I am looking for a way to uniquely identify users of an extranet application i'm writing. It can't be based of the IP address because now days that changes more often than most people change their pants, it can't be a cookie because it needs to be persistent and cant be removed without running the terminal removal process. I was thinking something unique to the hardware of the PC and that wouldn't change. Before any of the privacy fans out there start abusing me as has been done in the past saying that I shouldn't be doing this, please take note that the browsers that are accessing the extranet application are company owned as are the computers and access should be restricted to authorised users. They need to be able to login once to a computer which they will always use and set persistent connection. Does anyone have any ideas.