Usually in practice, biometrics considered as more secure sign-in options when you login to Windows. The reason behind this is the unique identity verification these biometrics sign-in options provide. Being an administrator of your system, you can allow users to log on using biometrics in Windows 11. This will help you to increase the security of your user’s systems as well as of your workplace or organization. In this article, we will see how you can enable use of biometrics for login in Windows 11.
When you enable use of biometrics for login, users can use biometrics sign-in options to enter into their account. Also, they can use biometrics sign-in options with User Account Control (UAC) prompts. Note that if users are on a domain-based systems, you need to first deploy Allow domain users to log on biometrics policy before below steps.
Page Contents
How to allow users to log on using biometrics in Windows 11
Method 1: Using Group Policy
1. Open Group Policy Editor snap-in.
2. In the Group Policy Editor window, navigate here:
Computer Configuration > Administrative Templates > Windows Components > Biometrics
3. In the right pane of Biometrics, locate Allow users to log on using biometrics policy setting. Double click to modify the policy.
4. In the policy configuration window, select Enabled and click Apply, OK.
5. Close Group Policy Editor and update GP engine to make changes effective.
Method 2: Using Registry
1. Run regedit command to open Registry Editor.
2. In the Registry Editor window, navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft
3. On the Microsoft registry key, right click and select New > Key. Name the newly created registry sub-key as Biometrics. Again create a sub key next to Biometrics and name it as Credential Provider. In the right pane of Credential Provider, create Enabled named registry DWORD and set it to 1 as Value data.
4. Close Registry Editor and restart your system to make changes effective.
You can also enable specific biometric sign-in with these steps:
1. Open Command Prompt and execute the following command to get your user account’s SID:
wmic user account get name, Sid
2. Go to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\UserTile
3. Locate your current account’s SID on the right pane, and double-click on it to modify.
4. Type {D6886603-9D2F-4EB2-B667-1971041FA96B} in the Value data field and click OK. This GUID will enable PIN as biometric sign-in. For other sign-in options, you can use following GUIDs:
- Picture Logon: {2135F72A-90B5-4ED3-A7F1-8BB705AC276A}
- Password: {60B78E88-EAD8-445C-9CFD-0B87F74EA6CD}
- Fingerprint Logon: {BEC09223-B018-416D-A0AC-523971B639F5}
5. Reboot your computer and it will the sign-in option you’ve use GUID for in step 4.
That’s it!
