Biometrics Sign-in for Domain Users - Allow in Windows 8.1

How to Enable or Disable Biometrics Sign-in for Domain Users in Windows 8.1

information   Information
Starting in Windows 8.1 and Windows RT 8.1, a fingerprint registration application in PC settings is now included, thereby removing the need for a hardware manufacturer to provide such an application.

Local users (Microsoft and local accounts) are able to sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless disabled.

Domain users will not be able sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless enabled.


This tutorial will show you how to enable or disable users with a domain account to be able to elevate UAC and sign-in to Windows 8.1 or Windows RT 8.1 with biometrics (ex: fingerprint).

You must be signed in as an administrator to be able to do the steps in this tutorial.





OPTION ONE

Enable or Disable Fingerprint Sign-in for Domain Users using a REG File



Note   Note
The .reg files below are for the registry key and value below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider

Domain Accounts DWORD

0 = Disable Fingerprint for Domain users
1 = Enable Fingerprint for Domain users


1. Do step 2 or 3 below for what you would like to do.​
2. To Disable Fingerprint Sign-in for Domain Users
NOTE: This is the default setting.​
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Prevent_Domain_Users_to_Sign-in_using_Biometrics.reg
download
3. To Enable Fingerprint Sign-in for Domain Users
A) Click/tap on the Download button below to download the file below, and go to step 4 below.​
Allow_Domain_Users_to_Sign-in_using_Biometrics.reg
download
4. Save the .reg file to your desktop.​
5. Double click/tap on the downloaded .reg file to merge it.​
6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
7. When finished, you can delete the downloaded .reg file if you like.​






OPTION TWO

Enable or Disable Fingerprint Sign-in for Domain Users in Group Policy


NOTE: This option for using group policy is only available in the Windows 8.1 Pro, Windows RT 8.1 Pro, and Windows 8.1 Enterprise editions.
1. From the Start screen, start typing gpedit.msc, and press Enter when finished.​
NOTE: You could also press Windows+R to open the Run dialog, type gpedit.msc, and click/tap on OK.​
2. If prompted by UAC, then click/tap on Yes.​
3. In the left pane, click/tap on to expand Computer Configuration, Administrative Templates, Windows Components, and open Biometrics. (see screenshot below)​
Biometrics_GPEDIT-1.jpg
4. In the right pane of Biometrics, double click/tap on Allow domain users to log on using biometrics. (see screenshot above)​
5. Do step 6 or 7 below for what you would like to do.​
6. To Disable Fingerprint Sign-in for Domain Users
A) Select (dot) Disabled or Not Configured, click/tap on OK, and go to step 8 below. (see screenshot below step 7A)​
NOTE: Not Configured is the default setting.​
7. To Enable Fingerprint Sign-in for Domain Users
A) Select (dot) Enabled, click/tap on OK, and go to step 8 below. (see screenshot below)​
Biometrics_GPEDIT-4.jpg
8. You can now close the Local Group Policy Editor window if you like.​

That's it,
Shawn


 

Attachments

Last edited:
Hello David,

No. It will only use your fingerprint as the credential instead of a password. :)
 
Back
Top