Certificates can be stored on USB tokens - there is no need for a smartcard reader per se.
That said, the Dell should ship with ControlPoint or whatever they call it now, which will provide a CSSP to integrate into the Windows 7 logon screen. Not sure if you can combine it with a pin. RSA provides a cert + PIN solution. Cheers Ken From: Jim Holmgren [mailto:[email protected]] Sent: Thursday, 16 September 2010 4:18 AM To: NT System Admin Issues Subject: RE: Biometric AD authentication I do understand that this is "relatively" easily fooled, but smart cards are not an option in this case (no built-in smart card reader). 'Regular' passwords are not going to cut it. I'm looking for a combination of fingerprint and pin. Jim From: Michael B. Smith [mailto:[email protected]] Sent: Wednesday, September 15, 2010 1:04 PM To: NT System Admin Issues Subject: RE: Biometric AD authentication Fingerprint as an auth method is passé. It's easily forged. I'm pretty sure Secunia published a study about that last year, finding that it didn't matter if your reader was $25 or $500 - they were easily "broken". Smartcard plus PIN seems to be winning. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jim Holmgren [mailto:[email protected]] Sent: Wednesday, September 15, 2010 12:53 PM To: NT System Admin Issues Subject: Biometric AD authentication Greetings, I've been tasked with coming up with some solutions for biometric AD authentication. Quick background: We are in the healthcare field and will be providing tablet PCs to some of our practitioners. We have been going around about how to provide authentication to these folks with minimal security compromises. The tablets will be running Windows 7 Pro (Dell Latitude XT2's at the moment) locked down pretty tight, but to avoid the 'sticky note' password keeper on a very portable device that will contain PHI, we are looking at requiring login with a fingerprint and pin. Any suggestions/recommendations from those that have been-there-done-that with Biometric AD auth would be greatly appreciated. Thanks, Jim ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
