Tailoring Biometric Access Control: Windows 11, Domains

Tailoring Biometric Access Control: Windows 11, Domains

Richard Lv13

Tailoring Biometric Access Control: Windows 11, Domains

Biometric authentication allows you to quickly log in to the system using fingerprint, facial, or iris recognition. However, what if you want to prevent a domain user from logging in using biometrics?

This article will show some quick ways to allow or block a domain user from logging on using biometrics in Windows 11.

How to Allow or Block a Biometrics Log-On via the Local Group Policy Editor

The quickest way to configure your computer to allow or block a biometrics scan for domain users is through the Local Group Policy Editor. Here are the steps you need to follow:

  1. Press the Win + R key to open the Run tool.
  2. Type gpedit.msc in the search bar and click OK.
  3. In the Local Group Policy Editor, head towards the following location:
    Computer Configuration > Administrative Templates > Windows Components > Biometrics
  4. Double-click on the Allow domain users to log on using biometrics policy in the right pane.
    Allow domain users to log on using biometrics policy in the Local Group Policy Editor
  5. Choose the Enabled option to allow biometrics log on for the domain users. And choose the Disabled option to block biometrics log on for the domain users.
    Enable option in the Local Group Policy Editor
  6. Click Apply > OK to save the changes.

How to Allow or Block a Biometrics Log-On Using the Registry Editor

Another way to configure biometrics log-on for the domain users is through the Registry Editor. Here’s how:

Editing the registry is risky, as one wrong edit can make your system unstable. Therefore, make sure to back up the registry and create a restore point before proceeding with the steps.

  1. Open the Run tool, type regedit in the search bar, and press Enter.
  2. In the Registry Editor, navigate to the following location:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider
  3. Right-click the Credential Provider key in the left sidebar, hover the cursor to New, and choose DWORD (32-bit) Value.
    DWORD (32-bit) Value in the Registry Editor
  4. Name the value Domain Accounts.
    Naming the Value Domain Accounts
  5. Double-click on the Domain Accounts value, type 1 in the Value data section to enable biometrics log on and 0 to disable biometrics log on for domain users.
    Editing the Value data
  6. Click OK to save the changes.

Control Biometrics Logins on Your Computer

Securing sensitive information has now become more important than ever. If you want to allow or block a domain user from logging on using biometrics, you can do that using the above methods.

This article will show some quick ways to allow or block a domain user from logging on using biometrics in Windows 11.

  • Title: Tailoring Biometric Access Control: Windows 11, Domains
  • Author: Richard
  • Created at : 2024-08-28 01:12:00
  • Updated at : 2024-08-29 01:12:00
  • Link: https://win11-tips.techidaily.com/tailoring-biometric-access-control-windows-11-domains/
  • License: This work is licensed under CC BY-NC-SA 4.0.