6.1. Sign-in options

6.1.1. Manage how you sign into your device

Disable Windows Hello Face, Fingerprint, PIN

Facial recognition (Hello-Face) and Fingerprint ID are used to automatically unlock your computer with your camera/fingerprint reader. Disable this.

GPO

Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow the use of biometrics

DISABLED

Updated: 2021-02-19 Reference

GPO

Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow users to log on using biometrics

DISABLED

Updated: 2021-02-19 Reference

GPO

Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow domain users to log on using biometrics

DISABLED

Updated: 2021-02-19 Reference

GUI

⌘ › Task Scheduler › Task Scheduler Library › Microsoft › Windows › HelloFace › FODCleanupTask › 🖱 › Disable

Name

FODCleanupTask

Updated: 2021-02-19 Reference

Disable Picture Password
GPO

Computer Configuration › Administrative Templates › System › Logon › Turn off picture password sign-in

ENABLED

Updated: 2021-02-19 Reference

6.1.2. Require Sign-in

If you’ve been away, should Windows require you to sign-in again?

Require sign-in when PC wakes from sleep.

GPO

Computer Configuration › Administrative Templates › System › Power Management › Sleep Settings › Require a password when a computer wakes (plugged in)

ENABLED

Updated: 2021-02-19 Reference

GPO

Computer Configuration › Administrative Templates › System › Power Management › Sleep Settings › Require a password when a computer wakes (on battery)

ENABLED

Updated: 2021-02-19 Reference

Regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PowerPowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51

DCSettingIndex

DWORD

1

ACSettingIndex

DWORD

1

Updated: 2021-02-19 Reference

GPO

Computer Configuration › Administrative Templates › Windows Components › Credential User Interface › Prevent the use of security questions for local accounts

DISABLED

Updated: 2022-01-20 Reference

6.1.3. Privacy

Disable Show account details such as my email address on the sign-in screen.
GPO

Computer Configuration › Administrative Templates › System › Logon › Block user from showing account details on sign-in

ENABLED

Updated: 2021-02-19 Reference

Disable Use my sign-in info to automatically finish setting up my device after an update or restart

Computer Configuration › Administrative Templates › Windows Components › Windows Logon Options › Sign-in and lock last interactive user automatically after a restart

DISABLED

Disable caching of credentials for auto-login. This causes spurious update user account password resets, see: Reset Password.

Updated: 2021-02-19 Reference