To support both Windows authentication scenarios and vendor defined authentication, the Windows Biometric service organizes biometric units into three possible sensor pools:
- Private pool a collection of biometric units allocated for exclusive use by a client application. Private pools can support authentication scenarios that are not Windows-based, and they make it possible for an application to access the hardware of a biometric unit in a vendor-defined fashion. There can be as many private sensor pools on the system as there are biometric units.
- System sensor pool a collection of sharable biometric units that provide access to Windows authentication services. This pool is used by Winlogon, UAC, and any other client that associates a SID with a specific biometric template. Each biometric service provider has one system sensor pool.
- Unassigned pool contains a (possibly empty) collection of biometric units that are not assigned to either the system pool or the private pool.
Applications can use the shared system pool or they can create a private pool made up of biometric units removed from the system or unassigned pools. When an application releases its private pool, the biometric units are reconfigured and returned to their original pools. To prevent denial of service attacks, only privileged users are permitted to remove the last sensor from the system pool. For more information, see the following topics.
In this section
|Private Sensor Pool
||A collection of biometric units reserved for exclusive use by a client application. Private pools support proprietary authentication methods and enable a client application to access a biometric unit by using vendor-specified control commands.
|System Sensor Pool
||A collection of sharable biometric units that provide access to Windows authentication services. This pool is used by Winlogon, UAC, and any other client that associates a SID with a specific biometric template.
|System Pool Behavior
||Discussion about the actions taken by the system pool when event notices are sent and when no biometric operations are pending.