Default	True
Options	True, False
Synopsis	Ensures that DC Agent drops all entries containing dollar signs from its user map, without performing any additional verification. This option is a more powerful version of IgnoreDollarSign.

Default	86400
Options	Integer greater than 3600, or 0 to disable
Synopsis	DC Agent automatically detects new domains or domain controllers added to the network. By default, detected domain names are recorded to the dc_config.txt file at startup, and every 24 hours thereafter. Increasing the domain discovery interval may delay discovery of a new domain or domain controller. Decreasing the interval increases network traffic, because the process runs more frequently.

Default	True
Options	True, False
Synopsis	Used to prevent a problem involving Windows 2000 services that use a machine name followed by a dollar sign (wkstn$) as a user name when contacting the domain controller. DC Agent interprets the service as a new user to whom no policy has been assigned. When this parameter is set to True, if DC Agent detects a user$ entry in its map, it compares the name to the source machine's name. If these match, DC Agent ignores the logon session entirely, because it knows the logon did not originate from an actual user. If the logon name and machine name do not match, DC Agent attempts to get the name of the actual user logged on from the source machine. If it obtains a user name, DC Agent pairs that with the IP address of the source machine, and records these together in its map. If DC Agent cannot obtain an actual user name, it simply records the user$ entry in its map. This process minimizes the number of false user names DC Agent stores in its map and sends to Filtering Service. When the parameter is set to False, if DC Agent detects a user$ entry in its map, the agent attempts to replace it with an actual user name from the source machine. If DC Agent does not obtain an actual user name, it records the user$ entry in its map.

Default	False
Options	True, False
Synopsis	By default, DC Agent detects users logging on to domains and to local machines. If for some reason you want DC Agent to register logons only to domain controllers, and ignore local logons, set this value to True. See also AllDollarSign.

Default	True
Options	True, False
Synopsis	By default, DC Agent ignores a user logon to a domain controller, if it already registered that logon after the previous domain controller query. As a best practice, leave this default setting as is. In most cases, there is no benefit to duplicating recognition of an earlier logon session.

Default	600 [seconds = 10 minutes]
Options	Between 300 and 3600 seconds.
Synopsis	Determines how often DC Agent checks the machine name/IP address pairs in its cache for entries older than the IPCleanLifetime period. Entries older than this time period are removed from the cache. This parameter typically does not need to be changed.

Default	7200 [seconds = 2 hours]
Options	Integer greater than 3600, or 0 to disable
Synopsis	As DC Agent receives logon session information, it stores machine name/IP address pairs in its local memory cache. This reduces the number of times DC Agent must perform DNS lookups for each active client machine, because it already has the IP address.

Default	70000
Options	Integer 5000 or greater
Synopsis	If you use an ignore.txt file to configure DC Agent to ignore particular users or client machines, this parameter sets an upper limit on the number of entries in the file. See Configure DC Agent to ignore certain user names.

Default	0 [seconds]
Options	Between 0 and 120 seconds
Synopsis	Used primarily by Forcepoint Technical Support. Allows the ConsoleClient diagnostic tool to connect to DC Agent while the service is running, but before its processes are activated. Use extreme caution when modifying this parameter.

Default	True
Options	True, False
Synopsis	By default, DC Agent uses the workstation entry in the session information it receives from the domain controller to first find the client hostname, then find the associated IP address. When UseDNSReverse is set to False, DC Agent uses the workstation entry to retrieve IP address information without first looking up the client hostname. Note: When UseDNSReverse is set to True and you have dual-stack (Ipv4 and IPv6) clients, you must have a reverse lookup zone in your DNS.

Default	False
Options	True, False
Synopsis	By default, DC Agent uses DNS lookup to identify domain controllers by name and IP address. If the DNS lookup fails, the agent uses NetBIOS calls. Set this parameter to True to cause DC Agent to use only NetBIOS to identify domain controllers.

Default	True
Options	True, False
Synopsis	By default, DC Agent uses User Service for communications with domain controllers in the network. To close the ports required for User Service to facilitate communications between DC Agent and domain controllers, set this value to False. In this case, DC Agent uses Windows networking calls for communications instead.

Default	True
Options	True, False
Synopsis	When this parameter is enabled, DC Agent checks the existence of a user account against the domain where a user logon session is detected. When this parameter is set to False, DC Agent may not update its user map right away if a user account is moved from one domain to another.