Configuring eDirectory Agent to ignore certain user names

Before you begin

The method that some Windows services use to contact domain controllers from user machines can cause the users logged on to those machines to be misidentified. For example, problems can be caused by:

  • The internal user names (Local Service and Network Service) that Windows XP assigns for processes to use for communication with domain controllers
  • Running Systems Management Server (SMS) on a client machine.

To prevent or work around possible misidentification, configure your transparent identification agent to ignore logon names that are not associated with actual users.

Steps

  1. Use the Windows Services tool or /opt/Websense/WebsenseDaemonControl command to stop eDirectory Agent.
  2. Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin or / opt/Websense/bin/, by default).
  3. Use a text editor to either create or open ignore.txt.
  4. Populate the file as follows. Place each entry on a separate line.
    • Add each user name that should be ignored on its own line. Your web protection software ignores these users, regardless of which machine they use.
    • To add a user name/machine pair, enter the user name, followed by a comma, and then the machine host name or IP address (ypark,YPARK-WS1). In this case, your web protection software ignores the specified user only on the specified machine.
    • To add a machine, enter an asterisk (*), followed by a comma, followed by the machine host name, IP address, or IP address range.

    The following example shows correctly formatted entries:

    anonymous logon 
    admin,WKSTA-NAME
    *, WKSTB-NAME
    *, 10.209.34.56
    *, 10.203.34.1-10.203.34.255

    In this example, the Windows 7 service account anonymous logon is ignored on all machines, the user name admin is ignored only when associated with machine WKSTA-NAME, and logons for WKSTB-NAME, 10.209.34.56, and the network range 10.203.34.1 to 10.203.34.255 are ignored.

    With v8.5.3f and later, regular expressions are also supported as part of each of these entries.

  5. When you are finished making changes, save and close the file.
  6. Start eDirectory Agent.