You can grant access to a blocked device in offline mode only if Kaspersky Security Center is deployed in the organization and a policy has been applied to the computer. In the policy settings, in the Device Control section, the Allow request for temporary access check box must be selected.
A user requests access to a blocked device as follows:
Connect the device to the computer.
Kaspersky Endpoint Security will show a notification stating that access to the device is blocked (see the figure below).
Click the Request temporary access link.
This opens a window containing a list of connected devices.
In the list of connected devices, select the device to which you want to gain access.
Click Generate request access file.
In the Access duration field, specify the period of time for which you want to have access to the device.
Save the file to computer memory.
As a result, a request access file with the *.akey extension will be downloaded to computer memory. Use any available method to send the device request access file to the corporate LAN administrator.
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder of the Administration Console tree, open the folder with the name of the administration group to which the relevant client computer belongs.
In the workspace, select the Devices tab.
In the list of client computers, select the computer whose user needs to be granted temporary access to the blocked device.
In the context menu of the computer, select the Grant access in offline mode item.
In the window that opens, select the Device Control tab.
Click the Browse button and download the request access file received from the user.
You will see information about the blocked device to which the user has requested access.
If necessary, change the value of the Access duration setting.
By default, the Access duration setting takes the value that was indicated by the user when creating the access request file.
Specify the value of the Activate by setting.
This setting defines the time period during which the user can activate access to the blocked device by using the provided access key.
In the main window of the Web Console, select Devices → Managed devices.
In the list of client computers, select the computer whose user needs to be granted temporary access to the blocked device.
Click the ellipsis button () above the list of computers and then click the Grant access to the device in offline mode button.
In the window that opens, select the Device Control section.
Click the Browse button and download the request access file received from the user.
You will see information about the blocked device to which the user has requested access.
If necessary, change the value of the Access duration (hours) setting.
By default, the Access duration (hours) setting takes the value that was indicated by the user when creating the access request file.
Specify the time period during which the access key can be activated on the device.
This setting defines the time period during which the user can activate access to the blocked device by using the provided access key.
Save the access key file to computer memory.
As a result, the blocked device access key will be downloaded to computer memory. An access key file has the *.acode extension. Use any available method to send the blocked device access key to the user.
In the application settings window, select Security Controls → Device Control.
In the Access request block, click the Request access to device button.
In the window that opens, click the Activate access key button.
In the window that opens, select the file with the device access key received from the corporate LAN administrator.
This opens a window containing information about access provision.
Click OK.
As a result, the user receives access to the device for the time period set by the administrator. The user receives the full set of rights for accessing the device (read and write). When the key expires, access to the device will be blocked. If the user requires permanent access to the device, add the device to the trusted list.