Trying to setup Fingerprint reader authentication via Windows Hello on domain-joined systems. I am able to set up Fingerprint reader after making some registry changes, I can create a PIN when setting up Fingerprint but cannot Change or Remove it as that option is greyed out under settings.
I started with everything greyed out under Windows Hello, but after the following reg changes, I was able to set up a fingerprint reader:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\System , changed AllowDomainPINLogon DWORD value to 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System , changed AllowDomainPINLogon DWORD value to 1
After doing that I could set a PIN, set up Fingerprint reader, but I cannot Change, or Remove the PIN. I can't push that out to users as they'd be out of luck if they forgot their PIN and needed to Change or Add a Fingerprint.
I've done a lot of research and made GPO changes making sure Hello isn't configured while PIN is, that made no difference. Everyone forum or site I search for enabling the ability to change/remove PIN tells me things I've already tried and nothing helps. All I need is the ability to Change or Remove the PIN I created with the Fingerprint, any help is greatly appreciated.
(Screenshot below shows the screen as I see it on multiple PCs with Change/Remove/I forgot my PIN greyed out)