Configure biometric login via GPO

The Windows login via biometrics is becoming increasingly popular and can be configured by Windows home users easily and quickly via the Windows settings. Many are already using fingerprint or face recognition on their private Windows PCs.

In the company environment and when using networks with an Active Directory, however, group policies must first be activated so that the user can even use a biometical login .

Microsoft has provided a total of 3 GPOs for this biometric login , which must be activated depending on the requirements. You can find this biometric group policy under the following GPO branch.

Computer Configuration / Administrative Templates / Windows components with one / Biometrics

Here are the 3 important biometric GPOs .

  • Allow use of biometrics
  • Allow user login using biometrics
  • Allow domain user login using biometrics

This then looks like this.

Below you will find the explanations for the individual biometric GPOs .

Allow use of biometrics

This policy setting allows you to allow or prevent Windows Biometrics from running on this computer.

If you enable or do not configure this policy setting, the Windows Biometrics service is available and users can run applications that use Windows biometrics. If you want to enable logon using biometric data, you must also configure the policy setting “Allow user logon using biometrics”.

If you disable this policy setting , Windows Biometrics will not be available and users will not be able to use Windows biometrics features.

Note: Users who log on using biometrics should set up a disk with password recovery; this prevents data loss if a user forgets their credentials.

Allow user login using biometrics

This policy setting determines whether users can log on using biometric data or increase user account control permissions. By default, local users are allowed to log on to the local computer, but the policy setting “Allow domain user logon using biometrics” must be enabled for domain users to log on to the domain.

If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and increase user account control permissions using biometrics.

If you disable this policy setting , users cannot use biometrics to log on to a local Windows-based computer.

Allow domain user login using biometrics

This policy setting determines whether users can log on to a domain account using biometrics or increase user account control permissions.

If you enable or do not configure this policy setting, domain users in Windows can use biometrics to log on to a computer that is a member of a domain.

If you disable this policy setting , Windows prevents domain users from using biometrics to log on to a computer that is a member of a domain.

Note: Before Windows 10, the non-configuration of this policy setting prevented domain users from logging in using biometrics.

Windows biometric service

With the help of these 3 group guidelines for the biometric Windows login you have all setting options. It is also important that you make sure that the service on the clients

Windows biometric service  

started. With the Windows Biometrics service , biometric data can be recorded, compared, modified and saved in client applications without direct access to biometric hardware or samples. The service is hosted in a privileged SVCHOST process. This service should be started and the Start type service should be set to ” Automatic “.

If you are interested in further tips on “Windows registration” , we also recommend the following articles here on our Windows blog.

– Force secure Windows login using CTRL + ALT + DEL for Windows via GPO
– Display the number of failed logins on the Windows PC
– How does local logon work on a PC in the domain
– Show the user a note before logging on to Windows (Sign In Message )
– RDP message – A user
account
restriction prevents you from logging in – No login to the account possible – Secure logon with ALT + CTRL + DELETE for Windows
– Speed up the start of desktop applications after Windows logon
– Always on when restarting the computer and logging on wait for the network
– automatic user login after booting Windows
– greeting animation for Windows 10 turn off login by changing the registry
– deactivate animation for the first Windows 10 login
– server manager does not start automatically after Windows login

administrator