Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, December 4, 2018 7:25 PM
I have followed all the posts I can find about enabling this, including the group policy settings:
Computer>Administrative Templates>System>Logon>Turn on convenience PIN sign-in
Computer>Administrative Templates>Windows Components>Windows Hello for Business>Use Biometrics
Computer>Administrative Templates>Windows Components>Windows Hello for Business>Use Windows Hello for Business
As well as the following regedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
But still get the "something went wrong" error on the sign on page.
I would prefer to enable this for all my computers on the domain centrally on the domain group policy.
Follow me on Twitter - @chief7
All replies (10)
Wednesday, December 5, 2018 3:53 AM
Hi,
According to my research, we try to set the following policies:
Computer Configuration/Policies/Administrative Templates:
Windows Components/Biometrics/Allow the use of biometrics=>Enabled
Windows Components/Biometrics/Allow domain users to log on using biometrics => Enabled
(Or Allow users to log on using biometrics => Enabled)
System/Logon/ Turn on convenience PIN sign-in => Enabled
(This is the key. This enables PIN sign-in which in turn will enable Hello, together with the other settings.)
Windows Components/Windows Hello For Business/ Use biometrics => Enabled
Windows Components/Windows Hello For Business/ Use Windows Hello For Business => Enabled
Windows Components/Windows Hello for Business/ Use a hardware security device => Enabled
(if you want to use TPM instead of key or certificate based activation for Windows Hello).
Note that in general all business computers should have TPM
Similar case we can refer to:
Can't enable Windows Hello - Some settings are managed by your organization
https://superuser.com/questions/1113638/cant-enable-windows-hello-some-settings-are-managed-by-your-organization
The article we can refer to:
Manage Windows Hello for Business in your organization
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-manage-in-organization
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 5, 2018 2:04 PM
I set all these policies but still get the same error.
Follow me on Twitter - @chief7
Thursday, December 6, 2018 12:29 AM
Hi,
Please confirm the following points:
- What is the version of our domain controller?
- Does the group policy apply on all the Windows 10 1809?
- Can the group policy be applied successfully if it is applied to other Windows clients(such as Windows 10 1803 or 1709)?
4.We run gpresult /h C:\report.html on the client, can we please provide the gpresult report?
Reference:
Group Policy – GPResult Examples
https://blog.thesysadmins.co.uk/group-policy-gpresult-examples.html
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, December 10, 2018 1:11 AM
Hi,
If this question has any update? Also, for the question, is there any other assistance we could provide?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 12, 2018 1:29 AM
Hi,
I am just writing to see if this issue has any update. If anything is unclear, please feel free to let us know.
Again thanks for your time and have a nice day!
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, March 10, 2019 6:24 PM | 1 vote
Did you ever get this working? What settings did you use? I'm having the same issue with 1809.
Thursday, May 23, 2019 4:37 PM
I've been fighting this for a looong time. I've tried all these group policy settings: turn on convenience PIN login, enable windows hello for business, enable biometrics, etc. etc. etc. I finally found the solution.
The PCs in my company are Windows 10 build 1809. Mostly Lenovo X1 Yogas and P330s and some Surface Pros. They are domain-joined to a 2012 R2 domain and they are subscribed to Office 365 for email and Office Pro Plus. We have an E3 license in Office 365. When a user registers the Office apps using their own O365 license, it connects Windows to their work account. Disconnecting that allowed me to setup PIN and Fingerprint. Here's how to do it:
Go to Windows Settings -> Accounts -> Access Work or School. The key setting is the "Work or School Account" with the colorful windows logo by it. Disconnect that. Don't touch the "Connected to whatever domain" setting.
Then click on "Sign-in Options". Fingerprint and PIN are no longer greyed out. If it's still greyed out, then make sure "convenience PIN sign-in" is enabled.
Add the PIN, then the Fingerprint.
Go back to "Access Work or School" in Settings -> Accounts.
Click Connect and Enter the user's email address and password.
The only group policy currently in effect is the "Turn on Convenience PIN sign-in" setting under Policies, Administrative Templates, System, Logon. Note that this is NOT Windows Hello for Business. This is still just password stuffing. Some day, convenience PIN sign-in will be depracated and we'll have to do it the secure way.
Friday, December 20, 2019 6:52 PM
That didn't work for me, still grayed out. You did have my hopes up for a while!!
The Web Guy
Tuesday, February 25, 2020 2:27 PM
Didn't work for me either. Windows Hello is the most frustrating feature I've ever had to deal with.
I just wish Microsoft had a clear and concise guide for using it on-premises.
Thursday, July 9, 2020 1:44 AM
I resolved used this link:
https://youtu.be/T8txjqEIy2I