Introduction 

The purpose of the DualShield Domain Controller Agent is to enforce two-factor authentication on all domain member machines whether or not the DualShield Windows Logon client is installed on the machine. Without the DualShield Domain Control Agent, two-factor authentication is only enforceable on the machines on which the DualShield Windows Logon client is installed and operating. With the DualShield Domain Controller Agent installed on domain controllers, then the DualShield Logon client must be installed on all domain member machines expect those in the exception list.