i wanted to try if it is possible to use a fingerprint authorization for Windows 10 Pro within a domain. I enabled the following GPOs on our Windows 2012 server to test:
- Computer Configuration/Administrative Templates/System/Logon/Turn on convenience PIN sign-in
- Computer Configuration/Administrative Templates/Windows Components/Biometrics/Allow the use of biometrics
My goal would have been that domain users can either use their
fingerprint OR their domain password to log in. Since i like trial
and error i more or less just got into it and tested the
possibilities on my device. I now can either use my password, my
fingerprint or my PIN that i had to create in order to register my
fingerprints. I then learned that you cannot use fingerprint without
a PIN. I want to remove those WH4B login options from my own device
after my tests but i have a few problems:
- I cannot remove the PIN nor the fingerprint ("Some of these settings are hidden or managed by your organization" & "Something went wrong. Try again later.")
- disabling the settings in the GPO did not help
- deleting the GPO did not help
I am now stuck with my possibilies to either login with password, fingerprint or PIN even though the GPO does not exist anymore. The choices are still being shown on my lock screen and still work.
It doesn't bother me too much personally but i would like to fix this since a PIN is not what we intend to enroll.
Thank you!
Best regards
Edit: re-joining the domain did not help. i read that leaving the domain and running the command gpupdate /force /boot could help but unfortunately it did not.
