I am evaluating bitlocker in Windows 7 RC1 and would like to get my hands on a compatible smartcard from a decent vendor. My ideal product would be a smartcard that also works with AD logon, but has as little "value added" addtional complexity as possible.
Has anyone have any suggestions, or is anyone traveling the same track?
-
Looks like the Gemalto .NET Smart Card (combined with .NET Bio) is supported. Found them via a reference in Shivaram Mysore's SmartCard Infrastructure blog. Their .NET card is specified to be fully AD & EFS compatible, and this recent press release announces their support for Windows 7. I doubt their specs will be updated until Windows 7 ships.
Christopher Edwards : Hi, this looks promising thanks for the info.Christopher Edwards : Hmmm... I don't have the check mark icon, maybe I only get this after the bounty has expired??aharden : I think the bounty expired (and apparently went away) before your comment, even though I left my answer almost a week ago. Bug or feature? Certainly not encouraging.aharden : From the FAQ, it looks like I should have received at least half the bounty even if you did wait until after the bounty period to accept my answer. I'm going to file a bug report.Christopher Edwards : Actually I'm pretty sure it didn't expire.From aharden -
Bear in mind that Bitlocker has to unlock the boot volume at boot time, so you'd need a smartcard (and associated drivers) that are available to Bitlocker before the OS loads. http://technet.microsoft.com/en-us/library/dd875530%28WS.10%29.aspx says that you can use smartcards for "BitLocker data recovery agents and as a BitLocker key protector for data drives", but it doesn't say anything about pre-boot authentication (and, thus, unlocking the boot drive). I know MS is aware that this is a requested feature, but I don't think MS has made any public commitment about implementing it.
From Paul Robichaux
0 comments:
Post a Comment