PIN’s used to work in Windows 10 with no changes to GPO’s but at some point in recent Win 10 ADMX templates, Microsoft added an odd setting.  They turned off PIN’s by default and you have to turn them on in via GPO if you want to use them on a domain connected user account.

This means that there is not a GPO that is blocking your use of PINs and the message “THIS SETTING IS MANAGED BY YOUR ORGANIZATION” is very misleading.

The solution to using PIN’s on a domain is quite easy:

  1. gpo-enable-pinOpen Group Policy Editor and either create a new policy or edit an existing one
  2. Expand Computer Configuration > Administrative Templates > System > Logon 
  3. Double click on Turn on convenience PIN sign-in
  4. Select ENABLED
  5. Wait for your PC to sync with the domain or run a GPUPDATE /FORCE
  6. Have a nice day

This makes WINDOWS HELLO PINS optional, if you want to require a PIN go to USER > Administrative Templates > Windows Component, and select Windows Hello for Business

Also note that if you are a local administrator (i.e. on your corporate PC), you can also make this change in the LOCAL GROUP POLICY EDITOR by clicking START, typing GPEDIT.MSC .

This has been a up my butt for months now.  I could not find the GPO that was blocking the use of PIN’s no matter how many GPRESULT -R’s I ran, so I hope this helps your frustration level.


22 Comments

Ian Matthews · January 30, 2023 at 6:07 pm

Hi Ewan; It should be almost instantanious.

Artem · December 12, 2022 at 11:24 am

Thank you so much! This helped me a lot!!!

marcello · July 7, 2022 at 9:27 am

Thank you thank you thank you!

Poop · August 30, 2021 at 4:23 pm

IT WORKED THANK YOU!!!!!!!!!!!!

shinachiku · June 10, 2020 at 8:55 am

Hey, I hope you’ll read me but i don’t have the “logon” option do you know what i could do?

Adam · January 29, 2020 at 4:55 am

does not work at all on a domain joined laptop. I have tried the above not no avail. I have also tried alot of other suggestions within the group policy on server 2016 and also local policies on the laptop. nothing works to get this sodding windows hello to work on a domain joined system !!! I have never known something within windows to be so stupidly hard to rectify to which should be a simple security change !!

    Ian Matthews · February 10, 2020 at 8:43 pm

    Hi Adam;

    That is annoying; I feel your pain. This solution has worked for us several times but obviously you have a different situation. If you figure out what it is, please let us know here.

    Thanks

James · December 14, 2019 at 8:46 pm

New with Pinterest. We have neither a group policy or admin setting. Just a home-office pc. This does not help\

raj · August 25, 2019 at 5:07 am

not working at all for me

    Ian Matthews · August 26, 2019 at 7:07 pm

    Hi Raj;

    There are enough people with the same problem that this solution does not help with, I am confident saying there must be something else at play for some PC’s but I don’t know what that is. For the record, about a month ago I ran through the problem on another PC and this did correct the issue.

Andy · August 19, 2019 at 11:34 pm

It works… and it also does not work. It seems like a case to case basis. could be another setting that needs to be configured for certain devices.

Murat DAUTI · July 12, 2019 at 1:41 am

dont work for me neither, any soltuin so far.. ?

Kristopher · April 9, 2019 at 12:55 am

It works! Thank you!

Adam · April 2, 2019 at 7:52 am

Works like a charm, confirmed on several PCs with this issue.

Patrick · March 22, 2019 at 11:52 am

This doesn’t work for us either, also using a domain account. Maybe you should mention in your post that this is not a solution for everyone as clearly it is not working for many users. Thanks for posting though.

    Ian Matthews · April 30, 2019 at 7:08 pm

    We have used this solution several times in recent months but it apparent there are other issues that can cause this problem. If you find any alternate solutions, please let us know. Thanks

Brandon Paul · January 28, 2019 at 4:42 pm

I agree with Peter. It does not work.

    Ian Matthews · January 29, 2019 at 5:14 pm

    I can assure you this does work in the situations we have run into. If it is not working for you, you are most likely skipping a step OR (more likely) have a different problem with the same symptom.

Peter Dautel · January 14, 2019 at 9:10 pm

It doesn’t work. The policy has applied correctly as shown in GPresult, still greyed out. But if login as a local user account it works, just not domain account.

    Ian Matthews · January 16, 2019 at 5:18 pm

    I can assure you from experience that this process does work. If it did not solve the issue you are seeing then there is something else you need to look for (but we can’t suggest what that would be).

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *