A possible work-around to avoid YOU being involved - Can you set a group of authorised persons (checked via fingerprint etc.) to add authentication of new users.
Also - maybe a good idea to have an alternative fingerprint recognition (other hand) to address the possibility of damage to the users hand - As in abraded fingertips from scraping on road, or concrete type surfaces, or just from blistering following a burn. JimB From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Tuesday, June 02, 2015 7:51 PM To: [email protected] Subject: Re: [NTSysADM] Law Enforcement IT query Thank you for keeping this on-list! This could be quite interesting indeed. -- Espi On Tue, Jun 2, 2015 at 10:59 AM, Gordon Pegue <[email protected]> wrote: OK.. My question to those that might support a law enforcement agency is do you have mobile laptops in your police cars that access the FBI NCIC system? I have a small fleet (6 units) of Dell Latitude XFR armored laptops that I'm trying to get deployed (my first laptop deployment project) and I'm having difficulties with the fingerprint reader hardware / software in the unit. The Dell software is, quite frankly, a POS, so I was wondering if your mobile units use the fingerprint reader to provide multi-factor authentication in addition to a user name / password combination and if so, what fingerprint software you might be using. More specifically, my units are using a sprint mobile card and once an officer is authenticated locally, I have a script that runs at logon that launches the mobile connection software, fires up the VPN connection software, authenticates the VPN tunnel to my perimeter firewall / VPN endpoint and launches the Mobile application software (what the officer uses to do his/her job). Because of the way this all works (and it works very well) and because of university IT policy, I am not able to authenticate against the university AD. Hence, each officer has a local user account setup on the laptop. This is where I run into difficulties with the Dell fingerprint software. FBI security policy delineates - if I am correct in my interpretation of the policy - that a mobile laptop contained in a police conveyance has to have multi-factor authentication implemented. I have chosen "password and fingerprint swipe" as the logon method because fingerprints are a lot harder to lose than a smartcard. Anyhow, the Dell fingerprint software is not smart enough to sense when a new user (for example when a new officer is hired) is logging onto the laptop for the first time and allow the enrollment of a fingerprint before completing the authentication. What this means is that I then have to manually setup each and every officer on each and every laptop before I can enable the "password and fingerprint swipe" logon and deploy the unit. If you are using a similar system, would you have advice or suggestions on how you got yours to work, especially if your using a third-party fingerprint software system? If you're using a smartcard system, how do you minimize the possibility of your officers losing or misplacing their smartcard and thus not being able to complete their laptop logon? TIA Gordon From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Tuesday, June 02, 2015 11:09 AM To: [email protected] Subject: Re: [NTSysADM] Law Enforcement IT query It sounds like it would be an interesting conversation to keep on-list. No "IT support", but I have coordinated with local and federal on a few occasions. -- Espi On Tue, Jun 2, 2015 at 9:07 AM, Gordon Pegue <[email protected]> wrote: I am curious if any of the folks subscribed to this list provide IT support to a law enforcement or police agency and would be willing to engage in an off-list correspondence. Thanks in advance Gordon
