Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 12039 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logoff Dectection STAS

Huy Vu

Hi all,

I have a testcase, I integrated AD with Sophos XG and use STAS. I configured user Test can access to internet, I log on user Test to the machine. Then I log off user Test and log on local account to the this machine. Just like the rule this machine can't access to internet, but this machine still can access to internet with user Test.

I'm tried configuring "Logoff Detection" with guide: https://community.sophos.com/kb/en-us/123020 but failed.

And now, I want to check "Logoff Dection" with EventLog (not WMI), How I can?



This thread was automatically locked due to age.
Parents
  • 0

    EventLog just don't have a definitly clue about that. If a client force power off and login into local user, there just no logoff event anywhere. So you need to use WMI to query which user is logged in to determine if user has logged out or not.

    We go with sso client partly because of that and wmi remote access is hard to do right. The client approach can do heartbeat communication with firewall and activly report user is still logged in.

  • 0 in reply to daiqingxu

    So, option "Log off Dectection" is hard to do right?

  • 0 in reply to Huy Vu

    Hard to do right if there is no proper server-client communicate solution implemented.

    Windows do have something on that, IEEE 802.1X, i think you can integrate that with radius sso, which should be the best solution (most complicated one also).

    Other wise if reliable Log off Dectection is needed, client is hard to avoid.

Reply
  • 0 in reply to Huy Vu

    Hard to do right if there is no proper server-client communicate solution implemented.

    Windows do have something on that, IEEE 802.1X, i think you can integrate that with radius sso, which should be the best solution (most complicated one also).

    Other wise if reliable Log off Dectection is needed, client is hard to avoid.

Children
No Data