Safeguard Fingerprint logon - Lenovo laptop(s)

I hate to answer questions with questions, but:

1)  What model Lenovo laptops are you using?

2)  What version of the Thinkpad Fingerprint Software are you using?

3)  Do you have Fingerprint option set in the Logon mode field of your Authentication Policy?

We use Lenovo laptops exclusively at my company, and we've had pretty good luck with getting the fingerprint software working.  Our models were pretty old (T60/61), but once we got the fingerprint software upgraded to the proper version (we are using v5.8.2 b4462 for the Upek readers, and I'm not sure what version for the Authentic), it worked great.

To answer your second and third question (and as always the Sophos guys will correct me if I'm wrong) but from my experience, it is possible to have multiple users log on to the POA using their fingerprints, and you can definitely register multiple fingerprints for each individual user.

Well, it will be good to have the answers to the questions first. But neverless here are the answers of your questions:

The first question I've got is - is it possible to not have Fingerprint software installed on the system, install Safeguard, and then later install Fingerprint software (the proper version of course)?  Will Safeguard pick it up and use it then?

You have to follow the installation order which means: 1. Fingerprint software, 2. SafeGuard Easy (SGE)/SafeGuard Enterprise (SGE)

Are you want to use it with SGN or SGE?

Secondly, is it possible to have multiple users on the same laptop log into POA using Fingerprint?

Yes

Third, does Safeguard recognize multiple Fingerprints on the same fingerprint profile?

Yes

We have multiple Lenovo laptops in our enterprise - T400, T60, T61, X301.  The one I'm specifically working on right now is the X301.  I've not had any issues with any of the other models... but I've noticed that all the other models of Lenovo laptops use UPEK Fingerprint Software, while the X301 uses the Authentic Fingerprint Software.

We are using Safeguard Enterprise in our workplace.

I have updated the Fingerprint Software on each laptop I install SGE on to the latest version.  With UPEK I'm using v.5.8.5.6014, and with Authentic I'm using v.3.3.2.27.  Both should be higher than the required SGE versions according to my documentation.

Yes, I do have Fingerprint set in the policy option for the Authentication policy.

I was actually finally able to get it set up and installed on the X301 yesterday, but now I'm having a strange issue where the POA doesn't seem to want to register the fingerprint of the user.  Once the user registered their fingerprint in the software in windows, on a reboot the POA matches a fingerprint but doesn't find any login credentials associated with it, so you have to uncheck "log in to windows" (or whatever the checkbox is named) and then swipe the fingerprint on Windows Logon.  However - no matter how many times we do that POA doesn't seem to want to register the fingerprint with the user's login credentials.

---

Cerebus06 wrote:

I was actually finally able to get it set up and installed on the X301 yesterday, but now I'm having a strange issue where the POA doesn't seem to want to register the fingerprint of the user.  Once the user registered their fingerprint in the software in windows, on a reboot the POA matches a fingerprint but doesn't find any login credentials associated with it, so you have to uncheck "log in to windows" (or whatever the checkbox is named) and then swipe the fingerprint on Windows Logon.  However - no matter how many times we do that POA doesn't seem to want to register the fingerprint with the user's login credentials.

---

Did the user have their fingerprints registered in the thinkpad software before SGN installation, or did they do it after?  I remember having a similar issue, and if I my memory serves me correctly, I deleted the users entire profile in the TFS software, and had them re-register.

I didn't have him create the fingerprint profile and register it until after SGE was set up.

However - one thing that did occur was that, when I uninstalled the older Authentic Fingerprint software version, it - for some reason - "could not" delete the fingerprint profile already set up.  I didn't think this would be an issue, but maybe that older fingerprint profile that was not deleted when the older version was removed is conflicting somehow?

The user profiles are different - ie, the windows user that is currently trying to get SGE to register the fingerprint isn't the same profile as the one the original fingerprint profile was created on (although the user himself is the same user).

It is an issue, because the FP data between the two FP software version are not compatible. Please make sure that you delete all fingers after the update of the FP software and re-enroll them.

Hi,

i have the same problem.

Before I updated to the SGN 5.50, the FP was running under Windows and in the POA on several computers (e.g. Lenovo T60, T61p, W500, X301, ...). But with the newer version, I don't get it running for an authentification with the FP in the POA (Windows Authentification with FP works great). I installed Windows XP or Windows 7 with all drivers and programs (also with the FP Software and driver; for Authentec 3.3.0.58 and for UPEK 5.9.2.5859), only then I installed SGN 5.50 and encrypt all HDD devices.

But now (after the initial user alignment) I configured the FP. However it works only in Windows (the authentication with FP is allowed in SGN MC and the Pre-Desktopautehtification is activated in the BIOS).I tested it on several devices, but no one is accurate running? With the SGN 5.40 the installation wasn't easy, but it run.

What am I doing wrong?

Best Regards,

Johannes

HI,

We're a new customer of SafeGuard Enterprise, and POA Fingerprint isn't working for us either. It's working fine for Windows though.

Details:

Client: Windows 7 Enterprise x32

SafeGuard version: 5.50.0.116

Laptop: Lenovo W500 (TYPE 4062-5TG)

Biometric: AuthenTec Inc. AES2810

Biometric Driver version: 8.6.0.13 (ATSwpWDF.sys)

Lenovo Fingerprint software installer: 7wf161ww.exe

Lenovo Fingerprint software version: 3.3.2.27

Install order:

1. Cleared fingerprint data and reset security chip in BIOS

2. Installed OS and drivers

3. Installed Lenovo fingerprint software

4. Enrolled fingerprints

5. Tested successfully

6. Installed SafeGuard Enterprise

7. Rebooted

8. Installed SafeGuard config

9. Rebooted

After raising a support ticket with Sophos I was told the Authentec version I'm using is not yet supported.

FYI...

Quote "Lenovo Fingerprint for AuthenTec versions 3.2.x are the only supported versions This has been raised as a deffect - DEF58676: Lenovo: No Fingerprint possible in POA with Authentec 3.3.2.27 (ItemID: 58676)"

NB: From my understanding this would be mean that Windows 7 is not fully support for the Authentec chip as yet as Lenovo released version 3.3.x for Windows 7.

---

RL wrote:

After raising a support ticket with Sophos I was told the Authentec version I'm using is not yet supported.

FYI...

Quote "Lenovo Fingerprint for AuthenTec versions 3.2.x are the only supported versions This has been raised as a deffect - DEF58676: Lenovo: No Fingerprint possible in POA with Authentec 3.3.2.27 (ItemID: 58676)"

NB: From my understanding this would be mean that Windows 7 is not fully support for the Authentec chip as yet as Lenovo released version 3.3.x for Windows 7.

---

Hi RL,

Thank you for your very informative post and including the response from Sophos Support regarding the Lenovo FPR and SGN POA.

In the event that anyone else needs to check the Lenovo FPRs supported by SGN click here.