15Dec/09Off
DC Agent issues
A lot of us in Technical Support are seeing DC Agent installed in non-supported configurations. (Especially for WCG and V10K installs)
- DC Agent requires to be installed on a Server that is part of the Domain
- DC Agent can be a Server that has a two way trust relation to the domain you want to transparently identify users.
- Users that are being transparently identified will have to have unique user names between the domains.
- DC Agent requires a Domain Account
- Using the “Local System” Account is not supported for DC Agent. You must use a Domain Account for DC Agent.
- This is because DC Agent needs an account with appropriate rights to be able poll the Domain Controllers to retrieve User to IP/Workstation information.
- If using a trust, you will need to have rights to domain(s) you want to transparently identify users.
- Using the “Local System” Account is not supported for DC Agent. You must use a Domain Account for DC Agent.
- DC Agent can be a Server that has a two way trust relation to the domain you want to transparently identify users.
- In most situations, we recommend that you run both DC Agent and User Service with domain administrator access rights.
- This is because these service only monitor information; they do not change anything in the domain.
- Workstation polling requires that the account used by DC Agent have local admin right to the workstation being polled. Domain Admins natively have this right.
Hotfix 42 has been released for 7.1 DC Agent. I highly recommend this hotfix be applied.
http://eval.websense.com/download/patches/WSE_7.1_Hotfix_42_DCAgent_Connection_breaking_windows.zip
Please see KB 2660 (http://kb.websense.com/article.aspx?article=2660&p=12) and the Transparent ID white papers (http://kb.websense.com/article.aspx?article=3835&p=12) for more information on DC Agent.
