Components used for DC Agent user identification

  • DC Agent monitors domain controllers and client machines for user logon information, and then provides the information to Filtering Service for use in applying policies.

    You can configure DC Agent and Filtering Service to use an authenticated connection for communication (see Configure DC Agent settings).

    A DC Agent installation includes the following files, all located in the Websense\ Web Security\bin\ folder:

    Name Functionality
    XidDcAgent.exe

    The DC Agent executable:

    • Automatically discovers domains at startup and at 24-hour intervals, by default.
    • Sends new entries to Filtering Service, when queried.
    • Uses port 30600 by default.
    • Runs as a Windows service named Websense DC Agent.
    dc_config.txt
    • Lists the domains and domain controllers in the network
    • Indicates whether DC Agent monitors each domain controller.

    New domain information is written to the file at agent startup, and every 24 hours thereafter (by default).
    XidDcAgent.bak Serves as a backup copy of the DC Agent user map. Read on agent startup.
    ignore.txt Contains list of user names, machines, and user/machine pairs for DC Agent to ignore.
  • User Service works with DC Agent to provide an up-to-date list of domains in the network and users in each domain. User Service interacts with the directory service to get group and OU information for logged-on users.
  • Filtering Service receives user logon session information from DC Agent in the form of user name/IP address pairs. When Filtering Service receives the IP address of a machine making an Internet request, it matches the address with the user name provided by DC Agent and applies the appropriate policy to the request.

    Filtering Service and DC Agent can be installed on the same machine, or on different machines.