DC Agent

DC Agent runs on Windows and detects users in a Windows network running NetBIOS or DNS networking services.

DC Agent and User Service gather network user data and send it to Filtering Service. Several variables determine the speed of data transmission, including the size of your network and the amount of existing network traffic.

To enable transparent identification with DC Agent:

Steps

  1. Install DC Agent. For more information, see the Deployment and Installation Center.

    In order to perform computer polling (to verify the logged-on user), DC Agent must run with domain admin or enterprise admin permissions. If you do not plan to use computer polling, DC Agent can run as any network user with read privileges on the domain controller.

    Note that when domain discovery is disabled, you must maintain the domain and domain controller list for each DC Agent instance manually (see The dc_config.txt file).

    To use the Event Subscriber option to detect user logon sessions in the domain, DC Agent must run as a network user in the Event Log Reader group of the domain.

    Note: Domain administrators are not, by default, part of the Event Log Reader group.
  2. Configure DC Agent to communicate with other web protection components and with domain controllers in your network (see Configuring DC Agent).
  3. Use the Forcepoint Security Manager to assign policies to users, groups, and OUs (see Adding a client).

    Your software can prompt users for identification if DC Agent is unable to identify users transparently. For more information, see Manual authentication.