Before you begin
The method that some Windows services use to contact domain controllers from user machines can cause the users logged on to those machines to be misidentified. For example, problems can
be caused by:
- The internal user names (Local Service and Network Service) that Windows XP assigns for processes to use for communication with domain controllers
- Running Systems Management Server (SMS) on a client machine.
To prevent or work around possible misidentification, configure your transparent identification agent to ignore logon names that are not associated with actual users.
Steps
-
Use the Windows Services tool or /opt/Websense/WebsenseDaemonControl command to stop eDirectory Agent.
-
Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin or / opt/Websense/bin/, by default).
-
Use a text editor to either create or open ignore.txt.
-
Populate the file as follows. Place each entry on a separate line.
- Add each user name that should be ignored on its own line. Your web protection software ignores these users, regardless of which machine they use.
- To add a user name/machine pair, enter the user name, followed by a comma, and then the machine host name or IP address (ypark,YPARK-WS1). In this case, your web
protection software ignores the specified user only on the specified machine.
- To add a machine, enter an asterisk (*), followed by a comma, followed by the machine host name, IP address, or IP address range.
The following example shows correctly formatted entries:
anonymous logon
admin,WKSTA-NAME
*, WKSTB-NAME
*, 10.209.34.56
*, 10.203.34.1-10.203.34.255
In this example, the Windows 7 service account anonymous logon is ignored on all machines, the user name admin is ignored only when associated with machine
WKSTA-NAME, and logons for WKSTB-NAME, 10.209.34.56, and the network range 10.203.34.1 to 10.203.34.255 are ignored.
With v8.5.3f and later, regular expressions are also supported as part of each of these entries.
-
When you are finished making changes, save and close the file.
-
Start eDirectory Agent.