Separate Administration Console installation in Kaspersky Security 9.x for Microsoft Exchange Servers
This article concerns:
- Kaspersky Security 9.6 for Microsoft Exchange Servers Maintenance Release 6 (version 126.96.36.199)
- Kaspersky Security 9.5 for Microsoft Exchange Servers Maintenance Release 5 (version 9.5.10000.64)
- Kaspersky Security 9.5 for Microsoft Exchange Servers Maintenance Release 5 (version 188.8.131.52)
The Administration Console of Kaspersky Security 9.x for Microsoft Exchange Servers can be installed separately from Security Server on any computer within the enterprise network. If several administrators are working jointly, the Administration Console can be installed on each administrator's computer.
For instructions on installing the Administration Console, see the following documentation pages:
- Kaspersky Security 9.6 for Microsoft Exchange Servers
- Kaspersky Security 9.5 for Microsoft Exchange Servers
To connect Administration Console to a remote Security Server, add the service Kaspersky Security 9.x for Microsoft Exchange Servers to the trusted application list of the firewall on the remote server, or allow RPC connections.
Privileges required for Administration Console
To ensure proper operation of the Administration Console with the remote Security Servers and profiles, the administrator must have the following privileges:
- Local Administrator privileges on the remote Security Servers to which the Administrator Console is connected.
- One of the following rights:
- Writing the configuration to the application thread in the Active Directory service CN=KasperskyLab,CN=Services,CN=Configuration,DC=<domain component>,DC=<domain component> and reading the Microsoft Exchange configuration thread.
- Rights of a Hygiene Management group member (for Microsoft Exchange Server 2010).
- Rights of an Organization Management group member (for Microsoft Exchange Server 2013).
- Writing to the application folder on the computer with the Administration Console installed.
The Administrator account under which the Administration Console is launched to connect to the remote Security Servers must not be in the Protected Users security group in the Active Directory.