Tagging devices and viewing assigned tags

Kaspersky Security Center allows you to tag devices. A tag is the ID of a device that can be used for grouping, describing, or finding devices. Tags assigned to devices can be used for creating selections, for finding devices, and for distributing devices among administration groups.

You can tag devices manually or automatically. Tag a device manually in the device properties; you may use manual tagging when you have to tag an individual device. Auto-tagging is performed by Administration Server in accordance with the specified tagging rules.

In the properties of an Administration Server, you can set up auto-tagging for devices managed by this Administration Server. Devices are tagged automatically when specified rules are met. An individual rule corresponds to each tag. Rules are applied to the network properties of the device, operating system, applications installed on the device, and other device properties. For example, you can set up a rule that will assign the Win tag to all devices running Windows. Then, you can use this tag when creating a device selection; this will help you sort out all devices running Windows, and assign them a task.

You can also use tags as conditions of policy profile activation on a managed device in order to apply specific policy profiles only on devices with specific tags. For example, if a device tagged as Courier appears in the Users administration group and if activation of the corresponding policy profile by the Courier tag has been enabled, then the policy created for the Users group will not be applied to this device—but the profile of the policy profile will be applied. The policy profile can allow this device to start some applications that have been blocked from running by the policy.

You can create multiple tagging rules. A single device can be assigned multiple tags if you have created multiple tagging rules and if the respective conditions of these rules are met simultaneously. You can view the list of all assigned tags in the device properties. Each tagging rule can be enabled or disabled. If a rule is enabled, it is applied to devices managed by Administration Server. If you are not using a rule currently but may need it in the future, you do not have to remove it; you can simply clear the Enable rule check box instead. In this case, the rule is disabled; it will not be executed until the Enable rule check box is selected again. You may need to disable a rule without removing it if you have to exclude the rule from the list of tagging rules temporarily and then include it again.

Automatic device tagging

You can create and edit automatic tagging rules in the Administration Server properties window.

To tag devices automatically:

1. In the console tree, select the node with the name of the Administration Server for which you have to specify tagging rules.
2. In the context menu of the Administration Server, select Properties.
3. In the Administration Server properties window, select the Tagging rules section.
4. In the Tagging rules section, click the Add button.

   The New rule window opens.

5. In the New rule window, configure the general properties of the rule:
   • Specify the rule name.

     The rule name cannot be more than 255 characters long and cannot include any special characters (such as "*<>?\:|).

   • Enable or disable the rule using the Enable rule check box.

     By default, the Enable rule check box is selected.

   • In the Tag field, enter a tag name.

     The tag name cannot be more than 255 characters long and cannot include any special characters (such as "*<>?\:|).

6. In the Conditions section, click the Add button to add a new condition, or click the Properties button to edit an existing condition.

   The New Auto-Tagging Rule Condition Wizard window opens.

7. In the Tag assignment condition window, select the check boxes for the conditions that must affect tagging. You can select multiple conditions.
8. Depending on which tagging conditions you selected, the Wizard displays the windows for setup of the corresponding conditions. Set up the triggering of the rule by the following conditions:
   • Device's use or association with a specific network—Network properties of the device, such as device name in the Windows network, and device inclusion in a domain or an IP subnet.

     If case sensitive collation is set for the database that you use for Kaspersky Security Center, keep case when you specify a device DNS name. Otherwise, the auto-tagging rule will not work.

   • Use of Active Directory—Presence of the device in an Active Directory organizational unit and membership of the device in an Active Directory group.
   • Specific applications—Presence of Network Agent on the device, operating system type, version, and architecture.
   • Virtual machines—Inclusion of the device in a specific type of virtual machines.
   • Application from the applications registry installed—Presence of applications of different vendors on the device.
9. After the condition is set up, enter a name for it, and then close the Wizard.

   If necessary, you can set multiple conditions for a single rule. In this case, the tag will be assigned to a device if it meets at least one condition. The conditions that you added will be displayed in the rule properties window.

10. Click OK in the New rule window, then click OK in the Administration Server properties window.

The newly created rules are enforced on devices managed by the selected Administration Server. If the settings of a device meet the rule conditions, the device is assigned the tag.

Viewing and configuring tags assigned to a device

You can view the list of all tags that have been assigned to a device, as well as proceed to set up automatic tagging rules in the device properties window.

To view and set up the tags that have been assigned to a device:

1. In the console tree, open the Managed devices folder.
2. In the workspace of the Managed devices folder, select the device for which you want to view the assigned tags.
3. In the context menu of the mobile device, select Properties.
4. In the device properties window, select the Tags section.

   A list of tags assigned to the selected device is displayed, as well as the way in which each of the tags were assigned: manually or by a rule.

5. If necessary, perform one of the following actions:
   • To proceed to setup of tagging rules, click the Set up auto-tagging rules link (only for Windows).
   • To rename a tag, select one and click the Rename button.
   • To remove a tag, select one and click the Remove button.
   • To add a tag manually, enter one in the field in the lower part of the Tags section and click the Add button.
6. Click the Apply button, if you have made changes to the Tags section, for your changes to take effect.
7. Click OK.

If you removed or renamed a tag in the device properties, this change will not affect the tagging rules that have been set up in the Administration Server properties. The change will only apply to the device whose properties it has been made.