Disable Windows PIN Azure AD Joined PCs
-
I am setting up a few PCs for a client and want to disable the Windows Hello For Business option of using the PIN at login. I've disabled this in both User and Computer local group policy (since there's no way to do this via Azure unless you are using the full Intune subscription which they aren't). Once I disable this in local GP, I reboot PC and I'm still presented with the PIN as the default login option. I can click on the sign-in options to select password but I don't even want the PIN option to appear. Anyone have an idea how I can disable this completely? This is what I followed to disable.
All are running Windows 10 Pro and connected to Azure AD. They have an Office 365 Business Premium subscription.
-
@NashBrydges That looks like it only disables provisioning of pins to me, not disabling any existing pin.
-
@travisdh1 said in Disable Windows PIN Azure AD Joined PCs:
@NashBrydges That looks like it only disables provisioning of pins to me, not disabling any existing pin.
Yeah, I'm guessing that's the case. My google-fu is failing me on finding a true disable solution. Back to search I go.
-
Not sure if we are allowed to post Spiceworks url here anymore but this came from user called SauceOverflow.
There is one registry key you can set and you also need to delete a file. Disabling Windows Hello does not disable an existing PIN.
-
Remove existing PIN
Delete the following folder: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC\ -
Disable Windows Hello (disables PIN, Face, whatever sigin prompt and setup)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork] "Enabled"=dword:00000000
-
-
If available, use Microsoft Intune.
https://docs.microsoft.com/en-us/intune/windows-hello -
@black3dynamite said in Disable Windows PIN Azure AD Joined PCs:
Not sure if we are allowed to post Spiceworks url here anymore but this came from user called SauceOverflow.
There is one registry key you can set and you also need to delete a file. Disabling Windows Hello does not disable an existing PIN.
-
Remove existing PIN
Delete the following folder: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC\ -
Disable Windows Hello (disables PIN, Face, whatever sigin prompt and setup)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork] "Enabled"=dword:00000000
Awesome. Will give this a try!
-
-
@nashbrydges Could you PLEASE PLEASE follow-up on this post?
Nothing more frustrating than spending hours following dead posts like this one where
Somebody asks the same question you had, people try to help and you don;t ever come back to
report on your results and if it worked or not.What did you do?
Where are you at with it now?I found that NGC is not removable, and when booting offline the directory does not exist so I can't delete it that way either.
It seems to be recreated on startup and is locked hard from removing.I simply want users to only have a password login option and I do not want to pay for intune spend a week in training for it to manage only three computers, and remove this annoying feature.
-
@michiganbb So you thought that necro-posting and whining about a 3yo post would be useful? Give it a try and see if that fixes your issue. You would have to do this anyway. Even if something works for one, doesn't mean there's a guarantee it works for you,. Backup the PC and try the changes. If they don't work...move on to something else.
There was NO resolution here. Client was one of those who was difficult getting payment from so we terminated the relationship before we did anything else.
