Fingerprint readers are input devices used to improve computer security. Many fingerprint sensors work as passwords for user accounts. Unlike normal text-based passwords, fingerprints cannot be guessed or 'cracked' by traditional means. For a fingerprint reader to work, its associated software must be installed and configured on the host system.
How to Enable or Disable Domain Users to Sign in to Windows 10 using Biometrics Windows Hello biometrics lets you sign in to your devices, apps, online services, and networks using your face, iris, or fingerprint. For more information about Windows Hello. Use fingerprint to log in to Windows 10. Step 4: On the Windows Hello setup wizard, click Get started button. Step 5: When you are asked to enter your account PIN, please enter the PIN to continue. Step 6: Next, you will be asked to swipe your finger on the fingerprint reader. On the fingerprint reader.
Step 1
Plug your fingerprint scanner into your machine. Most fingerprint scanners connect via Universal Serial Bus (USB) ports. If the connection is successful, your computer will display a message saying that a device has been recognized.
Step 2
Install fingerprint reader software. The software generally comes on a CD with the reader. You need administrative access to install the program on your computer.
Step 3
Register a fingerprint with the software by pressing your finger against the scanner. This print is used as a password for applications and user accounts. Depending on your scanner model, you may need to do some additional configuration. For example, you may need to create a master password for resetting fingerprint log-ins.
Test the fingerprint scanner. Try logging in to an application such as a user account with your new fingerprint. If the log-in fails, check your user manual for troubleshooting tips.
Video of the Day
- fingerprint image by dip from Fotolia.com
More Articles
This solution details how to enable domain user logons to a specific computer using a biometric fingerprint reader. This was written because there was a need to do this using a Lenovo X1 Carbon, but it can be used on any Windows 8.1 or Windows 7 computer that uses Biometrics.
This is written for Microsoft Window 8.1 but can be used on Win7, Win8, Win8.1, and Windows 10. (Updated 20Mar2017)
On Microsoft Windows 7 or Windows 8 systems, the user can enable the Domain account logon from the biometric settings in the Control Panel. However, the biometric settings are not available in the Control Panel on Microsoft Windows 8.1 system. To enable the Domain account logon on Microsoft Windows 8.1 systems complete the steps below.
This was found on Lenovo's support site.
https://support.lenovo.com/us/en/documents/ht080824
8 Steps total
Step 1: Click 'Start'
Step 2: Type 'GPEDIT.msc' and press enter
This will display the Local Group Policy Editor Window
Step 3: Expand the Group Policy
Expand 'Computer Configuration > Administrative Templates > Windows Components > Biometrics'
Step 4: Double Click
Double click on 'Allow Domain users to log on using biometics' in the right pane. The 'Allow domain users to log on using biometrics' window is displayed.
Step 5: Enable
Select 'Enabled'
Step 6: OK
Click 'OK'
Step 7: Close GPEDIT.msc
Step 8: Task Complete
References
- Lenovo Support
13 Comments
- JalapenoJamie K Oct 6, 2016 at 09:28pm
Exactly what I was looking for, perfectly laid out. Thanks!
Process is the same in Windows 10.
- PoblanoChris48 Apr 3, 2017 at 07:31pm
I tried this and rebooted several times, and the pin and hello are still both grayed out
- JalapenoHeath3321 Apr 3, 2017 at 07:51pm
Hi Chris, sorry to hear that this did not resolve your issue. What hardware are you working with? Is the fingerprint reader enabled in the device manager?
- Pimientosarahkmiller May 15, 2017 at 11:42pm
I've been trying to solve this as well. Followed the steps above and no joy. Rebooted, verified that the setting remained enabled, verified that fingerprinter scanner is enabled. On Surface Pro 3, Windows 10. Any other suggestions?
- PimientoTim9201 May 17, 2017 at 05:58pm
Same problem. Didn't help. I tried this and rebooted several times, and the pin and hello are still both grayed out
- PoblanoWilliam Richard Jun 23, 2017 at 02:25pm
I tried the same steps but was not having any luck with it.
1. Enable UAC (mine was disabled)
2. Reboot
3. Set Fingerprint and Facial Recognition as needed
4. Disable UAC
5. RebootEnjoy
- SonoraChipOhio Jun 30, 2017 at 10:14pm
I tried all of the above to no avail. I insured GPO was sync'd and set properly. Ultimately what seemed to do the trick for Windows 10 was to update a registry entry as outlined below:
[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSystem]
'AllowDomainPINLogon'=dword:00000001 - Pimientoplexustech Jul 5, 2017 at 05:43pm
Three things need to be edited in GPO:
Computer Configuration > Administrative Templates > Windows Components > Biometrics>Allow Domain users to log on using biometics
enabled in GPO (local or domain)Computer>Administrative Templates>System>Logon>Turn on convenience PIN sign-in
enabled in GPO (local or domain)Computer>Administrative Templates>Windows Components>Windows Hello for Business>Use Windows Hello for Business
Not defined in GPO (local and domain)The middle item adds the registry key listed above by ScottFWalker.
- AnaheimGreg6926 Jul 13, 2017 at 01:58pm
I had to enable the two below for a user to be able to use the fingerprint biometrics on a Lenovo Laptop with Windows 10 Pro (in a server 2012 AD environment)
Computer Configuration > Administrative Templates > Windows Components > Biometrics>Allow Domain users to log on using biometics
enabled in GPO (local or domain)Computer>Administrative Templates>System>Logon>Turn on convenience PIN sign-in
enabled in GPO (local or domain) - Anaheimhusainsundrani Apr 29, 2018 at 04:57am
Goto: Control PanelAll Control Panel ItemsBiometric Devices
Click: Change Biometric Settings
Click both:
Allow users to log on to Windowsd using their fingerprints
and
Allow users to log on to a domain using their fingerprints
Restart the computer. - Sonorakaranik May 15, 2018 at 04:46pm
This is a solution for Centralized User Management via Active Directory Tools.
http://www.biolinksolutions.com/biometric-authentication-integrated/ - SonoraRick777pp May 22, 2019 at 08:04pm
Anyone else with the same problem? I did step by step and it did not allowed me to set fingerprint is grayed out.
- SonoraMountainDude May 23, 2019 at 04:45pm
I've been fighting this for a looong time. I've tried all these group policy settings: turn on convenience PIN login, enable windows hello for business, enable biometrics, etc. etc. etc. I finally found the solution.
The PCs in my company are Windows 10 build 1809. Mostly Lenovo X1 Yogas and P330s and some Surface Pros. They are domain-joined to a 2012 R2 domain and they are subscribed to Office 365 for email and Office Pro Plus. We have an E3 license in Office 365. When a user registers the Office apps using their own O365 license, it connects Windows to their work account. Disconnecting that allowed me to setup PIN and Fingerprint. Here's how to do it:
1. Go to Windows Settings -> Accounts -> Access Work or School. The key setting is the 'Work or School Account' with the colorful windows logo by it. Disconnect that. Don't touch the 'Connected to whatever domain' setting.
2. Then click on 'Sign-in Options'. Fingerprint and PIN are no longer greyed out. If it's still greyed out, then make sure 'convenience PIN sign-in' is enabled.
3. Add the PIN, then the Fingerprint.
4. Go back to 'Access Work or School' in Settings -> Accounts.
5. Click Connect and Enter the user's email address and password.
The only group policy currently in effect is the 'Turn on Convenience PIN sign-in' setting under Policies, Administrative Templates, System, Logon. Note that this is NOT Windows Hello for Business. This is still just password stuffing. Some day, convenience PIN sign-in will be depracated and we'll have to do it the secure way.