Allow domain users to log on using biometrics

This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics. By default domain users cannot use biometrics to log on. If you enable this policy setting domain users can log on to a Windows-based domain-joined computer using biometrics. Depending on the biometrics you use enabling this policy setting can reduce the security of users who use biometrics to log on. If you disable or do not configure this policy setting domain users are not able to log on to a Windows-based computer using biometrics. Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials.

Additional Information

  1. Registry path is:

    HKEY_LOCAL_MACHINE -> SOFTWARE -> Policies -> Microsoft -> Biometrics -> Credential Provider # Domain Accounts

  2. The Administrative Template path is:

    Windows Components -> Biometrics


* Making mistakes while changing registry values can affect your system adversely. We recommend you to create a System Restore point before making registry manipulation. If you're new to Registry Editor, read this beginner's guide.
** To locate the registry and administrative template path, checkout beginner's guide.
You're here :
Checkout Kapil Sparks™