Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using eDirectory Agent for Transparent User Identification > Deploying and configuring eDirectory Agent > Configuring eDirectory Agent to ignore certain user names
Configuring eDirectory Agent to ignore certain user names
Using eDirectory Agent | Web Protection Solutions | v8.4.x, v8.5.x | 29-Apr-2022
The method that some Windows services use to contact domain controllers from user machines can cause the users logged on to those machines to be misidentified. For example, problems can be caused by:
*
The internal user names (Local Service and Network Service) that Windows XP assigns for processes to use for communication with domain controllers
*
Running Systems Management Server (SMS) on a client machine.
To prevent or work around possible misidentification, configure your transparent identification agent to ignore logon names that are not associated with actual users.
1.
Use the Windows Services tool or /opt/Websense/WebsenseDaemonControl command to stop eDirectory Agent.
2.
Navigate to the bin directory (C:\Program Files\Websense\Web Security\bin or /opt/Websense/bin/, by default).
3.
Use a text editor to either create or open ignore.txt.
4.
Populate the file as follows. Place each entry on a separate line.
*
Add each user name that should be ignored on its own line. Your web protection software ignores these users, regardless of which machine they use.
*
To add a user name/machine pair, enter the user name, followed by a comma, and then the machine host name or IP address (ypark,YPARK-WS1). In this case, your web protection software ignores the specified user only on the specified machine.
*
To add a machine, enter an asterisk (*), followed by a comma, followed by the machine host name, IP address, or IP address range.
The following example shows correctly formatted entries:
anonymous logon
admin,WKSTA-NAME
*, WKSTB-NAME
*, 10.209.34.56
*, 10.203.34.1-10.203.34.255
In this example, the Windows 7 service account anonymous logon is ignored on all machines, the user name admin is ignored only when associated with machine WKSTA-NAME, and logons for WKSTB-NAME, 10.209.34.56, and the network range 10.203.34.1 to 10.203.34.255 are ignored.
With v8.5.3f and later, regular expressions are also supported as part of each of these entries.
5.
When you are finished making changes, save and close the file.
6.
Start eDirectory Agent.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using eDirectory Agent for Transparent User Identification > Deploying and configuring eDirectory Agent > Configuring eDirectory Agent to ignore certain user names
Copyright 2022 Forcepoint. All rights reserved.