Categories: Windows 11 & Windows 10Windows Server

SOLVED: Windows Hello PIN ADD Button is Greyed Out – THIS SETTING IS MANAGED BY YOUR ORGANIZATION

PIN’s used to work in Windows 10 with no changes to GPO’s but at some point in recent Win 10 ADMX templates, Microsoft added an odd setting.  They turned off PIN’s by default and you have to turn them on in via GPO if you want to use them on a domain connected user account.

This means that there is not a GPO that is blocking your use of PINs and the message “THIS SETTING IS MANAGED BY YOUR ORGANIZATION” is very misleading.

The solution to using PIN’s on a domain is quite easy:

  1. Open Group Policy Editor and either create a new policy or edit an existing one
  2. Expand Computer Configuration > Administrative Templates > System > Logon
  3. Double click on Turn on convenience PIN sign-in
  4. Select ENABLED
  5. Wait for your PC to sync with the domain or run a GPUPDATE /FORCE
  6. Have a nice day

This makes WINDOWS HELLO PINS optional, if you want to require a PIN go to USER > Administrative Templates > Windows Component, and select Windows Hello for Business

Also note that if you are a local administrator (i.e. on your corporate PC), you can also make this change in the LOCAL GROUP POLICY EDITOR by clicking START, typing GPEDIT.MSC .

This has been a up my butt for months now.  I could not find the GPO that was blocking the use of PIN’s no matter how many GPRESULT -R’s I ran, so I hope this helps your frustration level.

View Comments

  • This doesn't work for us either, also using a domain account. Maybe you should mention in your post that this is not a solution for everyone as clearly it is not working for many users. Thanks for posting though.

    • We have used this solution several times in recent months but it apparent there are other issues that can cause this problem. If you find any alternate solutions, please let us know. Thanks

    • I can assure you this does work in the situations we have run into. If it is not working for you, you are most likely skipping a step OR (more likely) have a different problem with the same symptom.

  • It doesn't work. The policy has applied correctly as shown in GPresult, still greyed out. But if login as a local user account it works, just not domain account.

    • I can assure you from experience that this process does work. If it did not solve the issue you are seeing then there is something else you need to look for (but we can't suggest what that would be).

1 2
Leave a Comment
Published by
Ian Matthews
Tags: PINWindows Hello
6 years ago

This website uses cookies.