;
the application's Knowledge Base page on the Technical Support Service website;
online help system;
documentation.
The application's page at the Kaspersky Lab website
http://www.kaspersky.com/administration_kit
This page provides you with general information about the application's features and options.
The application's Knowledge Base page at the Technical Support Service website
http://support.kaspersky.com/remote_adm
This page contains articles published by the experts of the Technical Support Service.
These articles contain useful information, recommendations, and the Frequently Asked Questions (FAQ) page, and
cover purchasing, installing and using Kaspersky Administration Kit. The articles are sorted by subject, such as
"Working with key files", "Updating databases" and "Troubleshooting". The articles aim to answer questions about
not only Kaspersky Administration Kit but other Kaspersky Lab products as well. They may also contain news from
the Technical Support Service.
Online help system
The application installation package includes full help files, which contain step by step descriptions of the
application's features.
To open the help file, select Kaspersky Administration Kit help system in the console Help menu.
A D D I T I O N A L D A T A S O U R C E S
11
If you have a question about a specific application window, you can use context help.
To open context-sensitive help, in the corresponding window, click the Help button or the F1 key.
Documentation
The documentation supplied with the application aims to provide all the information you will require. It includes the
following documents:
Administrator's Guide describes the purpose, basic concepts, features and general schemes for using
Kaspersky Administration Kit.
Implementation Guide contains a description of the installation procedures for the components of Kaspersky
Administration Kit as well as remote installation of applications in computer networks using simple configuration.
Getting Started provides a step by step guide to anti-virus security administrators, enabling them to start using
Kaspersky Administration Kit quickly, and to deploy Kaspersky Lab anti-virus applications across a managed
network.
Reference Guide contains an overview of Kaspersky Administration Kit, and step by step descriptions of its
features.
The documents are supplied in .pdf format in Kaspersky Administration Kit's distribution package.
You can download the documentation files from the application's page on Kaspersky Lab website.
The information about an application programming interface (API) of Kaspersky Administration Kit is contained in the
klakaut.chm file. This file is located in the installation folder of the application.
DISCUSSING KASPERSKY LAB APPLICATIONS IN WEB
FORUM
If your question does not require an immediate answer, you can discuss it with Kaspersky Lab experts and other users in
our forum at http://forum.kaspersky.com.
In this forum you can view existing topics, leave your comments, create new topics and use the search engine.
CONTACTING THE USER DOCUMENTATION DEVELOPMENT
GROUP
If you have any questions about the documentation, or you have found an error in it, or would like to leave a comment,
please contact our User documentation development group.
Click the Send feedback link located in the top right part of the window to open the computer's default mail client. In the
window that opens, the email of User documentation development group will appear (docfeedback@kaspersky.com),
with the subject line – "Kaspersky Help Feedback: Kaspersky Administration Kit". Write your comment and send the
letter without changing the subject.
12
STARTING AND STOPPING THE
APPLICATION
Kaspersky Administration Kit starts automatically when launching the Administration Server.
The Kaspersky Administration Kit can be launched by selecting Kaspersky Administration Kit from the Kaspersky
Administration Kit program group in the standard Start Programs menu. This program group is created only on
administrator's workstations during the Kaspersky Administration Console installation.
To access the functionality of Kaspersky Administration Kit the Administration Server of Kaspersky Administration Kit
must be running.
13
QUICK START WIZARD
IN THIS SECTION
Step 1. Adding a license.................................................................................................................................................. 13
Step 6. Completing the wizard ........................................................................................................................................ 20
The Wizard configuring can configure the minimum settings for centralized management of anti-virus protection.
The wizard opens at the first connection to an Administration Server established after installation.
STEP 1.ADDING A LICENSE
During this stage, the method of adding a license for the applications (see the figure below) that will be managed by the
administrator using Kaspersky Administration Kit should be selected.
Figure 1. Selecting the method of adding a license
R E F E R E N C E G U I D E
14
Select the method of adding a license:
Enter activation code – you will be asked to specify the code obtained when you purchased a commercial
version of the application (see the figure below).
