Symantec Control Compliance Suite (CCS)
When running CCS scans, you do not need CCS to report on information about users or groups, or you use the predefined benchmarks released by Symantec.
NOTE: The predefined CIS benchmarks released by Symantec do not require domain cache when run, so domain cache can be disabled.
Domain Cache is enabled by default and needs to be collected by each manager for each domain. The Domain Cache is pushed down to each agent to use in scans that need information about users, groups, or some computer components.
Release : CCS 12.x
SCU: 2018-1 (or newer SCU)
Component : Needs to be manually configured on each CCS manager that you want to disable Domain Cache.
Full information about disabling domain cache in the CCS 12.x documentation:
On each CCS manager that you would like to disable domain cache, do the following:
<file id="wnt.Dictionary.ConfigurationSettings-xml" FileTypeKey="wnt.Configuration" version="16-06-2018 07:00:54" FilterValue="" ignore_if_absent_on_agent="false"> <name>ConfigurationSettings.xml</name> <manager_path>control/windows</manager_path> <MFH library="" procedure="" /> <depFiles /> </file>In this example, you would increase the version to "16-06-2020 07:00:55"
Note for Agent-based Collection: If you continue to see the error "Domain cache does not exists or not valid for domain [ Domain ]. Data collection will not proceed"
Then from Step 2 above add the same to the "<InstallDir>\ESM\bin\dcmodules\Control\Windows\ConfigurationSettings.xml" on the Agent.
Restart the Agent, Data Collection will now proceed without issue.
If you just want to disable collecting domain cache for specific domains, but not all domains, you can edit the ConfigurationSettings.xml file and enable domain cache (BuildDomainCache=True), but then specify which domains you want to disable domain cache for by listing the domain(s) in the DomainCacheExclusionList parameter. Remember these settings will need to be added to each manager's ConfigurationSettings.xml file (make a backup of the file before editing), and restart the 'Symantec CCS Manager' and 'Symantec Data Processing Service' for the new configuration to take effect.
Example of the entries needed to have domain cache enabled, but DomainA, DomainB, or DomainC will be excluded and domain cache will not be collected on those 3 domains.
In the 'DomainCacheExclusionList' parameter, list the domain(s) for which you do not want cache to be created. If you want to list more than one domain, provide a comma-separated list of domains.