![]() ![]() Note that this is NOT Windows Hello for Business. The only group policy currently in effect is the "Turn on Convenience PIN sign-in" setting under Policies, Administrative Templates, System, Logon. ![]() Go back to "Access Work or School" in Settings -> Accounts.Ĭlick Connect and Enter the user's email address and password. If it's still greyed out, then make sure "convenience PIN sign-in" is enabled. Fingerprint and PIN are no longer greyed out. Don't touch the "Connected to whatever domain" setting. The key setting is the "Work or School Account" with the colorful windows logo by it. Go to Windows Settings -> Accounts -> Access Work or School. Disconnecting that allowed me to setup PIN and Fingerprint. When a user registers the Office apps using their own O365 license, it connects Windows to their work account. They are domain-joined to a 2012 R2 domain and they are subscribed to Office 365 for email and Office Pro Plus. Mostly Lenovo X1 Yogas and P330s and some Surface Pros. The PCs in my company are Windows 10 build 1809. I've tried all these group policy settings: turn on convenience PIN login, enable windows hello for business, enable biometrics, etc. ![]() I've been fighting this for a looong time. You can still use regular TPM for normal Windows Hello. If you want to use key or certificate based Windows Hello you can follow the guides in the links. Use Windows Hello forīusiness policy settings to manage PINs for Windows Hello for To enable aĬonvenience PIN for Windows 10, version 1607, enable the Group Policy You will find more optional configuration possibilities in System/Logon and Windows Components/Biometrics and Windows Components/Windows Hello for Business.īeginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. Windows Components/Biometrics/ Allow domain users to log on using biometrics => Enabled (I think this is enabled by default, but being explicit makes GP management a lot easier.) This enables PIN sign-in which in turn will enable Hello, together with the other settings.) System/Logon/ Turn on convenience PIN sign-in => Enabled (This is the key. Note that in general all business computers should have TPM Windows Components/Windows Hello for Business/ Use a hardware security device => Enabled (if you want to use TPM instead of key or certificate based activation for Windows Hello). Windows Components/Windows Hello For Business/ Use biometrics => Enabled Computer Configuration/Policies/Administrative Templates.You might copy those files first to a file share, because of permissions your regular user should not have on the central store.ģ) Setup a new GPO or add to an existing the following settings to enable Windows Hello: You can do so by copying your files from PolicyDefinitions (in windir on a Win10 Anniversary Update machine) into the PolicyDefinitions of the central store. To get it to work you have to follow these steps:ġ) Setup a Group Policy Central Store (you should already have that)Ģ) Get Windows 10 Anniversary Update Group Policy Templates. The reason is that Windows Hello is managed differently on domain joined computers, starting with the anniversary update. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |