Hi Lewis00,

Thanks for the suggestion.

Basically we started by looking at this registry key.

I think it can be helpful for generic purposes like printer mapping.

However it is risky to use this key for security purposes like security logging and forensic use.

The reason is that the key is under complete user control.

So the user can easily update the registry key containing the terminal IP address and then replay the login scripts.

This will effectively spoof his location in the security logs.

That is why we are looking for a solution that is rather based on the broker server.