Posted by: Jeremy Benisek (CyberAxe) Don't Panic Business Technologies | January 24, 2017

Pin Code / Pin Password on Windows 10 greyed out on domain join PCs

Problems:

Recently I upgraded some workstations to latest Windows 10 build 1607 which worked fine. But after the upgrade the Pin code / Password option is now greyed out and can’t be used. This only applies to Workstations on Active Directory (AD) network joined computers.

Background:

In build 1607 Microsoft added a group policy to the server which now forces Pin codes off by default. This policy must be changed before it will work on any system that upgrades to 1607. If you have the setting on before the upgrade then it will stay on until the system is reset/reloaded. If the pin is removed you can not re-add it. However, if it’s a fresh install or the setting wasn’t on previously then you must turn it on by policy.

Solution:

Update your Group Policy settings to allow pin code / pin passwords on your network.

Computer Configuration -> Administrative Templates -> System -> Logon -> Turn on pin sign-in

Important

The Group Policy setting Turn on PIN sign-in does not apply to Windows Hello for Business. Use the Turn on PIN sign-in setting to allow or deny the use of a convenience PIN for Windows 10, version 1607.

Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting Turn on convenience PIN sign-in. Learn more in the blog post Changes to Convenience PIN/Windows Hello Behavior in Windows 10, version 1607.

Use Windows Hello for Business policy settings to manage PINs for Windows Hello for Business.

 

 

 

Source:

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/implement-microsoft-passport-in-your-organization

https://blogs.technet.microsoft.com/ash/2016/08/13/changes-to-convenience-pin-and-thus-windows-hello-behaviour-in-windows-10-version-1607/

https://social.technet.microsoft.com/Forums/windows/en-US/84a0bd50-1360-4a94-bfb3-b049ecace521/pin-and-fingerprint-signin-options-unavailable-greyed-out-in-windows-10-1607-enterprise?forum=win10itprogeneral

https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-policies-are-enabled-in-windows-10-anniversary-update

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: