Updating DC Agent permissions

Steps

  1. On the DC Agent machine, create a user account with a descriptive name, like WebDcAgent. This account exists only to provide a security context for DC Agent when it requests information from the directory service.
    • Assign the new account read/write privileges in all domains.
    • Make the account a member of the domain controller’s Event Reader group.
    • Assign the same password to this account in all domains.
    • Set the password to never expire. This account exists only to provide a security context for accessing directory objects.
    Make a note of the user name and password so that you have it when you get to step 5.
    Note: Domain administrators are not, by default, part of the Event Log Reader group.
  2. Open the Windows Services tool.
  3. Scroll to the Websense DC Agent service, right-click the service name, and then select Stop.
  4. Double-click the service name, and then select the Log On tab.
  5. Select This account, and then enter the DC Agent account name and password that you just created. Some domains require that the account name be entered in the format domain\username.
  6. On the General tab, click Start to start the service, then click OK.
  7. Close the Services tool.

Next steps

You may also need to assign the same set of administrative privileges to User Service.