Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. It is a set of extensions to the Windows Driver Model that provides an operating system with an interface through which network components provide information and notifications. WMI allows the implementation of scripts or devices to automate administrative tasks on remote computers. It also supplies management data to other parts of the operating system and other products.
Sophos Transparent Authentication Suite (STAS) allows User Logoff Detection via workstation polling using WMI queries. This article describes how you can configure WMI queries as logoff detection.
Applies to the following Sophos products and versions Sophos Firewall
STAS should be configured in AD Server.
Refer to the article Clientless SSO in Single Active Directory and Clientless SSO in Multiple Active Directory.
To configure WMI log off detection, follow the steps below:
Verify that the configuration / GPO works properly. Open the Command Prompt on the STAS server and execute the following commands:
C:\WINDOWS>wmic wmic:root\cli>/user: DOMAIN\administrator Enter the password :********
wmic:root\cli>/node: 192.168.1.10 <<< any test client IP wmic:root\cli>computersystem get username /value
wmic:root\cli>computersystem get username /value
UserName=DOMAIN\testuser <<< it should then display the logged in username wmic:root\cli
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.