Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, March 22, 2019 8:40 PM
PIN not available message after moving a hard drive imaged with Windows 10 Enterprise, and having Hello PIN authentication, to a similar series laptop (similar hardware, similar BIOS settings). The original laptop is part of the Active Directory Azure. We migrated recently to this type of build, using PIN authentication, with the Azure ID. The older password authentication was allowing us to swap laptops having hardware issues (not part of Azure), with similar model, simply take the hard drive and install to the new one. With the Hello PIN authentication and the Active Directory Azure ID, the PIN will not work after moving the hard drive to the other machine (while if I put it back to the original laptop, PIN works OK).
In my understanding the Hello PIN is local to the original device, and backed by the Trusted Platform Module (TPM) chip (like BitLocker).
For the BitLocker encryption, which is also backed by the TPM, I am suspending the protection prior to moving the hard drive to the new machine, with same hardware and BIOS settings, it will work no problems.
This time I get to the login screen, I enter the PIN, I get message that the PIN is not available.
I am wondering if there is any step that can be done prior to removing the hard drive from the original machine, for the PIN authentication to work into the new similar model laptop.
Anyone has an idea?
All replies (3)
Monday, March 25, 2019 7:26 AM
PIN is based on machine rather than account or system, it’s important. Your understanding is basically correct.
/en-us/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password
In order to move hard disk to another laptop, you’d better remove the PIN, after insert disk, create a new PIN again, there is not other method.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, March 26, 2019 1:37 PM
Thank you for the answer Teemo, it is much appreciated.
I wanted to try removing the PIN. except the Remove button does not show, we have only the Change button, underneath the PIN.
I checked some procedure to remove the PIN and I see that the screenshot shows a Remove button, and the computer involved has the Windows Hello activated.
I am wondering how to make the Remove button to show in our machines, to remove the PIN prior to removing the hard drive from the machine.
Thanks again!
NIck
Wednesday, March 27, 2019 1:31 AM
You are welcome.
Sorry, one thing I forget to explain , once we turn on Windows Hello, PIN cannot be removed, because all another sign-in options based on a valid PIN, in order to let you enter system when other sign-in options fail.
If your machine is a domain-joined computer, leave domain, go to Settings -> Accounts -> Access Work or school -> disconnected the current "Work or school account" and by adding it again it allowed to setup new pin. So it was not GPO controlled.
Also check this case
Unable to set or remove a login PIN on Windows 10
https://superuser.com/questions/1279400/unable-to-set-or-remove-a-login-pin-on-windows-10
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].