Published by


Brink's Avatar
Administrator

Posts: 25,217

Show Printable Version 


How to Enable or Disable Domain Users to Sign in with PIN to Windows 10

information   Information
Windows Hello in Windows 10 enables users to sign in to their device using a PIN (Personal Identification Number). You can use this PIN to sign in to Windows, apps, and services.

One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!

Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.

For more details, see:

By default, PCs joined to a domain cannot sign in using a PIN unless enabled via policy.

This tutorial will show you how to enable or disable allowing domain users to set up and sign in to Windows 10 using a PIN.

You must be signed in as an administrator to enable or disable PIN for domain users.


CONTENTS:
  • Option One: To Enable or Disable Domain Users Sign-in using PIN in Group Policy
  • Option Two: To Enable or Disable Domain Users Sign-in using PIN using a REG file





Enable or Disable Domain Users to Sign in with PIN  to Windows 10 OPTION ONE Enable or Disable Domain Users to Sign in with PIN  to Windows 10
To Enable or Disable Domain Users Sign-in using PIN in Group Policy

Note   Note
Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions. All editions can use Option TWO below though.


1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\System\Logon

Name:  Allow_PIN_for_Domain_users_gpedit-1.jpg
Views: 4485
Size:  96.0 KB

3. In the right pane of Logon in Local Group Policy Editor, double click/tap on the Turn on convenience PIN sign-in policy to edit it. (see screenshot above)

4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


 5. To Enable Domain Users Sign-in using PIN

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)


 6. To Disable Domain Users Sign-in using PIN

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

NOTE: Not Configured is the default setting.

Name:  Allow_PIN_for_Domain_users_gpedit-2.png
Views: 4516
Size:  40.0 KB

7. When finished, you can close the Local Group Policy Editor if you like.





Enable or Disable Domain Users to Sign in with PIN  to Windows 10 OPTION TWO Enable or Disable Domain Users to Sign in with PIN  to Windows 10
To Enable or Disable Domain Users Sign-in using PIN using a REG file

Note   Note
The .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

AllowDomainPINLogon DWORD

0 or (delete) = Disable
1 = Enable


1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Domain Users Sign-in using PIN

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_Domain_users_PIN_Sign-in.reg

download


 3. To Disable Domain Users Sign-in using PIN

NOTE: This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_Domain_users_PIN_Sign-in.reg

download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. If you like, you can now delete the downloaded .reg file.


That's it,
Shawn