Figure 2. Entering the activation code
If you wish to automatically apply the license to the computers in the administration groups, check the box in the
corresponding field.
Q U I C K S T A R T W I Z A R D
15
Load from key file – you will be asked to specify the key file (see the figure below).
Figure 3. Selecting the key file
If you wish to automatically apply the license to the computers in the administration groups, check the box in the
corresponding field.
Add license later. A license can be installed later using the license installation task (see section "Installing a
license" on page 262).
R E F E R E N C E G U I D E
16
STEP 2.NETWORK DISCOVERY
During this stage the computer network is polled, and computers within this network are identified (see the figure below).
Based on the results of this scan, a service group Unassigned computers is formed together with its Domains, Active
Directory and IP subnets subfolders. The information obtained will be used to automatically create the administration
groups.
Figure 4. The Quick Start Wizard window. Network Discovery
To view the structure of the computer network, use the View discovered computers link. Click the View Kaspersky
Administration Kit introduction link to view the description of the main features offered by Kaspersky Administration
Kit.
Q U I C K S T A R T W I Z A R D
17
STEP 3.CONFIGURING NOTIFICATION SETTINGS
During the next stage you will have to configure the settings for delivery of email notifications generated by Kaspersky
Lab applications.
Figure 5. Configuring delivery of notifications
If the SMTP server uses authorization, check the Use ESMTP authorization box and fill in the User name, Password
and Confirm password fields. These settings will be used as the default settings for application policies.
To check the correctness of the specified settings, press the Test button. This will open a test notification sending
window. In the event of errors, detailed error information will be displayed in it.
STEP 4.CONFIGURING ANTI-VIRUS PROTECTION
During this stage, you should configure the anti-virus protection system (see the figure below).
The Quick Start Wizard creates an anti-virus protection system for the client computers within administration groups,
using Kaspersky Anti-Virus 6.0 for Windows Workstations MP4. In this case, the Administration Server creates a policy
and defines a minimum set of tasks for the highest hierarchy level of Kaspersky Anti-Virus 6.0 for Windows Workstations
MP4, as well as downloading updates and data backup.
The objects created by the Wizard are displayed in the console tree:
the policies for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for Windows
Servers MP4 – in the Policies folder of the Managed computers group under the names Protection policy - Windows Workstations and Protection policy - Windows Servers, and with the default settings;
the tasks for updating the anti-virus database for Kaspersky Anti-Virus for Windows Workstations and
Kaspersky Anti-Virus 6.0 for Windows Servers MP4 – in the Group tasks folder of the Managed computers
group under the names Update – Windows Servers and Update – Windows Workstations, and with the
default settings;
R E F E R E N C E G U I D E
18
on-demand scanning tasks for Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus 6.0 for
Windows Servers MP4 – in the Group tasks folder of the Managed computers group under the names Virus Scan – Windows Workstations and Virus Scan – Windows Servers, and with the default settings;
downloading updates to the repository – in the Kaspersky Administration Kit tasks folder under the name
Download updates to repository, and with the default settings;
the Administration Server data backup task – in the Kaspersky Administration Kit tasks folder under the
name Administration Server data backup, and with the default settings.
A policy for Kaspersky Anti-Virus 6.0 for Windows Workstations MP4 is not created if a policy for that application already
exists in the Managed computers folder. If group tasks for the Managed computers group and the Download updates to repository with these names already exist, they are not created either.
The wizard window displays the process of creating the tasks and the policies. If errors occur, an error message will be
displayed on the screen.
Figure 6. Configuring anti-virus protection
Q U I C K S T A R T W I Z A R D
19
STEP 5.DOWNLOADING UPDATES
During this step the wizard downloads updates to the repository by the Administration Server: the task defines the list of
files for download and downloads them (see the figure below).
Figure 7. Configuring retrieval of updates
You don't need to wait for completion of the updates retrieval task. The downloading of updates will continue using the
Download updates to the repository task (see section "Determining the updates list" on page 245).
