Procedure to configure DC Agent settings

Steps

  1. Under Domain Discovery, mark or clear Enable automatic domain discovery to determine whether DC Agent automatically finds domains and domain controllers in your network.
  2. If domain discovery is enabled, also specify:
    • How often to discover domains (Identify domains every setting). Domain discovery occurs at 24-hour intervals, by default.

      For 8.5.3 and 8.5.4, domain discovery will be done by DC Agent.

    • (v8.5 only) Whether DC Agent or User Service is responsible for performing domain discovery.
  3. Two options are available for retrieving logon events.
    • The Event Subscriber option subscribes to logon events from the domain controller. This option is enabled by default in the transid.ini file in the web protection bin directory (C:\Program Files\Websense\Web Security\bin, by default).

      The following entries in the ini file are used to determine the full functionality of the option.

      UseEventSubscriber=on 
UserMapUpdateTime=10000 
IgnoreDNSFailure=on 
StripEmailSign=on

      See Custom configuration for a DC Agent instance, for an explanation of each variable.

      When this option is enabled, your network firewall must be configured to permit connections on port 135.

    • Enable DC Agent to query domain controllers for user logon sessions, by marking Enable domain controller polling in the Domain Controller Polling section of the DC Agent Communication box.

      You can specify which domain controllers each instance of DC Agent polls in the agent’s configuration file. See Configure domain controller polling in dc_config.txt.

      To perform domain controller polling, the DC Agent service needs only read privileges on the domain controller. Automatic domain discovery (steps 1 and 2) and computer polling (step 7) require that the service run with elevated permissions.

  4. Use the Query interval field to specify how often (in seconds) DC Agent queries domain controllers.
    Note: This value is not used when the Event Subscriber option is enabled.
    Decreasing the query interval may provide greater accuracy in capturing logon sessions, but also increases overall network traffic. Increasing the query interval decreases network traffic, but may also delay or prevent the capture of some logon sessions. The default is 10 seconds.
  5. Use the User entry timeout field to specify how frequently (in hours) DC Agent refreshes the user entries in its map. The default is 24 hours.
  6. Under Computer Polling, check Enable computer polling to enable DC Agent to query computers for user logon sessions. This may include computers that are outside the domains that the agent already queries.

    DC Agent uses WMI (Windows Management Instruction) for computer polling. If you enable computer polling, configure the Windows Firewall on client machines to allow communication on port 135.

    If DC Agent performs computer polling, the service must run with domain or enterprise admin privileges.

  7. Enter a User map verification interval to specify how often DC Agent contacts client machines to verify which users are logged on. The default is 15 minutes.

    DC Agent compares the query results with the user name/IP address pairs in the user map it sends to Filtering Service. Decreasing this interval may provide greater user map accuracy, but increases network traffic. Increasing the interval decreases network traffic, but also may decrease accuracy.

  8. Enter a User entry timeout period to specify how often DC Agent refreshes entries obtained through computer polling in its user map. The default is 1 hour.

    DC Agent removes any user name/IP address entries that are older than this timeout period, and that DC Agent cannot verify as currently logged on.

    Increasing this interval may lessen user map accuracy, because the map potentially retains old user names for a longer time.

    Note: Do not make the user entry timeout interval shorter than the user map verification interval. This could cause user names to be removed from the user map before they can be verified.
  9. Click OK to return to the User Identification page, then click OK again to cache your changes. Changes are not implemented until you click Save and Deploy.