Question: I am using Windows 2008 Active Directory. I have DC Agent and Logon Agent set up, but Web filtering is still not working as I expected. Does version 7 support Active Directory 2008?
Answer: For Websense Web Security v7.0, DC Agent is not supported in a Windows 2008 Active Directory environment. To identify users successfully, you need to employ Logon Agent and modify NTLM Security permissions. Windows 2008 AD uses NTLM-2 (version two). Websense transparent agents were designed using NTLM (version one). DC Agent is scheduled to work with Windows 2008 Directory Service in a version of Websense Web Security expected later in 2009.
http://kb.websense.com/pf/12/webfiles/Webinars/Q&A/January_Webinar_Q&A.pdf
The workaround is modify NTLM Security permissions to NTLM v1
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
No comments:
Post a Comment