Biometrics Sign-in for Domain Users - Allow in Windows 8.1

How to Enable or Disable Biometrics Sign-in for Domain Users in Windows 8.1

information   Information
Starting in Windows 8.1 and Windows RT 8.1, a fingerprint registration application in PC settings is now included, thereby removing the need for a hardware manufacturer to provide such an application.

Local users (Microsoft and local accounts) are able to sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless disabled.

Domain users will not be able sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless enabled.


This tutorial will show you how to enable or disable users with a domain account to be able to elevate UAC and sign-in to Windows 8.1 or Windows RT 8.1 with biometrics (ex: fingerprint).

You must be signed in as an administrator to be able to do the steps in this tutorial.





OPTION ONE

Enable or Disable Fingerprint Sign-in for Domain Users using a REG File



Note   Note
The .reg files below are for the registry key and value below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider

Domain Accounts DWORD

0 = Disable Fingerprint for Domain users
1 = Enable Fingerprint for Domain users


1. Do step 2 or 3 below for what you would like to do.​
2. To Disable Fingerprint Sign-in for Domain Users
NOTE: This is the default setting.​
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Prevent_Domain_Users_to_Sign-in_using_Biometrics.reg
download
3. To Enable Fingerprint Sign-in for Domain Users
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Allow_Domain_Users_to_Sign-in_using_Biometrics.reg
download
4. Save the .reg file to your desktop.​
5. Double click/tap on the downloaded .reg file to merge it.​
6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
7. When finished, you can delete the downloaded .reg file if you like.​






OPTION TWO

Enable or Disable Fingerprint Sign-in for Domain Users in Group Policy


NOTE: This option for using group policy is only available in the Windows 8.1 Pro, Windows RT 8.1 Pro, and Windows 8.1 Enterprise editions.
1. From the Start screen, start typing gpedit.msc, and press Enter when finished.​
NOTE: You could also press Windows+R to open the Run dialog, type gpedit.msc, and click/tap on OK.​
2. If prompted by UAC, then click/tap on Yes.​
3. In the left pane, click/tap on to expand Computer Configuration, Administrative Templates, Windows Components, and open Biometrics. (see screenshot below)​
Biometrics_GPEDIT-1.jpg
4. In the right pane of Biometrics, double click/tap on Allow domain users to log on using biometrics. (see screenshot above)​
5. Do step 6 or 7 below for what you would like to do.​
6. To Disable Fingerprint Sign-in for Domain Users
A) Select (dot) Disabled or Not Configured, click/tap on OK, and go to step 8 below. (see screenshot below step 7A)​
NOTE: Not Configured is the default setting.​
7. To Enable Fingerprint Sign-in for Domain Users
A) Select (dot) Enabled, click/tap on OK, and go to step 8 below. (see screenshot below)​
Biometrics_GPEDIT-4.jpg
8. You can now close the Local Group Policy Editor window if you like.​

That's it,
Shawn


 

Attachments

  • Allow_Domain_Users_to_Sign-in_using_Biometrics.reg
    658 bytes · Views: 16,890
  • Prevent_Domain_Users_to_Sign-in_using_Biometrics.reg
    632 bytes · Views: 2,833
  • Biometric_Devices.png
    Biometric_Devices.png
    9.5 KB · Views: 250
Last edited:
Will this only enter my password or my username AND password, so as not to use the keyboard all?
 

My Computer

System One

  • OS
    Windows 8 & Windows 7 Dual Boot
    Computer type
    Laptop
    System Manufacturer/Model
    HP G60
    CPU
    AMD Turion RM-70 Dual Core 2.0 GHZ
    Memory
    3 GB
    Graphics Card(s)
    Nvidia GeForce 8200M G
    Screen Resolution
    1366 x 768
    Mouse
    MS Intellipoint 5 button (love it!)
    Browser
    Chrome and Chromium
    Antivirus
    Avast Free & Malwarebytes
Hello David,

No. It will only use your fingerprint as the credential instead of a password. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
Back
Top