Hi,
> At the end of the day, if you need to really be secure, you need to have > some kind of state on the client machine (Kerberos password, 802.1x > credentials, etc.)--which generally doesn't exist on a clean image. > > > 'Clean image' runs on a particular machine which, it seems to me, can be fingerprinted before. For some machines there will be the vendor serial/service tag available, for some there will be e.g. memory module serial or disk serial number. Combination of e.g. service tag, disk serial number and memory module serials seems reasonably close to being unique and immutable. Regards Michal Michal
