The PIN sign-in in Windows 11/10 helps us to log in to the system using an easy-to-remember 4 digit number. PIN sign-in is a bit handy as compared to Password and Picture password options. However, one disadvantage of PIN sign-in, is that it doesn’t work when your system is in Safe Mode.
PIN Sign-in is disabled when Windows is joined to Domain
If you are running a Windows 11/10 system that is joined to a domain, you may not able to create or log on using PIN.
When you visit the Settings > Accounts > Sign-in options section to create the PIN, you may find that the option to create is grayed out i.e. disabled.
There is no error or message displayed for the option disabled there. If your PIN Sign-in is disabled and grayed out when Windows is joined to a domain, follow this tutorial to turn on and enable PIN sign-in for Domain users.
Enable and Turn on PIN sign-in for Domain users in Windows
You can turn on & enable PIN sign-in in Windows 11/10 using the Group Policy if your PIN Sign-in is disabled when the system is joined to a Domain. This method is only In Windows 11/10/8 Pro & Enterprise Editions.
1. Press Windows Key + R combination, type put gpedit.msc in Run dialog box and hit Enter to open the Local Group Policy Editor.
2. In the left pane of Local Group Policy Editor, navigate here:
Computer Configuration -> Administrative Templates -> System -> Logon -> Turn on pin sign-in
3. In the right pane of the above-shown window, look for the setting named Turn on PIN sign-in which must be Not Configured by default. Double click on the same setting to get this:
4. Finally, in the above-shown window, click Enabled and then click Apply followed by OK.
You can now close the Local Group Policy Editor window and reboot the machine. After restarting the system, you should be able to use create and use PIN sign-in.
I hope this helps – Good luck!
Why is the Windows PIN disabled?
The Windows PIN might be disabled due to policy settings or a system issue. Ensure your device meets the prerequisites for using a PIN, like enabling TPM and secure boot. Check Group Policy Editor or contact your system administrator if you are on a network, or consult Microsoft’s support for further assistance.
How do I enable PIN login for domain?
To enable PIN login for a domain, open Group Policy Editor, navigate to Computer Configuration > Administrative Templates > System > Logon, and enable the “Turn on convenience PIN sign-in” setting. Ensure the domain’s security policies support PIN usage and synchronize these changes across your network to enable functionality.
Nope, it didn’t fix it. I change the group policy on the server/dc and changed it in WIndows 10, but the pin sign-in still doesn’t work.
@Bill B.: This group policy is only for Win8. for win10 use the group policy “Microsoft Passport for Work” (under Computer Configuration -> Administrative Templates -> Windows components => Microsoft Passport für Work”)
Yeah, that didn’t work. The PassPort thing didn’t work either.
I believe I found what you need to set.
Disabling the Windows Passport and disabling the Turn on convenience PIN sign-in policy didn’t stop the use of a PIN on Windows 10; you need to use Exclude credential providers.
Under Computer ConfigurationAdministrative TemplatesSystemLogon you need to add CLSIDs of credential providers to the Exclude credential providers policy. The CLSID for PINLogonProvider is {cb82ea12-9f71-446d-89e1-8d0924e1256e}.
Worked beautifully for me. I do assume you need to be a member of the local admin group for this to work, though. And if you want to save yourself a reboot, you can open up command prompt and type “gpupdate /force” instead of restarting the machine
To clarify, this is to DISABLE pin sign-on, not enable it (which is what this article is addressing) right?
Well this does not work, if your Win 10 is joined to a AD domain starting with the latest update the PIN/Biometric will no longer work. I found these policy settings on the local PC but it won’t work because of the domain. Problem is that my domain is based on 2008 R2 and those properties are not in the GPO editor. So I guess I will have to update my DCs to 2012 at least… sigh!
Hi, thanks for the instructions. Perfectly done in a couple of minutes on Windows 10 Pro
Doesn’t work for me
Great simple solution !
Worked well for me on Win 10 with a Server 2012 R2 DC and the latest Win 10 ADMX (1709)