We have the same laptops, but utilize RSA. We can issue the RSA as a hard (USB) token or soft (there is an app for that) token to reduce the need for keeping track of the hard token.
We like NetMotion Wireless to keep the system state stable as the mobile users move in/out of signal coverage. Robert On Tue, Jun 2, 2015 at 1:59 PM, Gordon Pegue <[email protected]> wrote: > OK…. > > > > > > My question to those that might support a law enforcement agency is do you > have mobile laptops in your police cars that access the FBI NCIC system? > > > > I have a small fleet (6 units) of Dell Latitude XFR armored laptops that > I’m trying to get deployed (my first laptop deployment project) and I’m > having difficulties with the fingerprint reader hardware / software in the > unit. The Dell software is, quite frankly, a POS, so I was wondering if > your mobile units use the fingerprint reader to provide multi-factor > authentication in addition to a user name / password combination and if so, > what fingerprint software you might be using. > > > > More specifically, my units are using a sprint mobile card and once an > officer is authenticated locally, I have a script that runs at logon that > launches the mobile connection software, fires up the VPN connection > software, authenticates the VPN tunnel to my perimeter firewall / VPN > endpoint and launches the Mobile application software (what the officer > uses to do his/her job). Because of the way this all works (and it works > very well) and because of university IT policy, I am not able to > authenticate against the university AD. Hence, each officer has a local > user account setup on the laptop. This is where I run into difficulties > with the Dell fingerprint software. FBI security policy delineates – if I > am correct in my interpretation of the policy – that a mobile laptop > contained in a police conveyance has to have multi-factor authentication > implemented. I have chosen “password and fingerprint swipe” as the logon > method because fingerprints are a lot harder to lose than a smartcard. > Anyhow, the Dell fingerprint software is not smart enough to sense when a > new user (for example when a new officer is hired) is logging onto the > laptop for the first time and allow the enrollment of a fingerprint > *before* completing the authentication. What this means is that I then > have to manually setup each and every officer on each and every laptop > before I can enable the “password and fingerprint swipe” logon and deploy > the unit. > > > > If you are using a similar system, would you have advice or suggestions on > how you got yours to work, especially if your using a third-party > fingerprint software system? > > If you’re using a smartcard system, how do you minimize the possibility of > your officers losing or misplacing their smartcard and thus not being able > to complete their laptop logon? > > > > TIA > > Gordon > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Micheal Espinola Jr > *Sent:* Tuesday, June 02, 2015 11:09 AM > *To:* [email protected] > *Subject:* Re: [NTSysADM] Law Enforcement IT query > > > > It sounds like it would be an interesting conversation to keep on-list. > No "IT support", but I have coordinated with local and federal on a few > occasions. > > > -- > Espi > > > > > > On Tue, Jun 2, 2015 at 9:07 AM, Gordon Pegue <[email protected]> wrote: > > I am curious if any of the folks subscribed to this list provide IT > support to a law enforcement or police agency and would be willing to > engage in an off-list correspondence. > > > > > > Thanks in advance > > Gordon > > >
