Skip to content
Follow
Windows

How to Enable or Disable Windows Hello Biometrics for Domain Users

Richard
Written by
Richard
Feb 10, 2026 Updated Jun 19, 2026 4 min read
How to Enable or Disable Windows Hello Biometrics for Domain Users
How to Enable or Disable Windows Hello Biometrics for Domain Users

You can enable or disable Windows Hello biometrics for domain users (accounts connected to a network, like at work or school) in Windows 11 by configuring Group Policy settings.

Windows Hello makes signing in convenient and secure with features like facial recognition, fingerprint scanning, and PIN entry. Many new PCs come with it already installed.

IT administrators set organizational security policies that can block fingerprint scanning and facial recognition on computers joined to a network. These central policies stop users from turning on Windows Hello biometrics, which offers better security.

This guide shows you exactly how to manage Windows Hello biometrics for domain-joined accounts on Windows 11. You’ll understand how to control these settings afterward.

⚡ Quick Answer

Configure Windows Hello biometrics for domain users via Group Policy Editor or Registry Editor. Navigate to Administrative Templates > Windows Components > Biometrics in Group Policy, then adjust the “Allow domain users to log on using biometrics” setting. Alternatively, in Registry Editor, modify the “Enabled” DWORD value under 🗝️HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftBiometrics.

Turn On or Off Windows Hello Biometrics Using Local Group Policy Editor

The Local Group Policy Editor, a Windows tool, directly controls advanced settings. This tool manages whether Windows Hello biometrics function for domain users.

Step 1Open Local Group Policy Editor

Press Windows key + R on your keyboard. Type gpedit.msc and press Enter.

📝Good to Know
The "How to Open Local Group Policy Editor in Windows 11" guide offers clear steps. Opening the Local Group Policy Editor helps users manage specific Windows settings, such as controlling Windows Hello biometrics. Windows 11 Pro and Enterprise editions include this Local Group Policy Editor tool.

Step 2Find the Biometrics Settings

The Local Group Policy Editor tool, which changes computer settings, displays a navigation path on its left. Administrators use this path to manage Windows Hello biometrics. This path controls fingerprint or face login functionality for users on network computers, impacting over 100 million devices globally.

Computer Configuration → Administrative Templates → Windows Components → Biometrics

Step 3Change the Setting

You can control if domain users can sign in with Windows Hello biometrics by changing the ‘Allow domain users to log on using biometrics’ setting. This setting is found in the Biometrics folder within your computer’s settings.

Windows Hello Biometrics policy setting
Windows allow domain users to use biometrics to log on

Now select one of these options:

  • Not Configured – This means biometrics are allowed.
  • Enabled – Biometrics will be allowed for domain users.
  • Disabled – Biometrics will NOT be allowed for domain users.
Enable or disable Windows Hello Biometrics
Windows allow domain users to use windows hello biometrics

Clicking OK saves the biometric setting changes. Restarting the computer applies these biometric changes for domain users, ensuring Windows Hello fingerprint and facial recognition settings are active or inactive as intended.

Turn On or Off Windows Hello Biometrics Using Registry Editor

If you can’t use the Local Group Policy Editor (for example, on Windows Home editions), you can change the setting by editing the Windows Registry.

⚠️Warning
Be aware that changing the wrong settings in the registry can cause serious problems with your system. Back up your registry first.

Step 1Open Registry Editor

Press Windows key + R. Type regedit and press Enter.

This guide, "How to Open Registry Editor in Windows 11," provides additional information. Registry Editor in Windows 11 allows advanced users to change system settings by editing the Windows Registry, a database that stores low-level settings for the operating system and applications.

Step 2Navigate to the Biometrics Key

Go to this folder path:

If the Biometrics folder does not appear under the Microsoft folder, create this folder. This action ensures that Windows Hello biometrics settings can be properly managed for domain users. The presence of the Biometrics folder is required for the subsequent configuration steps.

  1. Right-click on MicrosoftNewKey.
  2. Name the new key Biometrics.

Step 3Create or Edit the “Enabled” Value

To set up Windows Hello biometrics for domain users with the Registry Editor, you’ll create or edit a value called ‘Enabled’ in the Biometrics folder. This lets you turn biometrics on or off for domain accounts.

Name this new value Enabled.

Double-click the Enabled value. Set the Base to Decimal. Then set the Value data to:

  • 1 to turn ON biometrics for domain users.
  • 0 to turn OFF biometrics for domain users.
Edit biometrics enabled value in Registry
Windows allow the use of biometrics windows registry value data updated

Press OK and close the Registry Editor.

Restart your computer to apply these changes.

Summary

Windows Hello biometrics offers secure sign-in using face, fingerprint, or PIN. Administrators can manage these sign-in options for domain users on a PC. If a PC joins a domain, these sign-in options might be turned off by default. Users can easily turn Windows Hello biometrics on or off.

If your PC is part of a domain (like work or school), these sign-in options might be turned off by default.

You can turn Windows Hello biometrics on or off for domain users by using either the Local Group Policy Editor or the Registry Editor.

Remember to restart your computer after making any changes.

If you want to learn more about Windows Hello features, here are some helpful guides:

How to Sign In with a PIN in Windows 11

How to Use Facial Recognition in Windows 11

How to Sign In with Your Fingerprint in Windows 11

Was this guide helpful?

Tags: #Windows 11
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Reset Local Group Policy in Windows 11
Windows How to Reset Local Group Policy in Windows 11
How to Enable or Disable Windows Hello Biometrics
Windows How to Enable or Disable Windows Hello Biometrics
How to Turn On Windows Hello Anti-Spoofing in Windows 11
Windows How to Turn On Windows Hello Anti-Spoofing in Windows 11
How to Enable Windows Hello Facial Recognition in Windows 11
Windows How to Enable Windows Hello Facial Recognition in Windows 11

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *