Today I show you how to Enable Fingerprint Login with GPO (on Windows Server 2016).By default, Biometrics is disabled in your Default Domain Policy. I will show you how to create a new GPO dedicated to enable Biometrics in your Domain.
Creating a new GPO and enabling Biometrics
In your Server Manager Dashboard click on Tools and on Group Policy Management.
Now extend your Domain Root until you find the Folder Group Policy Objects.
Right-click on an empty space in the right panel and click on New.
Give it a Name.
Now right click on it and click on Edit.
Navigate to Computer Configuration / Policies / Administrative Templates / Windows Components / Biometrics.
Change the settings of Number 6, 7 and 8 to Enabled.
Now we also need to Turn on convenience PIN sign-in for the Fingerprint to work.
Navigate to Computer Configuration / Policies / Administrative Templates / System / Logon and Enable Turn on convenience PIN Sign-In
Now you just link the GPO to an Organizational Unit(OU) that you want it to be applied on. Keep in mind, this is a Computer Configuration, so the Client you want the GPO to be applied on, needs to sit in the OU you link the GPO to.
After that is done, on a client type:
And that’s it. You should now have enabled Login via Fingerprint. It is possible that you need to reboot your computer for it to work.
I hope this helps! And as always, if this tutorial was making your Sysadmin life easier, please consider to become a Patron and support me to be able to create more content for you.