Windows 7: Allow Domain logon using biometrics (Fingerprint reader)

More and more laptops are sold these days with fingerprint readers as “standard equipment”. With that, comes the end user request (sometimes requirement) of being able to logon using the swipe of their finger.

By default, only local logon is allowed in Windows 7. There are a few ways to enable domain logon using biometrics, I will cover two of them here.

  1. Biometrics settings within the control panel
  2. Domain Policy (GPO)

Control Panel

To enable biometric (fingerprint) logon through the Windows 7 control panel, do the following.

  1. Navigate to:
  2. Once in the Control Panel, open the “Biometric Devices” applet.
  3. On the left side of the applet window, click  “Change biometric settings”
  4. Ensure that the “Biometrics on” radio button is selected, then check both boxes below it.

Domain Policy (GPO)

To enable biometric logon in Domain Policy (GPO) for Windows 7 (this will work for Windows XP as well):

  1. Open the Group Policy Editor on your admin workstation or server where you manage group policies from.
  2. Create a new policy.
  4. Set the following policies to “Enabled”
    1. Allow the use of biometrics
    2. Allow users to log on using biometrics
    3. Allow domain users to log on using biometrics
  5. Link the policy to the appropriate/ desired OU where computers with biometric devices exist.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s