Hello, I would like to setup a laptop for a friend (ginny-pig), ultra-tight, like a high school issued laptop, locked down. I would like to have several USB Flash Drives (Keys) that can be used to logon to one particular laptop. Unlike the school, there is no "Domain" here, fully updated - Win 7 Home Premium. It is a Toshiba, so there is the built in Facial Recognition. I was hoping to use a private key from the laptop to generate multiple Keys (USB flash drives). I would assume that I would need to be incorporating BitLocker. Is this possible? Even in a less then perfect, but better then nothing sinario? Thanks Vic

In this case, you may enable smart card with BitLocker. Learn more about BitLocker Drive Encryption Arthur Xie TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Forgive the ignorance, but can a USB stick be used in place of a smartcard? Thanks Vic

BitLocker is only avaialble in Windows 7 Ultimate and Windows 7 Enterprise SKU. http://www.microsoft.com/windows/windows-7/compare/default.aspx Yes, you can use TPM + Startupkey (USB) or only Startupkey to boot in to Windows. If your machine has a TPM chip then bitlocker can use it to check for early boot components. If not then you can still enable BitLocker on the machine by enabling this policy and using a startup key. (USB) http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_NoTPM I hope this helps.Manoj Sehgal

Forgive the ignorance, but can a USB stick be used in place of a smartcard? Thanks Vic Both USB keys and smart cards are fine. However, I would like to explain that it will only be a system drive unlocker. Users cannot directly log in with their user accounts with it. Therefore it may not be the thing you want exactly. There are no ways to enable the logon way you want in non-domain computers. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Is there any other questions for this topic?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

That was excellent input, I am on my way. One last nugget would be great, how would I use the domain to help me in my quest to auto logon? Thanks Medusa13