R E F E R E N C E G U I D E
20
STEP 6.COMPLETING THE WIZARD
When the Quick Start Wizard completes, you will be invited to start the deployment of anti-virus protection. You can use
this wizard to install the Network Agent. If you do not wish to install applications immediately after the Quick Start Wizard
completion, uncheck the Start deployment box (see the figure below).
Figure 8. Completing the Quick Start Wizard
A detailed description of how to work with the Remote Install Wizard is provided in the Implementation Guide.
21
MANAGING ADMINISTRATION SERVERS
IN THIS SECTION
Connection to the Administration Server ......................................................................................................................... 21
The utility for selecting the Administration Server service account (klsrvswch) ............................................................... 23
Disconnecting from Server .............................................................................................................................................. 24
Switching between Servers ............................................................................................................................................. 25
Adding a Server to the console tree ................................................................................................................................ 25
Granting rights to use a Server ....................................................................................................................................... 26
Removing a Server from the console tree ....................................................................................................................... 27
Viewing and changing Administration Server settings ................................................................ ..................................... 28
Connecting to the Administration Server via Internet ...................................................................................................... 55
The Administration Server is a computer on which the Administration Server component is installed. A corporate
network can include several such Servers. The following operations are supported for the Administration Servers:
connection / disconnection;
adding / removal from the console tree;
switching between the Administration Servers;
building an Administration Servers hierarchy;
creation and configuration of tasks for delivery of reports, updating and backup copying.
CONNECTION TO THE ADMINISTRATION SERVER
To connect to an Administration Server,
select the node corresponding to the required Administration Server in the console tree.
After this, the Administration Console tries to connect to the Administration Server. If there are several Administration
Servers on your network, the Console will connect to the server it last connected to during the previous Kaspersky
Administration Kit session. When the application is launched for the first time after installation, it is assumed that the
Administration Server and Administration Console are running on the same computer. Therefore, the Administration
Console will try to detect the Administration Server on this computer.
If the Server is not found, you will be asked to specify the Server address manually in the Connection settings dialog
box (see the figure below). Enter the required Server address in the Server address field. You can enter either the IP
address or the computer name in the Windows network.
R E F E R E N C E G U I D E
22
To connect to the Administration Server through a port that differs from the default one, enter <Server name>:<Port> in
the Server address field.
Figure 9. Connecting to the Administration Server
Press the Advanced button to show or hide the following advanced connection settings:
Use SSL connection. Check this box to transmit data between the Administration Server and Administration
Console via the Secure Sockets Layer protocol (SSL). Uncheck this box if you do not want to communicate via
SSL. However, this will lower the security of data transmissions against modification or interceptions.
Use data compression. Check this box to increase the rate of data transfer between the Administration
Console and the Server, by decreasing the amount of information being transferred and hence lowering the load
on the Administration Server.
Enabling this setting will increase the load on the central processor of the computer which is hosting the
Administration Console.
Use proxy server. Check this box if you want to connect to the Administration Server via a proxy server (see
the figure above). Enter the address for connecting to the proxy server in the Address field. Fill in the User name and Password fields if user authorization is required to access this proxy server.
When the connection settings have been confirmed, the Administration Console verifies the user's rights to connect to
the Administration Server. If the secure connection is SSL-enabled, the Administration Console authenticates the
Administration Server before verifying user rights.
When you connect to the server for the first time, and also if the server certificate for this session differs from your local
copy, a request to connect to the server and receive a new certificate will be displayed (see the figure below). Select one
of the following:
I want to connect to the server and download the certificate from it – to connect to the Administration
Server and receive a new certificate.
I want to specify the certificate file location – specify the Server certificate manually. In this case, select the
certificate file using the Select button. The certificate file has the extension .cer, and is located in the Cert
subfolder of the Kaspersky Administration Kit program folder specified during application installation. The
Console will attempt to re-authenticate the server using the certificate you specified.
