Windows 10: Windows Hello not always working GPO and AD

I have implemented Windows Hello via GPO in the AD.The policy executed correctly on all computers but the slider is still greyed out on some of them.Windows Hello works correctly on 95 computers, it does not work on 85.Anyone have any ideas on what to check?Why is the option greyed out on almost half the computers?

:)

 

Windows 10 - Enterprise Ver 22H2 - Windows Hello not working

Hello,

Will list the environment

AD Hybrid Azure (Local systems all on AD)

GPO FREE OU > to ensure our policy isn't taking over (test environment)

Run GPUpdate /force

MDM > Ivanti

- If I use our city image to setup windows hello, you see the message "currently unavailable"

- If I use our city image on GPO Free OU > go to sign-ins > Windows Hello Setup > select it but nothing ever happens

- If I wipe the same system and put a fresh non city image version of windows 10, windows hello works like a charm.

We have the bare minimum GPO in place, just to test this feature and it never works. Its on a camera which is IR compatible, again works fine in fresh windows 10 install,

Ran the standard sfc /scannow and Dism.exe commands with no success.

Looking for suggestions, stuck on this and unable to deploy it at this time.

Thoughts?

 

Server 2003 GPO questions

I solved my problem!
My first issue was the installation files that weren't running. I fixed this by enabling windows installer through the "allow select windows applications to run" option in the GPO. My second issue was turning off the GPO on the fly. Unfortunately, there is no option within the GPO editor that allows for this. However, I did create a .bat file which I can run that will insert specific registry key values that will render the GPO ineffective. I also created a "re-enable GPO" .bat file that I run after I am through making the changes, this will bring the GPO back up.
Thanks so much for your help Batou1986! *Toast :toast:

 

Server 2003 GPO questions

Hello,
I am working on a GPO in Microsoft Server 2003 for the majority of domain users here at my work and I am having difficulties achieving the results I need.

Details:
I would like to disable all programs on the domain user account except a select few. I have accomplished this through enabling "Only allow specific Windows applications to run" or something of that like in the GPO. I then added the programs I want the domain user to be able to run and it automatically excludes the rest. This worked beautifully however, I do want them to have access to a few installer files on our network drive but when I attempt to open the installer packages, I get a restriction error. More precisely, I get the same error that comes up when I try to open any other applications that are not included in the "Only allow specific Windows applications to run" field. I have scoured the GPO for about a day now and enabled every option I could think of that may allow these installations to run but I have not succeeded in finding it. Anyone have any advice?
Notes:
I have added the account I am monitoring through the GPO as an administrator on each local machine with my domain specified in the domain field.

I am also wondering if there is a setting which allows an admin to bypass the GPO while logged in as the domain user that is governed by said GPO by some form of authentication?

Let me know if any other information is needed. I will provide it as promptly as possible.

Thanks in advance for the help! *Toast :toast: