Estimated reading time: 2 minutes
Introduction
If you are trying to use Windows Hello to use your face to login to a domain connected device (like a Surface Pro 4 for example) then you may find that the option to set it up is greyed out and not available to you.
This seems to be some sort of Microsoft bug and we have never found any definitive reason for why this happens, but we have found the fix for it.
You need to make a small registry edit on your device. You can do this manually, download and run a .reg file from us or you can always use Group Policy.
Method 1 – Edit the registry manually
So, you go into regedit by clicking the Start button and typing regedit and press the Enter key. Then browse to the following location:
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem
You then need to create a DWORD with the following values:
- DWORD Name = AllowDomainPINLogon
- Value = 1
Reboot your device and you should notice that you can now set your Windows Hello feature up.
Method 2 – Download a reg file
You can download a .reg file from us using the button below:
Download Windows Hello Registry Fix
Then, just unzip the package and double click the .reg file. Allow it to make the change to your device and reboot. Again, you should now see that this Windows Hello feature is now available for you.
Method 3 – Group Policy
If your device is on a domain then you can create a Group Policy to apply this fix to multiple devices. Open up Group Policy and create a new Group Policy Object (or edit an existing one if you wish).
Then, go to the following location in the GPO:
Computer configuration > Administrative templates > Windows Components > Biometric
Then set the following settings:
- Allow domain users to log on using biometrics: Enabled
Then browse to this location in the GPO:
Computer configuration > Administrative templates > Windows Components > Windows Hello for Business
You should check that none of the settings are amended in this part of the GPO and all are set to Not configured:
Deploy the GPO to where you need to and this should enable Windows Hello.
Feedback
If you have any questions or feedback on this guide, please feel free to leave us a message below.
Share this content:
Hi I’m running Windows Server 2008r2 Domain Level 2008r2, we dont have the “Windows Hello for Business” option in the GPo, i’m guessing we have to upgrade out domain level? is there a way to do this by Regkey?
Hi I’m running Windows Server 2008r2 Domain Level 2008r2, we dont have the “Windows Hello for Business” option in the GPo, i’m guessing we have to upgrade out domain level? is there a way to do this by Regkey?
There is also the regkey way of doing it – method 1 in our guide above. Should be able to use Group Policy Preferences to push/update the regkey then.
You should be able to download a Group Policy template (admx) for it. I’ve had this working on a Windows 2008 domain so it can be done. You could install RSAT tools for Windows 10 and then run the Group Policy console from a Windows 10 machine and find it in there.
There is also the regkey way of doing it – method 1 in our guide above. Should be able to use Group Policy Preferences to push/update the regkey then.
You should be able to download a Group Policy template (admx) for it. I’ve had this working on a Windows 2008 domain so it can be done. You could install RSAT tools for Windows 10 and then run the Group Policy console from a Windows 10 machine and find it in there.
There is also the regkey way of doing it – method 1 in our guide above. Should be able to use Group Policy Preferences to push/update the regkey then.
You should be able to download a Group Policy template (admx) for it. I’ve had this working on a Windows 2008 domain so it can be done. You could install RSAT tools for Windows 10 and then run the Group Policy console from a Windows 10 machine and find it in there.
Hi I’m running Windows Server 2008r2 Domain Level 2008r2, we dont have the “Windows Hello for Business” option in the GPo, i’m guessing we have to upgrade out domain level? is there a way to do this by Regkey?