Guidelines
Are you having HotKey issues? Click here for tips and tricks.
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
HP Recommended
HP Spectre x360 15t
Microsoft Windows 10 (64-bit)

I just purchased myself an HP Spectre x360, updated it fully to the latest version of windows 10 pro (bought the upgrade then used assistant to update to latest release). Upon getting it domain joined and fully set up, I am reciving the error "Windows Hello is currently disabled by your administrator. I have double checked all settings in group policy to ensure that it is enabled on the server. Went into the group policy editor of the laptop itself and ensured all settings are made to enable Windows Hello, still no joy.

 

Is anyone else having trouble with domain joined PC's with Windows Hello enabled on build 1703?

 

Any fixes known at this time?

 

I do not want to fully reset the PC since I had to purchase an upgrade to Pro, not sure how it would work exactly. Also don't want to lose all my drivers from HP and going through the pain of installing everything again by wiping it with a fresh copy of 10 Pro.

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Apologise for not coming back sooner but I have discovered that Microsoft has changed the way they handle Windows Hello for Business on domain joined laptops and computers. As such, if you do not have Azure Active Directory or a Windows Server 2016 then it is unable to use Windows Hello for Business as a two factor authentication. 

 

You can however revert it back to pure Windows Hello (once you domain join, you are automatically in Windows Hello for Business). In group policy go to Computer Configureation > Administrative Templates > Windows Components > Windows Hello for Business > Use certificate for on-premises authentication and enable this policy. This will allow the certificate to be hosted locally instead of needing authentication via Server or Azure AD.

View solution in original post

14 REPLIES 14
HP Recommended

Hi! @hsmith199, Thanks for stopping by HP forums!

 

I understand you are getting windows hello is currently disabled by your administrator on your PC.

 

Don't worry I'll try to help you out.

 

Did you make any software or hardware changes on our PC?

 

Please try the steps recommended below.

 

Turn off Fast Startup

Type power options in the Search box, and open Power Options
Select Choose what the power buttons do
Click on Change settings that are currently unavailable
Uncheck the checkbox next to Fast Startup

Reinstall Windows Hello drivers

Go to Search, type device manager, and open Device Manager
Find your Windows Hello driver, right-click on it, and select Remove driver software…
Restart your computer
One the next startup, Windows 10 should automatically detect Windows Hello, and install the latest driver for it
Once Windows 10 installs the driver again, try running Windows Hello to see if the issue is resolved.


Go to Search, type troubleshooting, and open Troubleshooting
Go to Hardware & Sound section of the troubleshooter
Now, click on Hardware & Devices
The troubleshooter will start, so wait for the process to finish, and follow further on-screen instructions
If the troubleshooter found a problem with Windows Hello, it will automatically fix it
Restart your computer
 

 

 

Let me know if this helps!

Have a wonderful weekend ahead! 🙂

A4Apollo
I am an HP Employee

HP Recommended

This comes right after I domain joined the computer and also updated it to 1703. I am fairly certain it comes as either a driver that is not compatabile with 1703 from HP. 

 

I removed the domain access from the PC and Windows Hello worked for one go then stopped working again. This time it did not throw any errors but just sat there with the smile face. 

 

I was in contact with HP support this morning via a phone call. The person remoted into my laptop and updated the bios of the laptop as well as reinstalled the windows hello driver. This solved nothing and after two hours of waiting for a phone call she wanted to escalate the ticket and have me pay for support. I would return the laptop before I would ever pay for support on an issue that is clearly hardware related.

 

My next step will be to reinstall Windows to the machine and keep it pre-1703.

HP Recommended

@hsmith199, Thanks for your quick response and time.

 

I appreciate your efforts for trying out the steps.

 

As you mentioned the issue still persists after trying out the steps, please try the steps recommended below.

 

In the Start/Cortana search box, type: gpedit and run the Group Policy Editor
Under "Computer Configuration" open: Administrative Templates -> Windows Components -> Biometrics -> Facial Features
Right click on "Configure enhanced anti-spoofing" and select Edit
Set it to Disabled

 

 

I'll watch your reply!

Have a pleasant day ahead! 🙂

A4Apollo
I am an HP Employee

HP Recommended

I have already done this step on both my domain controler and on the laptop itself. In order to enable biometrics through group policy you need to also allow PIN's via group policy. This is a crucial step that can not be over looked.

HP Recommended

@hsmith199

 

Hi,

 

as @A4Apollo is out of the office today, I'm replying to you. 

 

I read in your second last post that you would reinstall Windows and keep it pre-1703 and check if that helps. Let me know how it goes. All the best! 🙂

HP Recommended

I had exactly the same issue in exactly the same circumstances.

 

I had to enable a setting in the local group policy on the machine to make Windows Hello work.

 

un GPEDIT.MSC, then go to Computer Configuration/Administrator Templates/Windows Components/Biometrics and set Allow domain users to log on using biometrics to Enabled. Reboot and you should be good to go - well I was!

 

Hope that works for you.

HP Recommended

@hsmith199

 

The important part of your issue for me is to know if this happened right after the Win 10 Creators Update (1703).

If so, does your X360 have the HP TrueVision IR camera installed? You can find that info in the Device Manager.

If it is, go to properties and please give me the the Hardware ID numbers.

 

There are a select few others having the same issue with that specific IR camera and the Creators Update breaking functionality with Windows Hello. Microsoft and HP are aware of the problem but they are not sure of the cause yet.

 

 

 

HP Recommended

Yes, I have an X360 with the TrueVision IR camera, and Windows Hello stopped working after installing build 1703 of Windows and then joining the computer to a domain. I believe it's the joining the domain that is causing the issue.

 

Once I set the GP setting I mentioned above, Windows Hello started working again. As for Windows Hello recognising me that's another issue altogether - but it is functioning!

 

Cheers

 

Chris

HP Recommended

Paintball, yes I understand it is working for you now, but there are some of those cameras that are still not working no matter what is done, with the exception of reinstalling without the CU.

 

BTW would you mind also sending me the hardware ID numbers of your camera that is working?

I need a comparison of ID's of cameras that work, compared to those that dont.

You can send me a Private Message if you prefer.

 

Thank you.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.