Installation guide
200 Websense Installation Guide
Chapter 5: Initial Setup
Websense User Map and the Persistent Mode
User identification provided at logon by LogonApp.exe is stored in the
Websense user map. This information is updated periodically if
LogonApp.exe is run in persistent mode. The update time interval for the
persistent mode and the interval at which the user map is automatically
cleared of logon information are configured in the Logon Agent tab of the
Settings dialog box in Websense Manager. In Active Directory, if you decide
to clear the logon information from the Websense user map before the interval
defined in the Manager, you can create an accompanying logout script. You
cannot configure a logout script with Windows NTLM.
In the non-persistent mode, information in the user map is created at logon
and is not updated. The use of the non-persistent mode creates less traffic
between the Websense software and the workstations in your network than
does the persistent mode.
For detailed information about configuring Logon Agent in Websense
Manager, see the User Identification chapter in the Administrator’s Guide for
Websense Enterprise and Web Security Suite.
Examples
The following are examples of commands for a logon script and the
companion logout script that might be run in Active Directory. The two
scripts must be run from separate batch files.
Logon Script: In this example, the edited Logon.bat file contains this
single command:
LogonApp.exe http://10.2.2.95:15880 /NOPERSIST
The sample script above sends user information to the Logon Agent at logon
only. The information is not updated during the user’s session (
NOPERSIST).
The information is sent to port 15880 on the server machine identified by IP
address 10.2.2.95.
With Active Directory you have the option to clear the logon information for
each user as soon as the user logs out. (This alternative is not available with
Windows NTLM.) To accomplish this, you create a companion logout script
in a different batch file.