Fingerprint And PIN Options Unavailable In Windows 10 Update 1607

Did you enjoy this article?
Sharing Options:
Estimated Reading Time: 2 Minutes
5/5 - (3 votes)

This post was originally published on November 30, 2016
The latest update to this post was made 1 year ago.

PIN And fingerprint Sign-In Options Are Unavailable ImageFingerprint And PIN Options Unavailable In Windows 10 Update 1607

After installing Windows 10 Professional (Pro) or Enterprise (Ent) the PIN and fingerprint sign-in options are unavailable (greyed out) and the buttons are disabled.  This behavior does not exist on prior builds, including the 1511 update.  The “Picture Password” option still works and is available.  This behavior is noted on domain joined computers.

Starting with the 1607 update, this functionality must be enabled via group policy, manual registry key change or by using a .REG file export of the necessary change and running on the affected computer(s).  The key in question is “AllowDomainPinLogon”.  This value must be set to “1” to enable these functions.  This assumes you are running domain controllers on Windows Server 2012R2 or earlier.

Note: On 2016 Server domain controller deployments, you may also find group policy settings under COMPUTER -> Administrative Templates -> System -> Logon -> Turn On Convenience PIN Sign-In.  You can define this setting to ENABLED to effectively do the same thing as above on 2012R2 and earlier.

Resolution Methods:

OPTION 1 : Manually edit the registry on the affected computer(s):

  • Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
  • Create a new DWORD (32-bit Value) named “AllowDomainPINLogon”
  • Then set the value to 1 (Decimal)
  • Restart the computer for the changes to take effect

OPTION 2 : Create a group policy to make the registry change:

  • New Group Policy (or update existing) – in our example, we added to an existing USER policy.
  • Navigate to : User Configuration -> Preferences -> Windows Settings -> Registry
  • Choose New -> Registry Item
    • Under the ‘General Tab‘ – use these settings:
      • Action: Update
      • Key Path: SOFTWARE\Policies\Microsoft\Windows\System
      • Value Name: AllowDomainPINLogon
      • Value Type: REG_DWORD
      • Value Data: 1 (Decimal)
    • Under the ‘Common Tab‘ – use these settings:
      • Nothing selected (no checkboxes)
      • In our case we did not run this under the ‘logged in user securty context’ because we are modifying the ‘HKEY_LOCAL_MACHINE‘ hive which the logged in user may not have access to.
      • Restart the for the changes to take effect (after replication of group policy has completed!)
This article, also on Blog Encounters, may be of interest:  Setting A Reliable Time Server For Your PDC Emulator

OPTION 3 : Download the attached .REG file:

  • You can download and use the [allowdomainpin_fix.reg] file to make this change for you (provided by Blog Encounters Support).
  • You can manually run this file or deploy via group policy, however, OPTION 2 above is a better option for group policy deployments.

[See more] articles on Blog Encounters!

Tags: #windows10 #microsoft #techsupport #registry #enterprise #domain #windows


Sharing Options:
Did you enjoy this article?

Be the first to comment

Leave A Reply