a friend of mine works with diabled children and is thus often confronted with children, that are extremly slow typists. At their school every child has an account on an MS Exchange type Server so the windows clients authenticate themselves at the server and every child has their own account with their own password (it is linked to a website on which they can send and receive emails etc.) now he would like to have a way that the children instead of typing in "username" and "secretpassword" that they can just insert their usb drives (which would cost around 10 cents each) and then are automatically logged into the computer with their accounts. Is there a way to do this? Please remember, that the computers are in a Windows Domain and the users are not on the computers themselves.
I hope you can help me and my friend! Thanks
The proper Windows way to do this would be with Smartcards. Attach a USB (or internal) smartcard reader to each machine, and issue each child with a smartcard. Unfortunately these generally cost more than 10 cents.
Also companies like RSA sell special USB sticks that can work in a similar way to a smartcard to log users in http://www.rsa.com/node.aspx?id=1215, but again these are more expensive, and generally need a dedicated back-end server in addition to your AD infrastructure.
Have you also considered USB finger-print readers? They're not quite as secure as smartcards, but if you're just securing school logins for children's email and have reasonable physical security on the premises, then you probably don't really need military grade authentication (would still make sure that staff accounts require username and strong password so that children's records etc are kept secure). This would give you a one-off cost per PC for the finger-print reader and no need to issue anything new to each child, and there's nothing for the child to lose or forget.