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
23
You can copy the certificate file to a shared folder or a floppy disk. A copy of this file can be used to configure
access settings for the Server.
Figure 10. Request to connect to the Administration Server
User rights are verified using the Windows user authentication procedure. If the user is not authorized to access the
Administration Server, i.e. he/she is not an operator (KLOperators) or administrator of Kaspersky Administration Kit
(KLAdmins), he/she will be asked to register to access the Administration Server (see the figure below). In the
corresponding form, specify a user account (name and password) which has Kaspersky Administration Kit operator or
administrator rights.
Figure 11. Registering a user to access the Administration Server
If the connection to the Administration Server has been established successfully, the structure of this Server's folders and
its settings appear in the console tree.
THE UTILITY FOR SELECTING THE ADMINISTRATION
SERVER SERVICE ACCOUNT (KLSRVSWCH)
You can use this utility to specify an account for launching the Administration Server service on this computer (see the
figure below). Launch the utility and select one of the two following options:
Local System account – the Administration Server will start using the Local System account and its
credentials.
R E F E R E N C E G U I D E
24
Correct operation of Kaspersky Administration Kit requires that the account used to start the Administration
Server should have the administrator's rights on the resource where the Administration Server database is
hosted.
Specified account – the Administration Server will start using the account included in a domain. In this case
the Administration Server will initiate all operations using the credentials of that account. Use the Find now
button to select the user whose account will be used and enter the password.
If the domain user account is selected as an account for launching the Administration Server, you will be asked
to define this user and specify the password for his/her account.
Figure 12. Selecting account
When using the SQL-server in the Windows authentication mode, the user account should be provided with an access to
the database. The user account should be the owner of the Kaspersky Anti-Virus database. By default, the dbo scheme
must be used.
DISCONNECTING FROM SERVER
To disconnect from an Administration Server:
1. In the console tree, select the node corresponding to the Administration Server that should be disconnected.
2. Open the context menu.
3. Select the Disconnect from Administration Server command.
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
25
SWITCHING BETWEEN SERVERS
If several Administration Servers have been added to the console tree, you can switch between those servers while
working with them.
To switch to another Administration Server:
1. Select in the console tree the node under the necessary Server name.
2. Open the context menu and select the Connect to Administration Server command.
In the Connection settings window that opens, enter the name of the Server, which you intend to manage, and
specify the necessary settings for connection to the server (see section "Connecting to Server" on page 21).
If you have no Kaspersky Administration Kit operator or administrator rights, access to the Administration Server
will be denied.
Figure 13. Connecting to the Administration Server
3. Press the OK button to complete switching between the Servers.
If the connection to the Server has been established successfully, the contents of the corresponding node will be
updated.
ADDING A SERVER TO THE CONSOLE TREE
To add a new Administration Server to the console tree:
1. Select the Kaspersky Administration Kit node in the console tree within the main program window of
Kaspersky Administration Kit.
2. Open the context menu and select the New Administration Server command.
R E F E R E N C E G U I D E
26
This will create a new node with the name Kaspersky Administration Server - <Computer name> (Not
connected) in the console tree. Use this node to connect to any other Administration Server installed on the
network.
GRANTING RIGHTS TO USE A SERVER
To grant rights to work with an Administration Server:
1. In the main Kaspersky Administration Kit application window select the node corresponding to the required
Administration Server in the console tree, open its context menu and select the Properties command.
2. In the Administration Server <Computer name> properties window that opens (see the figure below), switch
to the Security tab.
Whether this tab is shown or hidden is determined by the user interface settings. To display the tab, navigate to the
ViewConfiguring interface menu and check the box in the Display security settings tabs string.
The upper part of the tab displays a list of users and user groups that have access to the Administration Server. The
lower part contains the list of possible permissions:
All – includes all permissions (see below).
Reading – viewing Kaspersky Administration Kit objects' properties without a permission to perform operations,
create new objects or modify the existing ones.
Figure 14. Granting rights to access the Administration Server
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
27
Writing – changing Kaspersky Administration Kit object properties, as well as creating new objects without a
right to perform operations upon objects.
Running – performing operations on Kaspersky Administration Kit objects without a right to create new objects
or modify the existing ones.
Modify access privileges – granting to users, and groups of users, access rights to the functionality of
Kaspersky Administration Kit.
Edit event log settings.
Edit notification settings.
Remote install of Kaspersky Lab applications.
Remote install of external applications – preparation of installation packages and remote install of third-party
applications and Kaspersky Lab applications to the client computers.
Edit Administration Server hierarchy settings.
Save network lists content – copy files from backup, quarantine and unprocessed files from client computers
to a computer where the Administration Console is installed.
Create tunnels – creating a tunneling connection between the computer where the Administration Console is
installed and a client computer.
To connect to the Administration Server, the user should have Read permissions.
To assign the rights for working with Server, perform the following actions:
1. Select a group of users.
2. In the Allow column check the boxes next to the permissions provided to members of that group. If you check
the All box, all the boxes in the column will automatically be checked.
3. In the Deny column check the boxes next to the permissions that must not be provided to members of that
group. If you check the All box, all the boxes in the column will automatically be checked.
You can add a new group or a new user, using the Add button. You can only add groups of users and users that are
registered on the computer with the Administration Console installed.
To remove a group or a user, select an object from the list and click the Remove button.
The group of Kaspersky Administration Kit administrators (KLAdmins) cannot be removed.
Click the Apply or OK button to apply the settings.
REMOVING A SERVER FROM THE CONSOLE TREE
To remove an Administration Server from the console tree:
1. Select the node corresponding to the required Administration Server in the console tree.
2. Open the context menu.
3. Select the Delete command.
R E F E R E N C E G U I D E
28
VIEWING AND CHANGING ADMINISTRATION SERVER
SETTINGS
The links in the task pane of the Administration Server allow fast access to the following server features:
installation of anti-virus protection;
organization of administration groups;
configuration of update, protection and scanning settings;
viewing of statistics and configuration of notifications.
You can use the Administration Server properties window to view its parameters and modify them as necessary.
To open the Server properties window:
1. Select the necessary Server in the console tree.
2. Open the context menu and select the Properties option.
The window that opens contains a set of tabs, on which you can view and modify the following Administration
Server settings:
connection to the Administration Server (see section "General Administration Server settings" on page 28);
granting rights to access the Administration Server (see section "Granting rights to use a Server" on
page 26);
registration of events (see section "Event processing settings" on page 37);
relocation of computers (see section "General guidelines for relocation of computers" on page 46);
traffic limit for IP ranges and IP subnets (see section "Traffic limit rules" on page 51);
configuring the Virus outbreak event (see section "Virus outbreak event settings" on page 44);
configuring interaction with Cisco NAC (see section "Configuring Integration with Cisco Network Admission
Control (NAC)" on page 49).
GENERAL ADMINISTRATION SERVER SETTINGS
You can configure the general Administration Server settings on the General, Settings and Security tabs.
The General tab (see the figure below) contains the following information:
name of the component (Administration Server) and the computer name within the Windows network on which
this component is installed;
M A N A G I N G A D M I N I S T R A T I O N S E R V E R S
29
version number of the installed application.
Figure 15. Viewing the Administration Server properties. The General tab
Viewing the Administration Server properties. The General tab
Clicking the Advanced link opens a window containing the following information (see the figure below):
Path to the shared folder used for storing application deployment files and the updates downloaded from
the update source to the Administration Server. You can edit the path to the shared folder using the Modify
button.
R E F E R E N C E G U I D E
30
The Administration Server operation statistics hyperlink is used to open the window which displays
general statistics about the Administration Server.
Figure 16. Administration Server properties. The Advanced window
Use the Information about the Administration Server plug-in link to open the plug-in properties window
(see the figure below). This window displays the following information:
Name and full path to the plug-in file.
File version.
Information about the manufacturer (Kaspersky Lab) and copyright information.
Loading...
+ 300 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.