Provide a DC Authentication Agent
Have an agent which polls Active Directory Domain Controllers for user logon events to determine which user is logged onto each machine. This would allow for all users on the domain to be authenticated without requiring any settings on their machines. There would need to be an option to exclude logon events for service accounts.
Aaron Troester commented
This would be amazing. We've got a number of these boxes deployed. We'd like to be able to set up AD SSO authentication for our clients, but it's just too complicated. We have to set up a login script to add the Sophos FQDN to their Intranet zone, then, if they don't log in to a webpage with a certain time, they get a popup. If they add Firefox, we have to run another script. Our clients are small businesses and we don't have that much control over user installations. It would be nice to have a way to set this up without having to go through all this.
Untangle looks to have something like this. They capture the login event log on the DC and use the IP address there to determine the user's IP address.
This will also help in disconnecting the live users session, the feature will help in the process of DLP
Dave Rogers commented
Fortigate do this rather well so something like theirs would be good!!!