Last updated on April 1st, 2023 at 08:41 pm
If you are trying to use Windows Hello to use your face to login to a domain connected device (like a Surface Pro 4 for example) then you may find that the option to set it up is greyed out and not available to you.
This seems to be some sort of Microsoft bug and we have never found any definitive reason for why this happens, but we have found the fix for it.
Method 1 – Edit the registry manually
So, you go into regedit by clicking the Start button and typing regedit and press the Enter key. Then browse to the following location:
You then need to create a DWORD with the following values:
- DWORD Name = AllowDomainPINLogon
- Value = 1
Reboot your device and you should notice that you can now set your Windows Hello feature up.
Method 2 – Download a reg file
You can download a .reg file from us using the button below:
Then, just unzip the package and double click the .reg file. Allow it to make the change to your device and reboot. Again, you should now see that this Windows Hello feature is now available for you.
Method 3 – Group Policy
If your device is on a domain then you can create a Group Policy to apply this fix to multiple devices. Open up Group Policy and create a new Group Policy Object (or edit an existing one if you wish).
Then, go to the following location in the GPO:
Computer configuration > Administrative templates > Windows Components > Biometric
Then set the following settings:
- Allow domain users to log on using biometrics: Enabled
Then browse to this location in the GPO:
Computer configuration > Administrative templates > Windows Components > Windows Hello for Business
You should check that none of the settings are amended in this part of the GPO and all are set to Not configured:
Deploy the GPO to where you need to and this should enable Windows Hello.
If you have any questions or feedback on this guide, please feel free to leave us a message below.
If you want to be notified when we post more quality guides like this one, sign up to our free subscription service and you will receive an email when a new post is live.
No need to worry, we will not be filling your inbox with spam and you can unsubscribe anytime you like.