NetSweeper – WAgent PC – Transparent Filtering

The Netsweeper Workstation Agent (WAgent) utility is used to send the IP address of the workstations on your network and their LDAP user information to the Policy Server to put the user into a group.  How this process works in practise is defined by how the WAgent is run and parameter switches you use.  The WAgent can be used in a number of different configurations, we cant cover them all but below are two common varients.

The WAgent is available for download from NetSweeper directly here – at time of listing version


Scenario 1 – The users filtering policy levels will be determined by the membership of a security group in AD, the group names start with “nsw-” so eg nsw-students.  The WAgent will be called from the workstation registry.  A single GUID pair is provided for the ‘site’.  The registry of the user workstation is configured with the string value, such as the example below.

Assumes that the WAgent is already installed on the computer..


Registry Details – Change wagent.exe location if not installed in the default “program files” folder

Key Location – HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

New Key Type – String Value

String Value Name – WAgent

String Value Data – “C:\Program Files (x86)\Netsweeper WorkStation Agent\WAgent.exe” -w ukcloud.netsweeper.com -d ukcloud.netsweeper.com -i -l -v -f -t 300 -s nsw -g ee841ce0ec5bd7fb146cc694cf5c0fee -L ee3b9b3597f11d8067cd00eb8be62dee

String Value Data – “C:\Program Files (x86)\Netsweeper WorkStation Agent\WAgent.exe” -w ukcloud.netsweeper.com -d ukcloud.netsweeper.com -i -l -v -f -t 300 -s nsw -g <<login GUID>> -L <<logout GUID>>


IMPORTANT NOTE – Please ensure if you copy the example above that you transfer the text into notepad to ensure there are spaces between the element.


During the login process the WAgent will look to the directory to confirm the group which the current user is a member of, WAgent will ONLY look within groups where names start with nsw.  WAgent returns the name of the first group discovered, this is then returned to the policy server to determine the filtering level.  In addition the WAgent also confirms the group placement every 300 seconds.


Scenario 2 – The users filtering policy will be determined by the login script used when the individual logs is.  The login script will run WAgent.  GUID pairs are provided for each filtering policy.  During the login process, a login script runs which is associated with the user, the script will give additional parameters to call WAgent and offer the GUID for the filtering policy to be applied to the user.

Assumers that the WAgent is already install on the computer.


Contents of the logout.bat File
wagent.exe -w ukcloud.netsweeper.com -g ee0da6418c296b1638788e66a64d79b4

wagent.exe -w ukcloud.netsweeper.com -g <<logout GUID>>

Contents of the login.bat File
wagent.exe -w ukcloud.netsweeper.com -g ee9f6a3d444d553a89d17979e88df534

wagent.exe -w ukcloud.netsweeper.com -g <<login GUID>>


This process is simple to setup however filtering levels would not be applied if the login/logout scripts do not run, there are errors, or delays in running it.

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners