How to Enable or Disable Enhanced Anti-Spoofing for Windows Hello Face Authentification in Windows 10
If your Windows 10 PC supports Windows Hello and you have setup facial recognition, then you can enable enhanced anti-spoofing.
Enhanced anti-spoofing is an optional additional security feature for Windows Hello face authentication that acts as a countermeasure for any unauthorized access via spoofing. It is not enabled by default. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing.
This tutorial will show you how to enable or disable enhanced anti-spoofing for Windows Hello face authentication for all users in Windows 10.
You must be signed in as an administrator to enable or disable enhanced anti-spoofing.
Enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
Contents
- Option One: Enable or Disable Enhanced Anti-Spoofing for Windows Hello Face Authentification using Local Group Policy Editor
- Option Two: Enable or Disable Enhanced Anti-Spoofing for Windows Hello Face Authentification using a REG file
The Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions.
All editions can use Option Two below.
1 Open the Local Group Policy Editor.
2 In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
Computer Configuration\Administrative Templates\Windows Components\Biometrics\Facial Features
3 In the right pane of Facial Features in Local Group Policy Editor, double click/tap on the Configure enhanced anti-spoofing policy to edit it. (see screenshot above)
4 Do step 5 (disable) or step 6 (enable) below for what you would like to do.
A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)
Not Configured is the default setting.
7 When finished, you can close the Local Group Policy Editor if you like.
The downloadable .reg files below will modify the DWORD value in the registry key below.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures
EnhancedAntiSpoofing DWORD
(delete) = Disable
1 = Enable
1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Enable_enhanced_anti-spoofing_for_Windows_Hello_face_recognition.reg
Download
This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Disable_enhanced_anti-spoofing_for_Windows_Hello_face_recognition.reg
Download
4 Save the .reg file to your desktop.
5 Double click/tap on the downloaded .reg file to merge it.
6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
7 If you like, you can now delete the downloaded .reg file.
That's it,
Shawn
Related Tutorials
- Enable or Disable Facial Recognition Sign-in Option in Windows 10
- How to Set Up Windows Hello Face Recognition in Windows 10
- How to Remove Your Face from Windows Hello in Windows 10
- How to Improve Windows Hello Face Recognition in Windows 10
- How to Turn On or Off Automatically Dismiss Lock Screen for Windows Hello Face in Windows 10
- How to Enable or Disable Windows Hello Biometrics in Windows 10
- How to Enable or Disable Domain Users to Sign in to Windows 10 using Biometrics
- How to Enable or Disable Users to Sign in to Windows 10 using Biometrics