Windows 11 offers a convenient and secure way to log in to your device using biometric authentication, such as facial recognition or fingerprint scanning. This feature provides an additional layer of security that can prevent unauthorized access to your device, especially in shared environments. However, in enterprise settings, system administrators might want to limit the use of biometrics and allow only authorized domain users to log in using this method.
In this article, we will explore the step-by-step process to allow or disallow domain users to log on using biometrics in Windows 11. We will cover different scenarios, including how to enable biometric authentication for domain users, how to disable it, and how to set up group policies to control biometric usage. Whether you’re an IT administrator or a regular Windows 11 user, this guide will help you manage biometric authentication settings and keep your device secure.
Enabling or disabling the use of Windows Hello Biometrics for domain users via the Local Group Policy Editor or Registry Editor is an important step in enhancing security and data protection. However, it may not always be necessary or appropriate for all users to have access to biometric authentication. In this article, we will provide step-by-step instructions on how to turn on or off Windows Hello Biometrics for domain users using the Local Group Policy Editor or Registry Editor.
How to Allow or Disallow Domain Users using Biometrics to Log on in Windows 11 using Local Group Policy Editor?
Follow these steps to allow or disallow Domain Users using Biometrics to Log on in Windows 11 using Local Group Policy Editor:-
Step 1. Open Local Group Policy Editor.
To access the Local Group Policy Editor, press the Windows key + R on your keyboard to open the Run dialog box. Type “gpedit.msc” and click OK. This will open the Local Group Policy Editor.
Step 2. Then, browse to the following folder in the left-hand pane of the Local Group Policy Editor:-
Computer Configuration > Administrative Templates > Windows Components > Biometrics
Step 3. On the right, double-click the setting “Allow domain users to log on using biometrics” to open.
Step 3. Now, select the Enabled option to enable and use the Windows Hello Biometrics service. If you want to prohibit the use of Windows Hello Biometrics service, then select the Disabled option instead.
Step 4. Click Apply.
Step 5. Click OK.
Step 6. Finally, restart your PC.
How to Allow or Disallow Domain Users using Biometrics to Log on in Windows 11 using Registry Editor?
If you cannot access the Local Group Policy Editor, you can also use the Registry Editor to enable or disable biometric authentication for domain users. Here are the steps:-
Step 1. Open Registry Editor.
To open the Registry Editor, press the Windows key + R on your keyboard to open the Run dialog box. Type “regedit” and click OK.
Step 2. Next, browse to the following path in the left sidebar:-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
Step 3. Now, right-click the Microsoft key and select the New > Key option. Set the name to Biometrics.
Step 4. On the right pane, right-click on the free space and select New > DWORD (32-bit) Value.
Step 5. Name the newly created REG_DWORD to Enabled.
Step 6. Double-click the Enabled REG_DWORD and set the “Value data” to “1” to turn on this feature. If you want to disable this feature, set the “Value data” to “0.”
Step 7. Click on the OK button to save your changes.
Step 8. Finally, reboot your PC to apply the changes.
Conclusion
In conclusion, these are the steps to enable or disable the use of Windows Hello Biometrics for domain users via the Local Group Policy Editor or Windows Registry Editor. Follow these steps to ensure that your device is secure and your data is protected.
