Windows 7: Allow Domain logon using biometrics (Fingerprint reader)

More and more laptops are sold these days with fingerprint readers as “standard equipment”. With that, comes the end user request (sometimes requirement) of being able to logon using the swipe of their finger.

By default, only local logon is allowed in Windows 7. There are a few ways to enable domain logon using biometrics, I will cover two of them here.

  1. Biometrics settings within the control panel
  2. Domain Policy (GPO)

Control Panel

To enable biometric (fingerprint) logon through the Windows 7 control panel, do the following.

  1. Navigate to:
    START > CONTROL PANEL
  2. Once in the Control Panel, open the “Biometric Devices” applet.
  3. On the left side of the applet window, click  “Change biometric settings”
  4. Ensure that the “Biometrics on” radio button is selected, then check both boxes below it.

Domain Policy (GPO)

To enable biometric logon in Domain Policy (GPO) for Windows 7 (this will work for Windows XP as well):

  1. Open the Group Policy Editor on your admin workstation or server where you manage group policies from.
  2. Create a new policy.
  3. Navigate to COMPUTER CONFIGURATION > ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > BIOMETRICS
  4. Set the following policies to “Enabled”
    1. Allow the use of biometrics
    2. Allow users to log on using biometrics
    3. Allow domain users to log on using biometrics
  5. Link the policy to the appropriate/ desired OU where computers with biometric devices exist.

Enjoy!

Advertisements