Monday, October 26, 2009

How to Use a Microsoft Fingerprint Reader in Windows 7 (DigitalPersona Password Manager)

If you have a Microsoft Fingerprint Reader, Microsoft will tell you that it won't work with Windows 7. If you try to install the driver software anyway, Windows blocks it for "compatibility reasons." However, using the instructions in this post, you can install the software and use the fingerprint reader successfully in Windows 7 (32-bit edition only).

No one expects ancient devices to be supported by a manufacturer for eternity, but it's frustrating when Microsoft discontinues support for using its own devices with its own software. A cynic might speculate that Microsoft is trying to cut corners on support costs and force users to buy new hardware with a policy of planned obsolescense. Based on how well the fingerprint reader works in Windows 7 despite Microsoft's insistence, there's certainly evidence for that perspective.

Prerequisites

There are lots of fingerprint reader devices and different versions of Windows. This article refers only to the following hardware and software combination:
  • Microsoft USB Fingerprint Reader (pictured)
  • Microsoft Windows 7 (32-bit version)
    • These instructions refer to the retail ("RTM") version of Windows 7
    • These instructions assume a "clean install" of Windows 7. If you upgraded a Windows Vista installation that already contained the DigitalPersona software, users have reported that the fingerprint reader should continue working without any extra steps.
    • Some earlier prerelease versions of Windows 7 did not require these extra steps to install the driver software
    • These instructions will not work with the 64-bit version of Windows 7
Other similar fingerprint readers, like those built in to HP laptops, use different driver software and will not work with these instructions. This post refers only to Microsoft-branded devices.

Instructions

Follow the steps below to install the Fingerprint Reader driver software on Windows 7 (32-bit).

Step 1. Download DigitalPersona Password Manager 2.0.1

Follow any of the download links below. I am including multiple links in case Microsoft removes the installer in the future (since the product itself has been discontinued).

Step 2. Run the installer (DPPM_201_ENG.exe)

Now run the installer you downloaded from within Windows 7. You'll get an error message from the "Program Compatibility Assistant" (PCA), similar to this one:


Click "Cancel". We're going to have to bypass the PCA to get this installer to run.

Step 3. Bypass PCA

We're going to disguise the identity of the installer so the PCA will allow it to run. How does Windows know in advance which programs might be incompatible? It contains a hard-coded list of ID numbers for programs that Microsoft or another manufacturer has flagged as potentially dangerous (either to your computer or to the company's profit margin). We can't modify that hard-coded list, but we can change the ID number that the installer reports to Windows.

i. Find and copy the installer MSI file

When you ran the DigitalPersona installer -- even though it did not fully launch -- it extracted another install file to your computer. The other install file is called WIS73ECBBAB86D84A32854CDCAF90E63AFE_2_0_1.MSI and is found in the C:\Program Files\Common Files\Wise Installation Wizard folder. Locate the MSI file on your computer and copy it to your desktop (or another folder of your choice). You will be modifying this duplicate copy.

ii. Download and install Microsoft's Orca utility

Orca is a free utility distributed by Microsoft to make changes to MSI installer files. It's included as part of the Microsoft Windows SDK. Since the SDK is a huge download, it's easier to download Orca alone from one of these sources:
  • orca.msi (Download site #1 - Technipages)
  • orca.msi (Download site #2 - brentnorris.net)
  • orca.msi (Download site #3 - Colligo)
After downloading, double-click orca.msi to install Orca. If you prefer, you can also use an equivalent third-party tool like InstEd. However, the instructions that follow relate to Orca.

iii. Modify the MSI installer file with Orca

Find the Orca program in your Start menu and run the program. In Orca, open the duplicate copy you made of the DigitalPersona MSI installer file (the one with the really long filename, not the orca.msi file). It will look like this:



Find and click on the "Property" table in the left-hand Tables list, then locate the "ProductCode" property in the right-hand Property list. The current value should be a long string of numbers and letters as shown in the picture above. Double-click the value for the ProductCode property to edit it. Change the last letter "E" to the letter "F" and hit Enter, so that the ProductCode now looks like this: {73ECBBAB-86D8-4A32-854C-DCAF90E63AFF}

Save the file in Orca and close Orca. If you don't close Orca, you will not be able to proceed. That's all that is required; now that the installer has a slightly different product code, it will no longer match Windows' blacklist of dangerous programs.

iv. Open the modified MSI installer file

Now find the DigitalPersona MSI installer file you just modified on your computer and double-click it to open it. You should no longer receive a PCA error box. If you did, make sure you have closed Orca, make sure you are trying to run the correct file and double-check that you've completed these steps correctly.

Step 4. Complete the DigitalPersona installation

If you've followed the steps above, your DigitalPersona installer is now running. Make sure your fingerprint reader is plugged in. Click "Next" to proceed through the installation, but when you reach the last step, do not click Finish. Leave the installer running and do the following:
  • Browse to the following folder in Windows Explorer: C:\Program Files\DigitalPersona\Bin
  • Right-click DPAgnt.exe and open "Properties"
  • Open the "Compatibility" tab
  • Click "Change settings for all users"
  • Under "Compatibility mode", check "Run this program in compatibility mode for" and choose "Windows Vista"
    • There are 3 similar compatibility options listed: "Windows Vista", "Windows Vista (Service Pack 1)" and "Windows Vista (Service Pack 2)". I used the regular "Windows Vista" option.
  • Under "Privilege Level", check "Run this program as an administrator"
  • Click OK to close the "Compatibility for all users" box
  • Click OK to close the Properties box
  • Repeat these steps for each of the other EXE files in the same folder:
    • DPConsol.exe
    • DPExpImp.exe
    • DpFpLogonManager.exe
    • DpHost.exe
    • DPRunDll.exe
    • DPWinLct.exe

Now return to the installer and click the Finish button. The installer will ask to restart your computer; go ahead and allow it to restart Windows.

Step 5. Make some post-install changes

Once Windows restarts, browse back to the C:\Program Files\DigitalPersona\Bin folder in Windows Explorer. Right-click DPAgnt.exe and open "Properties" to the "Compatibility" tab once more. Click "Change settings for all users" and under "Privilege Level", uncheck "Run this program as an administrator". Click OK to close the "Compatibility for all users" box and OK again to close the Properties box. Make the same change to DPConsol.exe in the same folder.

Now restart Windows again, or just log out and log back in if you prefer.

Step 6. Complete the fingerprint reader setup

When Windows starts back up, the fingerprint reader initial setup window should appear automatically. Follow the instructions to set up your Windows logon password, fingerprints, and so on. You should now be able to use the fingerprint reader normally to log in to Windows and automatically enter other passwords in Windows 7.

Acknowledgements

The necessary file permissions were first discovered and documented by Saulo Castelo Sampaio and Dav at SevenForums.com.

Microsoft Fingerprint Readers and 64-bit Windows

Microsoft first fell short in its support of the fingerprint reader when it promised drivers for Windows Vista 64-bit, then failed to deliver them. The company eventually acknowledged its broken promise by quietly offering a refund to device owners who were unable to use the fingerprint reader with Vista 64-bit.

If you were affected by Microsoft's failure to fully support its fingerprint readers, you should request this refund. Follow the instructions at FatWallet to call Microsoft and claim your refund check. Mention that you were unable to use the device with Windows Vista 64-bit. Microsoft will ask for the PID number from the bottom of your fingerprint reader, but will not verify your copy of Windows Vista. Hopefully the expense of paying refund checks to disappointed users will motivate Microsoft and other vendors to fully honor their product support obligations.