Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 7, 2016 4:50 PM
Hello
we are running Windows 10 Ent x64 ,
i try to Sign-In Whit FingerPrint ,Windows Hello
Local User its Work Grate , after Member To Domain the Windows Hello All was Gray
make this steps
How Enable Setup Windows Hello
All replies (5)
Wednesday, December 7, 2016 7:23 PM
From the link you provided;
Most important excerpt:
Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting Turn on convenience PIN sign-in. Use Windows Hello for Business policy settings to manage PINs for Windows Hello for Business.
Again from link you provided the solution;
| down vote | I found the solution. The reason is that Windows Hello is managed differently on domain joined computers, starting with the anniversary update. To get it to work you have to follow these steps: 1) Setup a Group Policy Central Store (you should already have that) 2) Get Windows 10 Anniversary Update Group Policy Templates. You can do so by copying your files from PolicyDefinitions (in windir on a Win10 Anniversary Update machine) into the PolicyDefinitions of the central store. You might copy those files first to a file share, because of permissions your regular user should not have on the central store. 3) Setup a new GPO or add to an existing the following settings to enable Windows Hello:
.../Windows Components/Windows Hello For Business/ Use biometrics => Enabled .../Windows Components/Windows Hello for Business/ Use a hardware security device => Enabled (if you want to use TPM instead of key or certificate based activation for Windows Hello). Note that in general all business computers should have TPM .../System/Logon/ Turn on convenience PIN sign-in => Enabled (This is the key. This enables PIN sign-in which in turn will enable Hello, together with the other settings.) .../Windows Components/Biometrics/ Allow domain users to log on using biometrics => Enabled (I think this is enabled by default, but being explicit makes GP management a lot easier.) You will find more optional configuration possibilities in System/Logon and Windows Components/Biometrics and Windows Components/Windows Hello for Business. |
Thursday, December 8, 2016 4:59 AM
Follow these steps but it still doesnt work
Thursday, December 8, 2016 6:08 AM
Hi eliabo,
I would assume this is a domain environment.
Are you the administrator of this domain? Have you deployed any related gpo to the domain?
Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting Turn on convenience PIN sign-in.
Computer Configuration -> Administrative Templates -> System -> Logon->Turn on convenience PIN sign-in
If you have deployed other related gpo(such as disabling the PIN sign-in), please remove them.
If you are not the domain administrator, you`d better to contact the domain administrator for help.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, December 8, 2016 7:06 AM
Hi
Yes I am Administrator
i also enable the " Turn On convenience PIN Sign In "
My domain environment. is OFFLINE ( DC Server 2008 R2 )
Friday, December 9, 2016 8:30 AM
Hi eliabo,
Put the machine out of the domain to verify whether the issue is related to the domain policy.
Run "gpresult /h C:\gpresult.html" to get a gpo result.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].