PIN Sign-in disabled when System is joined to Domain

What would you like to read next?


  1. Nope, it didn’t fix it. I change the group policy on the server/dc and changed it in WIndows 10, but the pin sign-in still doesn’t work.

  2. @Bill B.: This group policy is only for Win8. for win10 use the group policy “Microsoft Passport for Work” (under Computer Configuration -> Administrative Templates -> Windows components => Microsoft Passport für Work”)

  3. Yeah, that didn’t work. The PassPort thing didn’t work either.

    I believe I found what you need to set.
    Disabling the Windows Passport and disabling the Turn on convenience PIN sign-in policy didn’t stop the use of a PIN on Windows 10; you need to use Exclude credential providers.

    Under Computer ConfigurationAdministrative TemplatesSystemLogon you need to add CLSIDs of credential providers to the Exclude credential providers policy. The CLSID for PINLogonProvider is {cb82ea12-9f71-446d-89e1-8d0924e1256e}.

  4. Worked beautifully for me. I do assume you need to be a member of the local admin group for this to work, though. And if you want to save yourself a reboot, you can open up command prompt and type “gpupdate /force” instead of restarting the machine

  5. To clarify, this is to DISABLE pin sign-on, not enable it (which is what this article is addressing) right?

  6. Well this does not work, if your Win 10 is joined to a AD domain starting with the latest update the PIN/Biometric will no longer work. I found these policy settings on the local PC but it won’t work because of the domain. Problem is that my domain is based on 2008 R2 and those properties are not in the GPO editor. So I guess I will have to update my DCs to 2012 at least… sigh!

  7. Hi, thanks for the instructions. Perfectly done in a couple of minutes on Windows 10 Pro

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap