Changing DC Agent, Logon Agent, and User Service permissions

Sometimes, DC Agent, Logon Agent, or User Service needs to run as an account that has permission to access the directory service.

Steps

  1. On the machine running the domain controller, create a user account such as Forcepoint. You can use an existing account, but a new account is preferable so the password can be set not to expire. No special privileges are required.

    Set the password never to expire. This account only provides a security context for accessing directory objects.

    Make note of the user name and password you establish for this account, as they must be entered in step 6 and 7.

  2. On the machine running an affected component, open the Windows Services tool.
  3. Select the appropriate service (as listed below), then click Stop.
    • Websense DC Agent
    • Websense Logon Agent
    • Websense User Service
  4. Double-click the service entry.
  5. On the Log On tab, select the This account option.
  6. Enter the user name of the account created in step 1. For example:

    DomainName\Forcepoint.

  7. Enter and confirm the Windows password for this account.
  8. Click OK to close the dialog box.
  9. Select the service in the Services tool, and then click Start.
  10. Repeat this procedure for each instance of DC Agent, Logon Agent, and User Service in the network.