How to Enable or Disable Biometrics Sign-in for Domain Users in Windows 8.1

Starting in Windows 8.1 and Windows RT 8.1, a fingerprint registration application in PC settings is now included, thereby removing the need for a hardware manufacturer to provide such an application.
Local users (Microsoft and local accounts) are able to sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless disabled.
Domain users will not be able sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless enabled.
This tutorial will show you how to enable or disable users with a domain account to be able to elevate UAC and sign-in to Windows 8.1 or Windows RT 8.1 with biometrics (ex: fingerprint).
You must be signed in as an administrator to be able to do the steps in this tutorial.
Local users (Microsoft and local accounts) are able to sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless disabled.
Domain users will not be able sign-in with a fingerprint (biometrics) by default in Windows 8.1 unless enabled.
This tutorial will show you how to enable or disable users with a domain account to be able to elevate UAC and sign-in to Windows 8.1 or Windows RT 8.1 with biometrics (ex: fingerprint).
You must be signed in as an administrator to be able to do the steps in this tutorial.
OPTION ONE
Enable or Disable Fingerprint Sign-in for Domain Users using a REG File

The .reg files below are for the registry key and value below.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider
Domain Accounts DWORD
0 = Disable Fingerprint for Domain users
1 = Enable Fingerprint for Domain users
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider
Domain Accounts DWORD
0 = Disable Fingerprint for Domain users
1 = Enable Fingerprint for Domain users
1. Do step 2 or 3 below for what you would like to do.
2. To Disable Fingerprint Sign-in for Domain Users
NOTE: This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Prevent_Domain_Users_to_Sign-in_using_Biometrics.reg
3. To Enable Fingerprint Sign-in for Domain Users
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Allow_Domain_Users_to_Sign-in_using_Biometrics.reg
4. Save the .reg file to your desktop.
5. Double click/tap on the downloaded .reg file to merge it.
6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.
7. When finished, you can delete the downloaded .reg file if you like.
OPTION TWO
Enable or Disable Fingerprint Sign-in for Domain Users in Group Policy
NOTE: This option for using group policy is only available in the Windows 8.1 Pro, Windows RT 8.1 Pro, and Windows 8.1 Enterprise editions.
1. From the Start screen, start typing gpedit.msc, and press Enter when finished.
NOTE: You could also press Windows+R to open the Run dialog, type gpedit.msc, and click/tap on OK.
2. If prompted by UAC, then click/tap on Yes.
3. In the left pane, click/tap on to expand Computer Configuration, Administrative Templates, Windows Components, and open Biometrics. (see screenshot below)
4. In the right pane of Biometrics, double click/tap on Allow domain users to log on using biometrics. (see screenshot above)
5. Do step 6 or 7 below for what you would like to do.
6. To Disable Fingerprint Sign-in for Domain Users
A) Select (dot) Disabled or Not Configured, click/tap on OK, and go to step 8 below. (see screenshot below step 7A)
NOTE: Not Configured is the default setting.
7. To Enable Fingerprint Sign-in for Domain Users
A) Select (dot) Enabled, click/tap on OK, and go to step 8 below. (see screenshot below)
8. You can now close the Local Group Policy Editor window if you like.
That's it,
Shawn
Attachments
Last edited: