Before you begin
If DC Agent is attempting to poll domain controllers that don’t exist, or if you have turned off automatic domain discovery and want to have DC Agent poll a new domain controller,
edit the dc_config.txt file to configure DC Agent behavior.
Steps
-
Go to the web protection bin directory (C:\Program Files\Websense\Web Security\bin, by default) on the DC Agent machine.
- Make a backup copy of the dc_config.txt file in another location.
- Open the original dc_config.txt file in a text editor (like Notepad).
- Confirm that all of your domains and domain controllers are listed. For example:
[WEST_DOMAIN]
dcWEST1.forcepoint.com=on
dcWEST2.forcepoint.com=on
EAST_DOMAIN]
dcEAST1.forcepoint.com=on
dcEAST2.forcepoint.com=on
If there are domain or domain controller entries missing from the list, you can add them manually. Before adding entries, run the net view /domain command on
the DC Agent machine to make sure that the agent can see the new domain.
-
If there are entries in the list that DC Agent should not poll, change the entry value from on to off. For example:
dcEAST2.forcepoint.com=off
- If you configure DC Agent to avoid polling an active domain controller, the agent cannot transparently identify users logging on to that domain controller.
- If DC Agent's automatic domain discovery has detected a domain controller that should not be used to authenticate users, set the entry to off, rather than removing it.
Otherwise, the next discovery process will re-add the controller.
-
Save your changes and close the file.
-
Use the Windows Services tool to restart the Websense DC Agent service.