none
Unable to Set Pin for Windows Hello RRS feed

  • Question

  • I have a domain joined windows 10 Machine I currenly have the below group policy set

    Computer Configuration -> Administrative Templates -> System -> Login -> Turn on Convenience Pin Sign" set to enabled

    When I run a rsop on the machine it shows that that policy is applying.

    Though whenever I go to set the pin on a workstation it is grayed out and I am unable to set it.  This is sad cause I am testing a surface pro 4 and I really want to try out the face sign in!

    Anyone got any ideas on what I could be missing everything I look at seems to point to that one group policy.

    I am using Current branch for business 1511


    • Edited by Ben Hos Tuesday, July 5, 2016 2:51 AM
    Tuesday, July 5, 2016 1:45 AM

Answers

  • Sorry for the delay on this but we worked it out.  In group policy "Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Microsoft Passport for work -> Use Microsoft Passport for Work

    It was set to Enabled we had to change it back to not configured.  See from the description below

    If you enable this policy, the device provisions Microsoft Passport for Work using keys or certificates for all users.

    The requirement for keys or certificates was causing the issues setting it to not configured allowed us to set the pin.

    • Marked as answer by Ben Hos Monday, July 11, 2016 11:29 PM
    Monday, July 11, 2016 11:29 PM

All replies

  • Hi benhos86,

    Did the issue occur with all the machines or the specific machine or the specific user? Are you the administrator of the domain?

    I have a Windows 10 machine joined to the domain. It is available for me to add a PIN sign-in method for the domain user.

    To troubleshoot whether the issue is caused by a domain policy, we could try to remove the machine from the domain to have a test.
    If it is available to use PIN after removing from the domain, we could run "gpresult /h >C:\gpresult.html" to get exact gpo information that has been applied to the machine.

    If it is not available to use PIN after removing from the domain, the related file or registry key`s permissions may have been corrupted. Please compare the following folder`s permission with a good one.
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
    We may consider to refresh the machine to recover the corrupted acls.

    Best regards


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, July 6, 2016 2:58 AM
    Moderator
  • Issue is happening with all domain joined windows 10 machines.  Yes I am an administrator on the domain

    I will test this today and get back to you thanks :)

    Wednesday, July 6, 2016 4:20 PM
  • Sorry for the delay on this but we worked it out.  In group policy "Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Microsoft Passport for work -> Use Microsoft Passport for Work

    It was set to Enabled we had to change it back to not configured.  See from the description below

    If you enable this policy, the device provisions Microsoft Passport for Work using keys or certificates for all users.

    The requirement for keys or certificates was causing the issues setting it to not configured allowed us to set the pin.

    • Marked as answer by Ben Hos Monday, July 11, 2016 11:29 PM
    Monday, July 11, 2016 11:29 PM