You can manage security settings from the standpoint of device features and from the standpoint of user roles. The first approach is called device-centric security management and the second is called user-centric security management. To apply different application settings to different devices you can use either or both types of management in combination. To implement device-centric security management, you can use tools provided in Microsoft Management Console-based Administration Console or Kaspersky Security Center 11 Web Console. User-centric security management can be implemented through Kaspersky Security Center 11 Web Console only.
Device-centric security management is based on the application of different security settings to managed devices. The choice of settings depends on device-specific features, such as allocation of devices in administration groups, usage of those devices in Active Directory, or their hardware specifications.
User-centric security management is based on the application of different security settings to managed devices. The choice of settings depends on the roles of users that own those devices. For example, you may want to apply different application settings to devices of accountants and human resources (HR) specialists. As a result, when user-centric security management is implemented, accountants and HR department specialists have different rights to manage Kaspersky Lab applications.
By using user-centric security management you can apply specific application settings to individual users. This may be required when an employee has a unique role in the company or when you want to monitor security incidents related to devices of a specific person. Depending on the role of this employee in the company, you can expand or limit the rights of this person to change application settings. For example, you might want to expand the rights of a system administrator who manages client devices in a local office.
You can also combine the device-centric and user-centric security management approaches. For example, you can configure a specific application policy for each administration group, and then create policy profiles for one or several user roles of your enterprise. In this case the policies and policy profiles are applied in the following order: