information   Information
If you like, you can sign in to your account on a Windows 10 PC using a picture password.

You choose the picture and the three gestures you use with it to create a password that's uniquely yours. When you have chose a picture, you "draw" with the mouse, touchpad, or pin/finger on a touchscreen to create a combination of circles, straight lines, and taps. The size, position, and direction of your gestures become part of your picture password.

By default, PCs joined to a domain can sign in using a picture password unless disabled via policy.

This tutorial will show you how to enable or disable allowing domain users to set up and sign in to Windows 10 using a picture password.

You must be signed in as an administrator to enable or disable picture password for domain users.
warning   Warning
While this policy is suppose to only affect domain users, it appears that there is a bug causing this policy to actually affect all users on the PC whether the PC is joined to a domain or not.

CONTENTS:
  • Option One: To Enable or Disable Domain Users Sign-in using Picture Password in Group Policy
  • Option Two: To Enable or Disable Domain Users Sign-in using Picture Password using a REG file


EXAMPLE: Picture password on Sign-in screen
Disable Domain Users to Sign in with Picture Password to Windows 10-sign-in_picture_password.jpg






OPTION ONE

To Enable or Disable Domain Users Sign-in using Picture Password in Group Policy


Note   Note
Local Group Policy Editor is only available in the Windows 10 Pro, Enterprise, and Education editions. All editions can use Option TWO below though.


1. Open the Local Group Policy Editor.

2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)

Computer Configuration\Administrative Templates\System\Logon

Disable Domain Users to Sign in with Picture Password to Windows 10-domain_users_picture_password_gpedit-1.jpg

3. In the right pane of Logon in Local Group Policy Editor, double click/tap on the Turn off picture password sign-in policy to edit it. (see screenshot above)

4. Do step 5 (disable) or step 6 (enable) below for what you would like to do.


 5. To Disable Domain Users Sign-in using Picture Password

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)


 6. To Enable Domain Users Sign-in using Picture Password

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

NOTE: Not Configured is the default setting.

Disable Domain Users to Sign in with Picture Password to Windows 10-domain_users_picture_password_gpedit-2.png

7. When finished, you can close the Local Group Policy Editor if you like.





OPTION TWO

To Enable or Disable Domain Users Sign-in using Picture Password using a REG file


Note   Note
The .reg files below will add and modify the DWORD value in the registry key below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System

BlockDomainPicturePassword DWORD

0 or (delete) = Enable
1 = Disable

1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Domain Users Sign-in using Picture Password

NOTE: This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_Domain_users_Picture_Password_Sign-in.reg

Download


 3. To Disable Domain Users Sign-in using Picture Password

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_Domain_users_Picture_Password_Sign-in.reg

Download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. If you like, you can now delete the downloaded .reg file.


That's it,
Shawn


Related Tutorials



  • Windows 11 Tutorials