Device Control and Active Directory

  • 6 July 2019
  • 6 replies

I have the same problem in KSC 11. How can I allow one AD group to read and another to read and write?

Link: https://forum.kaspersky.com/index.php?/topic/384391-device-control-users/page/2/

Example: User ABC group Read
User XPTO group Write

6 replies

Userlevel 7
Badge +7
AD groups must contain users, not devices.

Try this options
computer = yourdomain.local

I use 2 groups of users in Active Directory.


That way the read group is not working, just write.

Permission for users in "read group" does not work.
I did the above test.

for users of the ReadWrite group the permission is denied.
The group with write permission can only read.

Group with Read permission, works fine.
Userlevel 7
Badge +7
@fbr0 , did you delete the default group "Everyone"?
@fbr0 , did you delete the default group "Everyone"?

Yes. I edited my answer and inserted images.

Everyone group has been deleted.
Userlevel 7
Badge +7
@fbr0 , check both rules with "Default schedule".