Ok, some information... we are currently on 12.5.2 where we will likely be for a while.
stephane "if you use WMI in your powershell script to identify looged on user based on IP address, most common issue is that custom plugin are executed from enforce server using protect account (the one used by vontu services and tomcat). By default this account has some local admin rights but not domain admin privilege which are necessary to perform WMI request on any workstation."
--- We are using a domain service level account for the Vontu Manager service so the account that is authenticating to the workstation has the appropriate permissions to run.
"You wrote that it work when you do lookup manually, is that using DLP UI or just executing script manually ? If it is first one, it should also work when it is executed automatically and so you should activate debug log for custom script in order to get more information on why it does not work." Yes, when we do a "Lookup" from within the counsel it runs and returns the logged on user however when it runs automatically it errors and returns "cannot authenticate" this error trap is after the ping of the workstation, so the script does run, it pings the workstation but there it fails and does not return the logged on user ID. I'm wondering if it perhaps has something to do with a timeout issue??? Not really sure how to troubleshoot it further.
thanks!
Carly