Windows Hello is a feature in Windows 11 that lets you sign in using your face, fingerprint, or a PIN. It’s faster and safer than typing a password every time.
Most new Windows computers come with these biometric features. Windows will often ask you to set one up to protect your device and data.
But if your computer is part of a domain (managed by your workplace or school), these biometric sign-ins might not work right away. This happens because of security rules set by your IT department.
This guide shows you simple steps to turn Windows Hello Biometrics on or off for domain users on Windows 11.
Turn On or Off Windows Hello Biometrics Using Local Group Policy Editor
The easiest way to control this is using the Local Group Policy Editor. It’s a tool built into Windows that lets you manage advanced settings.
Step 1: Open Local Group Policy Editor
Press Windows key + R on your keyboard. Type gpedit.msc and press Enter.
For more detailed instructions, see this guide: How to Open Local Group Policy Editor in Windows 11.
Step 2: Find the Biometrics Settings
In the Local Group Policy Editor window, follow this path on the left side:
Computer Configuration → Administrative Templates → Windows Components → Biometrics
Step 3: Change the Setting
Click the Biometrics folder. On the right, find “Allow domain users to log on using biometrics” and double-click it.
Now choose one of these options:
- Not Configured – This means biometrics are allowed.
- Enabled – Biometrics will be allowed for domain users.
- Disabled – Biometrics will NOT be allowed for domain users.
Click OK to save. Then restart your computer to apply the changes.
Turn On or Off Windows Hello Biometrics Using Registry Editor
If you can’t use the Local Group Policy Editor (for example, on Windows Home editions), you can change the setting by editing the Windows Registry.
Warning: Be careful when editing the registry. Changing the wrong settings can cause problems. Back up your registry first.
Step 1: Open Registry Editor
Press Windows key + R. Type regedit and press Enter.
More info here: How to Open Registry Editor in Windows 11.
Step 2: Navigate to the Biometrics Key
Go to this folder path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftIf you don’t see a folder named Biometrics under Microsoft, you’ll need to create it:
- Right-click on Microsoft → New → Key.
- Name the new key Biometrics.
Step 3: Create or Edit the “Enabled” Value
Click the Biometrics folder. On the right side, right-click on empty space → New → DWORD (32-bit) Value.
Name this new value Enabled.
Double-click the Enabled value. Set the Base to Decimal. Then set the Value data to:
- 1 to turn ON biometrics for domain users.
- 0 to turn OFF biometrics for domain users.
Press OK and close the Registry Editor.
Restart your computer to apply these changes.
Summary
Windows Hello Biometrics lets you sign in with your face, fingerprint, or PIN for better security.
If your PC is part of a domain (like work or school), these options might be turned off by default.
You can turn Windows Hello Biometrics on or off for domain users using either the Local Group Policy Editor or the Registry Editor.
Remember to restart your computer after making changes.
If you want to learn more about Windows Hello features, here are some helpful guides:
How to Sign In with a PIN in Windows 11
Leave a Reply Cancel reply