How to Enable or Disable Domain Users using Biometrics to Log on in Windows 11

This article explains enabling or disabling domain users from using Windows Hello Biometrics to log on to Windows 11.

Windows 11 has a Windows Hello feature that provides a more personal and secure way to sign into Windows. With Windows Hello, one can use a PIN, facial recognition, or fingerprint to sign into their devices securely.

Most new Windows devices you purchase today will come with biometric features. In addition, windows will prompt you to use one biometric feature to protect your device and enhance your data security.

However, Windows Hello Biometrics may not be compatible with a domain environment where user management is centralized.

Here’s how to allow or disallow domain users from using Windows Hello Biometrics to log on to Windows 11.

Turn on or off the use of Windows Hello Biometrics for domain users via the Local Group Policy Editor

As described above, Windows Hello Biometrics features to enhance security and data protection. However, not in all cases can users use Windows biometrics features.

Here’s how to enable or disable it.

First, open the Local Group Policy Editor.

Then expand the following folders Computer Configuration -> Administrative Templates -> Windows Components -> Biometrics.

Computer Configuration -> Administrative Templates -> Windows Components -> Biometrics

Next, click on the Biometrics folder on the left panel, and double-click the setting on the right called “Allow domain users to log on using biometrics” to open.

Windows allow domain users to use biometrics to log on

When the setting window opens, select one of the options:

  • Not Configured – Same as enabled. The Biometrics service is available.
  • Enabled – Windows Hello Biometrics service is available to use.
  • Disabled – Windows Hello Biometrics service is unavailable, and users can use Biometrics.
Windows allow domain users to use windows hello biometrics
Windows allow domain users to use windows hello biometrics

Save your settings and restart your computer for the changes to apply.

Enable or disable domain users to Windows Hello Biometrics via Windows Registry Editor

Yet another way to turn on or off Windows Hello Biometrics in Windows is to use the Windows Registry Editor.

If you can’t open the Local Group Policy Editor, use the Windows Registry editor instead.

Open the Windows Registry, and navigate to the folder key path below.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft

If you don’t see the Biometrics folder key, right-click on the Microsoft key, then create the subkey (Biometrics) folders.

Windows allow the use of biometrics windows registry
Windows allow the use of biometrics windows registry

Right-click the Biometrics folder key’s right pane and select New -> DWORD (32-bit) Value. Type a new key named Enabled.

Double-click the new key item name (Enabled) and make sure the Base option is Decimal, and then update the Value data, making sure you keep your existing value:

  • To turn this feature on. Type 1.
  • To turn this feature off. Type 0.
Windows allow the use of biometrics windows registry value data updated
Windows allow the use of biometrics windows registry value data updated

Save your changes and restart your computer.

That should do it!

Conclusion:

This post showed you how to enable or disable Windows Hello Biometrics by domain users in Windows 11. If you find any error above or have something to add, please use the comment form below.