If you buy a reader from DigitalPersona you can use it to enable domain logon. If you use the Microsoft OEM version you'll find out that this is specifically disabled. Seems that the nitwits over in the security group think it isn't as secure as a password. We all know how secure passwords are, right?!
Anyway, I wish them the best of luck. They've worked so hard on this and it's really great to see it taking off!
p.s. When I made the decision to leave Microsoft there were two companies on the top of my list that I wanted to work at. One was Vintela and the other was DigitalPersona.
Active Directory, Digital Persona, Group Policy