Policy

Allow domain users to log on using biometrics

Windows 11 25H2

Back to categoryOpen picker

Policy overview

Key metadata and intent for this policy.

ClassComputer
CategoryWindows Components > Biometrics
Supported onAt least Windows Server 2008 R2 or Windows 7

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016

This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics. If you enable or do not configure this policy setting, Windows allows domain users to log on to a domain-joined computer using biometrics. If you disable this policy setting, Windows prevents domain users from logging on to a domain-joined computer using biometrics. Note: Prior to Windows 10, not configuring this policy setting would have prevented domain users from using biometrics to log on.

Internal name
Biometrics_EnableDomainCredProv
Policy ID
c96dbe28b91b
Elements
0

Registry values

How enabled and disabled states update the registry.

Registry locationTypeEnabled valueDisabled value
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\Domain AccountsREG_DWORD
1
0

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.