The dc_config.txt file

DC Agent works by identifying domain controllers in the network, and then retrieving user logon session information from those domain controllers. By default, the agent automatically verifies existing domain controllers and detects new domains or domain controllers added to the network.

  • By default DC Agent retrieves information by subscribing to logon events from the domain controller at startup, and every 24 hours thereafter.
  • DC Agent can also performs domain discovery, identifying domains and domain controllers.
  • Either DC Agent or User Service can be used to perform domain discovery.

For information about configuring DC Agent to retrieve logon events and setting the discovery interval, see Configuring DC Agent.

DC Agent stores domain and domain controller information in a file called dc_config.txt.

Edit the file to change which domain controllers DC Agent polls:

Steps

  1. Go to the bin directory (by default, C:\Program Files\Websense\Web Security\bin) on the DC Agent machine.
  2. Make a backup copy of the dc_config.txt file in another location.
  3. Open the original dc_config.txt file in a text editor (like Notepad).
  4. Confirm that all of your domains and domain controllers are listed. For example:

    [WEST_DOMAIN]

    dcWEST1.forcepoint.com=on

    dcWEST2.forcepoint.com=on

    [EAST_DOMAIN]

    dcEAST1.forcepoint.com=on

    dcEAST2.forcepoint.com=on

  5. If there are domain controllers in the list that DC Agent should not poll, change the entry value from on to off. For example:

    dcEAST2.forcepoint.com=off

    • If you configure DC Agent to avoid polling an active domain controller, the agent cannot transparently identify users logging on to that domain controller.
    • If DC Agent’s automatic domain discovery has detected a domain controller that should not be used to identify users, set the entry to off, rather than removing it. Otherwise, the next discovery process will re-add the controller.
  6. If there are domain or domain controller entries missing from the list, you can add them manually. Before adding entries, on the DC Agent machine, do an nslookup on the Fully Qualified Domain Name (FQDN) to make sure that the agent can see the new domain.
  7. Save your changes and close the file.
  8. Restart the Websense DC Agent service.