How to Manually Install EUM on a Windows Domain Controller

Article Number: 000002803
2803
Products: SurfControl Web Filter
Versions: 5.5

Problem Description

How do I manually install EUM on a Windows Domain Controller?

Resolution

You can automatically install Enterprise User Monitoring (EUM) by clicking Start and selecting Programs > SurfControl Web Filter > Enterprise User Monitoring > Install Enterprise User Monitoring.

You can also manually install EUM on a Windows domain controller by completing the following four steps:

  1. Create the scua.ini file.
  2. Place the .dll file in the \Windows\systemXX directory of the boot drive.
  3. Edit the registry.
  4. Reboot the domain controller.

Note: For information on installing EUM on NT4 Domain Controllers, refer to SurfControl Knowledge Base article 1184How to Manually Install EUM on an NT Domain Controller.

Steps:

Follow the steps below to manually install EUM on a Windows domain controller. This procedure applies to Windows 2000, 2003, and 2008 domain controllers, 32- and 64-bit.  When the procedure varies for an operating system, this is called out.

To create the scua.ini file:

  1. Create the following directory on the domain controller:

    C:\SurfControl User Agent\

  2. Using Notepad, create the scua.ini file in the following format:

    [surfCONTROL_Services] [i]

    z.z.z.z=61695 [ii]

    x.x.x.x=61695 [ii]

    [ignored_users][iii]

    domain\user#1=1 [iv]

    domain\user#2=1
  3. Save the Notepad file as scua.ini in the C:\SurfControl User Agent\ directory.

     
  4. Place the .dll in the appropriate directory:

    1. For 32-bit controllers, copy the file ScSubAuth.dll from the C:\Program Files\SurfControl\Web Filter\EnterpriseUserMonitoring directory. Paste the ScSubAuth.dll file in the C:\Windows\System32\ directory.

       
    2. For 64-bit controllers, copy the file ScSubAuth_amd64.dll from the C:\Program Files\SurfControl\Web Filter\EnterpriseUserMonitoring directory. Paste the ScSubAuth_amd64.dll file in the C:\Windows\System32\ directory.

Edit the registry:

After you have moved the ScSubAuth.dll or ScSubAuth_amd64.dll file, create the following new entries in the Windows domain controller registry.

To edit the registry on 32-bit domain controllers:

  1. Click Start and select Run.

     
  2. Type: regedit.

     
  3. Expand HKEY_LOCAL_MACHINE\SOFTWARE.

     
  4. Create a new key: JSB.

     
  5. Under this key, create a new key: SurfControl SubAuth.

     
  6. In HKEY_LOCAL_MACHINE\SOFTWARE\JSB\SurfControl SubAuth, create the following string value:
    String Name: iniFile
    Value Data: C:\SurfControl User Agent\scua.ini
  7. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0, create the following string value:
    String Name: Auth0
    Value data: ScSubAuth
  8. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos, create the following string value:
    String Name: Auth0
    Value Data: ScSubAuth
  9. (Optional) If you want to avoid re-booting the domain controller in the future, follow these steps before proceeding to Step 10:
    1. In HKEY_LOCAL_MACHINE\SOFTWARE\JSB\SurfControl SubAuth create the following DWORD value:

      Dword Name: ReReadTimeout
      Decimal Value Data:
           For Windows 2000 or 2003:    600
           For Windows 2008:                0x258

    You must be running Web Filter version 5.5 SP2 (with the 5.5.2.109 version of the scsubauth.dll file) or higher to complete the procedure described in this step.
  10. Reboot the domain controller. (The domain controller must be rebooted once after this file is installed to update to the newer version.)

To edit the registry on 64-bit domain controllers:

  1. Click Start and select Run.

     
  2. Type: regedit.

     
  3. Expand HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\.

     
  4. Create a new key: JSB.

     
  5. Under this key, create a new key: SurfControl SubAuth.

     
  6. In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JSB\SurfControl SubAuth, create the following string value:
    String Name: iniFile
    Value Data: C:\SurfControl User Agent\scua.ini
  7. In In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0, create the following string value:
    String Name: Auth0
    Value data: ScSubAuth_amd64
  8. In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos, create the following string value:
    String Name: Auth0
    Value Data: ScSubAuth_amd64
  9. (Optional) If you want to avoid re-booting the domain controller in the future, follow these steps before proceeding to Step 10:
    1. In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JSB\SurfControl SubAuth create the following DWORD value:

      Dword Name: ReReadTimeout
      Decimal Value Data:
           For Windows 2000 or 2003:    600
           For Windows 2008:                0x258

    You must be running Web Filter version 5.5 SP2 (with the 5.5.2.109 version of the scsubauth.dll file) or higher to complete the procedure described in this step.
  10. Reboot the domain controller. (The domain controller must be rebooted once after this file is installed to update to the newer version.)

Enable Application log updates for Windows domain controller

On the Domain Controller, create a new registry key:

  1. Expand HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.

     
  2. Highlight Application.

     
  3. Right-click in the pane to the right, and from the New drop-down menu, select Key.

     
  4. Enter SurfControl User Agent as the name for the new key and press Enter.

     
  5. Right-click in the pane to the right, and from the New drop-down menu, select String Value.

     
  6. Enter EventMessageFile as the name for the expandable string value and press Enter.

     
  7. Right-click on EventMessageFile and select Modify.

     
  8. In the Value Data field, enter the fully qualified pathname for the dll file.
    For 32-bit controllers, it is C:\Windows\system32\ScSubAuth.dll.
    For 64-bit controllers, it is C:\Windows\system32\ScSubAuth_amd64.dll.
     
     
  9. Right-click in the pane to the right, and from the New drop-down menu, select DWORD value.

     
  10. Enter TypesSupported as the name of the new DWORD value.

     
  11. Right-click on TypesSupported and select Modify.

     
  12. In the Value Data field, enter 7.

     
  13. Select the Hexadecimal radio button.

     
  14. Click OK.

     
  15. Reboot the domain controller.
Troubleshooting EUM Agent:

  1. Please be sure that the requirements described above have been achieved.

     
  2. Please refer to the application event log in the Event Viewer. The "Source" should be "SurfControl User Agent".

Notes & Warnings

Writer ID: EM 3/24/09

Additional Problems and Search Terms:
Domain Controller polling

Article Rating:

Do you have any additional feedback?    close

How are we doing?

Provide us feedback on your experience with the Service Request portal.

provide feedback >