The laptop units are dell Latitude E6400 XFR (armored) with the builtin fingerprint swipe sensor and the builtin contactless smartcard reader.
Since my original post and based on feedback I've received, I am now considering the smartcard option. Knowing absolutely zip about smartcards, I'm somewhat overwhelmed by the choices. Any recommendations for a basic user-authentication smartcard provider that any of you have done business with? Gordon From: [email protected] [mailto:[email protected]] On Behalf Of Jon Harris Sent: Thursday, June 04, 2015 8:53 PM To: [email protected] Subject: RE: [NTSysADM] Law Enforcement IT query Which finger print reader are you using in the Dell. One of them is a POS period. The software works as it was intended but the finger print reader is just not worth the money spent. I have not tried the more expensive of the two readers that were available. The software may be different for that one. Jon ________________________________ From: [email protected]<mailto:[email protected]> To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Law Enforcement IT query Date: Tue, 2 Jun 2015 17:59:14 +0000 OK.... My question to those that might support a law enforcement agency is do you have mobile laptops in your police cars that access the FBI NCIC system? I have a small fleet (6 units) of Dell Latitude XFR armored laptops that I'm trying to get deployed (my first laptop deployment project) and I'm having difficulties with the fingerprint reader hardware / software in the unit. The Dell software is, quite frankly, a POS, so I was wondering if your mobile units use the fingerprint reader to provide multi-factor authentication in addition to a user name / password combination and if so, what fingerprint software you might be using. More specifically, my units are using a sprint mobile card and once an officer is authenticated locally, I have a script that runs at logon that launches the mobile connection software, fires up the VPN connection software, authenticates the VPN tunnel to my perimeter firewall / VPN endpoint and launches the Mobile application software (what the officer uses to do his/her job). Because of the way this all works (and it works very well) and because of university IT policy, I am not able to authenticate against the university AD. Hence, each officer has a local user account setup on the laptop. This is where I run into difficulties with the Dell fingerprint software. FBI security policy delineates - if I am correct in my interpretation of the policy - that a mobile laptop contained in a police conveyance has to have multi-factor authentication implemented. I have chosen "password and fingerprint swipe" as the logon method because fingerprints are a lot harder to lose than a smartcard. Anyhow, the Dell fingerprint software is not smart enough to sense when a new user (for example when a new officer is hired) is logging onto the laptop for the first time and allow the enrollment of a fingerprint before completing the authentication. What this means is that I then have to manually setup each and every officer on each and every laptop before I can enable the "password and fingerprint swipe" logon and deploy the unit. If you are using a similar system, would you have advice or suggestions on how you got yours to work, especially if your using a third-party fingerprint software system? If you're using a smartcard system, how do you minimize the possibility of your officers losing or misplacing their smartcard and thus not being able to complete their laptop logon? TIA Gordon From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Tuesday, June 02, 2015 11:09 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Law Enforcement IT query It sounds like it would be an interesting conversation to keep on-list. No "IT support", but I have coordinated with local and federal on a few occasions. -- Espi On Tue, Jun 2, 2015 at 9:07 AM, Gordon Pegue <[email protected]<mailto:[email protected]>> wrote: I am curious if any of the folks subscribed to this list provide IT support to a law enforcement or police agency and would be willing to engage in an off-list correspondence. Thanks in advance Gordon
