Windows 10: Windows Hello With Domain Account

Discus and support Windows Hello With Domain Account in Windows Hello & Lockscreen to solve the problem; Hello, I would like to sign into my PC with Windows Hello using my laptop's fingerprint sensor. However, I sign into Windows using a domain account,... Discussion in 'Windows Hello & Lockscreen' started by Jonathan Heitz, May 15, 2020.

  1. Windows Hello With Domain Account


    Hello,


    I would like to sign into my PC with Windows Hello using my laptop's fingerprint sensor. However, I sign into Windows using a domain account, not a local or Microsoft account. Apparently, Windows Hello is not enabled by default for domain accounts. I am curious as to how I can enable it. Should I check the Group Policy on my Domain Controller? If so, where would I find it in Group Policy? I have already tried enabling "Enable PIN sign-on" in Group Policy, but that did not work. My laptop is running Windows 10 1909 and my DC is running Windows Server 2012 R2.


    Any suggestions would be appreciated.

    :)
     
    Jonathan Heitz, May 15, 2020
    #1

  2. Unable to use Windows Hello on Domain account

    Hi,



    Thank you for writing to Microsoft Community Forums.



    I understand that you want to setup Windows Hello for a Domain account on Surface Pro 4. I appreciate your efforts in trying to fix the issue.



    I would suggest you to refer the article
    Configure Windows Hello for Business Policy settings
    and see if that helps.



    However, as the issue is happening on domain environment, I would suggest you to post your query on

    TechNet forums
    , where we have expertise and support professionals well equipped with the knowledge on setting Windows Hello on a Domain environment.



    Regards,

    Prakhar Khare

    Microsoft Community – Moderator
     
    Prakhar_Khare, May 15, 2020
    #2
  3. changari Win User
    Raising the windows domain and forest issues?


    hi,

    I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
    That went off without any problems.. Our trust relationships had no issues also.

    My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
    These are the features for raising the levels to 2008:

    • Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
    • Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    • Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    • Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

    Forest Level Windows Server 2008

    • Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.


    My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

    The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

    Domain Level Windows Server 2008 R2

    • All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

    Forest Level Windows Server 2008 R2

    • All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:


    • Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
    • All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

    Here is my big concerns for the next raising of domain and forest to 2012.

    Forest Level Windows Server 2012:

    • All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
    • All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

    Domain Level Windows Server 2012 R2: <=====
    Need to investigate more and why this post

    • DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:


    • Authenticate with NTLM authentication <==============(what issues may arise)
    • Use DES or RC4 cipher suites in Kerberos pre-authentication
    • Be delegated with unconstrained or constrained delegation
    • Renew user tickets (TGTs) beyond the initial 4-hour lifetime


    Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
    and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

    Has anyone gone through this? what problems did you have, if any , if a lot???

    Any thoughts and suggestions will be much appreciated??

    thanks


    - - - Updated - - -

    One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
    PLEASE LET ME KNOW
     
    changari, May 15, 2020
    #3
  4. Windows Hello With Domain Account

    Windows 'domain'?

    Hello,

    Thank you for sharing your concern in the Microsoft Community. Follow these steps to find the domain name:

    • Press the Windows key + R then choose System.
    • The name of your computer will be listed as the Full computer name.
    • The domain your computer belongs to will be listed as the Domain. If, instead of Domain, you see Workgroup, your computer
      is not a member of any domain.

    If you have any questions or things you'd like to clarify, feel free to ask.
     
    Marvin Barc, May 15, 2020
    #4
Thema:

Windows Hello With Domain Account

Loading...
  1. Windows Hello With Domain Account - Similar Threads - Hello Domain Account

  2. Windows Hello Face Recognition not working for the local admin account of a non-domain...

    in Windows Hello & Lockscreen
    Windows Hello Face Recognition not working for the local admin account of a non-domain...: I work in the IT Support of a company and after a Windows update the Admin-Account is no longer able to setup face recognition, event viewer gives me an bioenrollmenthost.exe error. I did a reinstall, update drivers, DISM, sfc/scan, deleting stuff from WinBioDatabase,...
  3. Windows 10 Domain Join Limit Reached on Domain Admin Account

    in Windows 10 Customization
    Windows 10 Domain Join Limit Reached on Domain Admin Account: I work for a small company in the IT department and have a Domain Administrator account. I recently tried joining a newly imaged computer to the domain and have gotten the "Exceeded the maximum number of computer accounts you are allowed to create in this domain" error...
  4. Windows Hello unavailable on Windows 10 1903 with Domain Joined

    in Windows Hello & Lockscreen
    Windows Hello unavailable on Windows 10 1903 with Domain Joined: Hi, I have problem with Windows Hello for PIN Sign-in option. This happen to all my user laptop that join with company Domain. [ATTACH] I also already create policy in GPO to enable Windows Hello and PIN Sign-in option as per other solution give, but this not help me...
  5. Enable Windows Hello on Win 10 1903, on a domain

    in Windows Hello & Lockscreen
    Enable Windows Hello on Win 10 1903, on a domain: I keep getting Option is currently unavailable - something went wrong under Sign-in options I can add a fingerprint through Account protection but not a PIN Win log say: The Primary Account Primary Refresh Token prerequisite check failed. Error no 7201...
  6. Unable to use Windows Hello on Domain account

    in Windows Hello & Lockscreen
    Unable to use Windows Hello on Domain account: Windows Hello not working under domain account. I have tried the guide below but no luck. Kindly share if any solution available for this issue. https://www.surfacetablethelp.com/2018/04/cannot-enable-windows-hello-on-domain-joined-pc-with-windows-10-1709.html OS: Windows...
  7. Surface Pro 4 - Windows Hello not working for Domain Account

    in Windows 10 Software and Apps
    Surface Pro 4 - Windows Hello not working for Domain Account: Windows Hello not working under domain account. I have tried the guide below but no luck. Kindly share if any solution available for this issue. https://www.surfacetablethelp.com/2018/04/cannot-enable-windows-hello-on-domain-joined-pc-with-windows-10-1709.html OS: Windows...
  8. Connecting a Microsoft account to a domain account Windows 10

    in Windows 10 Customization
    Connecting a Microsoft account to a domain account Windows 10: Hi Everyone, I was wondering how I could connect my Microsoft account to my domain account at work? Would I then be able to access the network drives from home by logging into my Microsoft account if they were both connected? Would anyone be able to help with this? Thanks...
  9. Domain and Local account login

    in User Accounts and Family Safety
    Domain and Local account login: Hello, I have an Azure joined laptop with my domain account. Also I have a local account on the laptop as well. When I start the device, it logs into the local account first (no password on the local account so signs straight in). To get onto my domain account, I have...
  10. Domain to Local Account Issues

    in User Accounts and Family Safety
    Domain to Local Account Issues: Hello, one and all! When I initially upgraded to 10 from 8.1 I created a local account and logged into my Microsoft Account. I just recently used the Windows Server Essentials 2012 Connector to get on the domain at work. After all of that completed successfully I went to...