Exporteren (0) Afdrukken
Alles uitvouwen

Windows Biometric Framework Overview

Gepubliceerd: februari 2012

Bijgewerkt: augustus 2012

Van toepassing op: Windows Server 2012

This topic for the IT professional describes the Windows Biometric Framework (WBF) and the enhancements included in Windows Server 2012.

Did you mean…

Biometrics is an increasingly popular technology that provides convenient access to systems, services, and resources. Biometrics relies on measuring an unchanging physical characteristic of a person to uniquely identify that person. Fingerprints are one of the most frequently used biometric characteristics, with millions of fingerprint biometric devices that are embedded in personal computers and peripherals.

The Windows Biometric Framework (WBF) is a set of services and interfaces that permit consistent development and management of biometric devices, such as fingerprint readers, on the Windows Server 2012. WBF improves the reliability and compatibility with biometric services and drivers. The WBF allows device developers the ability to interact with the client side of the framework to support each biometric solution.

The Windows Biometric Service, which is part of the WBF, gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process, and it runs in the security context of Local System.

The Windows Biometric service provides the following functionality:

  • Captures biometric samples and uses them to create a template.

    A template is generated by collecting multiple biometric samples of a single characteristic for a single individual to form a statistical average. A template typically contains only the features that are necessary to determine whether a new sample matches.

  • Securely saves and manages biometric templates.

  • Maps each biometric template to a unique identifier, such as a GUID or SID.

  • Enrolls new biometric templates.

You can use the Windows Biometric Framework API to leverage this functionality. For more information, see Windows Biometric Framework API (Windows) in the MSDN Library.

The WBF provides the following:

  • A Biometric Devices item on the Control Panel that allows users to manage device settings and enroll devices to sign in.

  • Device Manager support for managing drivers for biometric devices.

  • Credential provider support to enable the use of biometric data to log on to a local computer or domain, and then perform elevation of privileges through User Account Control (UAC).

  • Group Policy settings to enable, disable, or limit the use of biometric data for a local computer or domain.

  • Windows Update support for downloading biometric device driver software.

The following table lists the differences between WBF components in Windows 7 and this operating system:

 

Feature/functionality Windows Server 2008 R2 and Windows 7 Windows Server 2012 and Windows 8

Fast user switching for biometric devices

Allows you to switch to a different computer user account without closing programs and files first.

Plus better integration with fingerprint readers, and UI changes

Credentials provider support

Ability to enable and configure the use of biometric data to log on to a local computer and perform UAC elevation.

Plus improvements to the user experience, and better synchronization of passwords with fingerprints

A Biometric Devices Control Panel item

Control Panel item that allows users to manage device settings and enroll devices to sign in.

Same functionality as before.

Device Manager support for managing drivers for biometric devices.

Support for managing drivers for biometric devices.

Same functionality as before.

Changes in Group Policy for WBF

Ability to enable, disable, or limit the use of biometric data for a local computer or domain.

Same functionality as before.

Leverage Windows Update Biometric device driver software available from Windows Update.

Biometric device driver software available from Windows Update.

Same functionality as before.

Fast user switching (FUS), which has been in previous operating system versions, has been enhanced to work with fingerprint technologies. FUS is still activated by pressing CTRL+ALT+DEL to reach the Secure Desktop.

What value does this change add?

This increased authentication capability allows a user to use the biometric credentials when signing on through FUS.

What works differently?

There are no visual changes in FUS functionality. You still can control FUS use through Group Policy settings.

Two policy settings are new in Windows Server 2012 and Windows 8. They control the capability of using biometric authentication at computer startup.

 

Policy setting Applies to Description

Allow automatic logon using boot-time biometric authentication

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Determines whether a user will be automatically logged on after providing a boo-time biometric sample.

Specify timeout for preboot auto-logon authentication

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Specifies the time after system startup that a preboot biometric authentication will be used for auto-logon before being discarded.

Four policy settings remain unchanged in Windows Server 2012 and Windows 8.

 

Policy setting Applies to Description

Timeout for fast user switching events

noteOpmerking
Renamed “Specify timeout for fast user switching events”

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated.

Allow the use of biometrics

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Determines whether the Windows Biometric Service can run on the computer.

Allow users to log on using biometrics

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Determines whether users can log on or elevate User Account Control permissions using biometrics.

Allow domain users to log on using biometrics

  • Windows Server 2012

  • Windows Server 2008 R2

  • Windows 8

  • Windows 7

Determines whether domain users can log on on or elevate User Account Control permissions using biometrics.

There is no deprecated functionality in the WBF for Windows Server 2012 and Windows 8.

You must enable the Windows Biometric Framework using the Server Manager’s Add Features utility to enable biometric service. In addition, Group Policy settings must be configured to manage biometric devices in your environment.

Device drivers must be compatible with the WBF architecture in Windows Server 2012 to take advantage of the new functionality.

The Windows Biometric Framework is a feature installed from the Add Features utility of Server Manager. The following components are activated on the server:

  • Windows Biometric Driver Interface (WBDI)

  • Windows Biometric Server (WBS)

  • Windows Biometric Framework API

This table lists other resources that relate to the Windows Biometric Framework.

 

Content type References

Development

Using the Windows Biometric Framework API (Windows)

Security

Windows Biometric Framework: Framework Security (Windows)

Tools and settings

Windows Biometric Framework API (Windows)

Community resources

Protecting your digital identity - Building Windows 8 - Site Home - MSDN Blogs

Related technologies

Windows Authentication Overview

Vindt u dit nuttig?
(1500 tekens resterend)
Bedankt voor uw feedback

Community-inhoud

Weergeven:
© 2014 Microsoft