Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, May 22, 2018 10:41 AM
Hello,
I have a question about User Account Control (UAC) and the option to logon with a PIN.
My HP x360 1030 G2 laptop with Windows 10 Enterprise installed is joined to a domain. I'm able to setup Windows Hello (Fingerprint and Face Recognition) and need to be create a PIN.
From GPO, User Account Control is enabled. Everytime I want to install a new program, I need to enter my credentials. In the UAC prompt have 3 options to logon: 1, username and password; 2, Fingerprint; 3, Face recognition. But the option PIN is missing in the UAC prompt.
After this, I create a local account and remove the laptop from the domain. I logged in with my local account and setup Windows Hello again. Then I tried to install a program and the PIN option is available in the UAC prompt.
So why the PIN option to login is missing in the UAC prompt when the laptop is joined to a domain?
All replies (4)
Wednesday, May 23, 2018 3:51 AM
Hi,
I noticed you mentioned that" UAC prompt have 3 options to logon: 1, username and password; 2, Fingerprint; 3, Face recognition." Can you tell me what policy you configured?
To use a convenience PIN in Windows 10 Version 1607 or later, the following Group Policy setting must be configured: Category: Path Computer Configuration\Administrative Templates\System\Logon\ Turn on convenience PIN sign-in
You can also manage PIN complexity
Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business \PIN Complexity
Do not configure settings other than PIN complexity if you want to use a convenience PIN. Having Windows Hello for Business and Turn on convenience PIN sign-in enabled prevents you from setting a PIN.
Can't configure a PIN when Convenience PIN and Hello for Business policies are enabled in Windows 10
However, when you install an application, open application which need credential, you have to enter the password/username.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, May 24, 2018 8:49 AM
What is going on?
It is appreciated that you can mark it as an answer if my suggestions did any help to you.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, June 5, 2018 11:14 AM
The policy "Computer Configuration\Administrative Templates\System\Logon\ Turn on convenience PIN sign-in" is configured and the policy "Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business\Use a hardware security device"
The strange thing is I can setup a PIN and also the Fingerprint and Face Recognition.
The only thing I cannot is to use the PIN in a UAC popup.
Any idea why?
Wednesday, June 6, 2018 9:30 AM
AFAIK, the PIN code is part of Windows Hallo For Business. As you join to a domain, the feature is disabled by default. So you need to configure the policy to make it work.
However, in "UAC prompt have 3 options to logon" policy, there is no such option to enable PIN code in UAC prompt. So that makes sense why we can't enter PIN in UAC.
It is by design and it is appreciated for your understanding.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].