Enable Windows Hello Feature
If you are trying to use Windows Hello to use your face to login to a domain connected device (like a Surface Pro 4 for example) then you may find that the option to set it up is greyed out and not available to you.
This seems to be some sort of Microsoft bug and we have never found any definitive reason for why this happens, but we have found the fix for it.
These may also help you...
- How to Mass Unfollow on Instagram Online
- Windows Server 2008 R2 Evaluation Product Keys
- How to Mass Unfollow Everyone on Twitter
You need to make a small registry edit on your device. You can do this manually, download and run a .reg file from us or you can always use Group Policy.
Method 1 – Edit the registry manually
So, you go into regedit by clicking the Start button and typing regedit and press the Enter key. Then browse to the following location:
You then need to create a DWORD with the following values:
- DWORD Name = AllowDomainPINLogon
- Value = 1
Reboot your device and you should notice that you can now set your Windows Hello feature up.
Method 2 – Download a reg file
You can download a .reg file from us using the button below:
Then, just unzip the package and double click the .reg file. Allow it to make the change to your device and reboot. Again, you should now see that this Windows Hello feature is now available for you.
Method 3 – Group Policy
If your device is on a domain then you can create a Group Policy to apply this fix to multiple devices. Open up Group Policy and create a new Group Policy Object (or edit an existing one if you wish).
Then, go to the following location in the GPO:
Computer configuration > Administrative templates > Windows Components > Biometric
Then set the following settings:
- Allow domain users to log on using biometrics: Enabled
Then browse to this location in the GPO:
Computer configuration > Administrative templates > Windows Components > Windows Hello for Business
You should check that none of the settings are amended in this part of the GPO and all are set to Not configured:
Deploy the GPO to where you need to and this should enable Windows Hello.
If you have any questions or feedback on this guide, please feel free to leave us a message below.