NetSweeper – WAgent – Transparent Filtering
The Netsweeper Workstation Agent (WAgent) utility is used to send the IP address of the workstations on your network and their LDAP user information to the Policy Server to put the user into a group. How this process works in practise is defined by how the WAgent is run and parameter switches you use. The WAgent can be used in a number of different configurations, we cant cover them all but below are two common varients.
The WAgent is available for download here – at time of listing version 184.108.40.206
Scenario 1 – The users filtering policy levels will be determined by the membership of a security group in AD, the group names start with “nsw-” so eg nsw-students. The WAgent will be called from the workstation registry. A single GUID pair is provided for the ‘site’. The registry of the user workstation is configured with the string value, such as the example below.
Assumes that the WAgent is already installed on the computer..
Registry Details – Change wagent.exe location if not installed in the default “program files” folder
Key Location – HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
New Key Type – String Value
String Value Name – Netsweeper Workstation Agent
String Value Data – “C:\Program Files (x86)\Netsweeper WorkStation Agent\WAgent.exe” -w ukcloud.netsweeper.com -d ukcloud.netsweeper.com -i -l -v -f -t 300 -s nsw -g ee841ce0ec5bd7fb146cc694cf5c0fee -L ee3b9b3597f11d8067cd00eb8be62dee
String Value Data – “C:\Program Files (x86)\Netsweeper WorkStation Agent\WAgent.exe” -w ukcloud.netsweeper.com -d ukcloud.netsweeper.com -i -l -v -f -t 300 -s nsw -g <<login GUID>> -L <<logout GUID>>
During the login process the WAgent will look to the directory to confirm the group which the current user is a member of, WAgent will ONLY look within groups where names start with nsw. WAgent returns the name of the first group discovered, this is then returned to the policy server to determine the filtering level. In addition the WAgent also confirms the group placement every 300 seconds.
Scenario 2 – The users filtering policy will be determined by the login script used when the individual logs is. The login script will run WAgent. GUID pairs are provided for each filtering policy. During the login process, a login script runs which is associated with the user, the script will give additional parameters to call WAgent and offer the GUID for the filtering policy to be applied to the user.
Assumers that the WAgent is already install on the computer.
Contents of the logout.bat File
wagent.exe -w ukcloud.netsweeper.com -g ee0da6418c296b1638788e66a64d79b4
wagent.exe -w ukcloud.netsweeper.com -g <<logout GUID>>
Contents of the login.bat File
wagent.exe -w ukcloud.netsweeper.com -g ee9f6a3d444d553a89d17979e88df534
wagent.exe -w ukcloud.netsweeper.com -g <<login GUID>>
This process is simple to setup however filtering levels would not be applied if the login/logout scripts do not run, there are errors, or delays in running it.