6.1. Sign-in options
6.1.1. Manage how you sign into your device
Disable Windows Hello Face, Fingerprint, PIN
Facial recognition (Hello-Face) and Fingerprint ID are used to automatically unlock your computer with your camera/fingerprint reader. Disable this.
GPO
Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow the use of biometrics
☑
DISABLED
Updated: 2021-02-19 Reference
GPO
Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow users to log on using biometrics
☑
DISABLED
Updated: 2021-02-19 Reference
GPO
Computer Configuration › Administrative Templates › Windows Components › Biometrics › Allow domain users to log on using biometrics
☑
DISABLED
Updated: 2021-02-19 Reference
Task Scheduler
⌘ › Task Scheduler › Task Scheduler Library › Microsoft › Windows › HelloFace › FODCleanupTask › 🖱 › Disable
Name
FODCleanupTask
Updated: 2021-02-19 Reference
Disable Picture Password
GPO
Computer Configuration › Administrative Templates › System › Logon › Turn off picture password sign-in
☑
ENABLED
Updated: 2021-02-19 Reference
6.1.2. Require Sign-in
If you’ve been away, should Windows require you to sign-in again?
Require sign-in when PC wakes from sleep.
GPO
Computer Configuration › Administrative Templates › System › Power Management › Sleep Settings › Require a password when a computer wakes (plugged in)
☑
ENABLED
Updated: 2021-02-19 Reference
GPO
Computer Configuration › Administrative Templates › System › Power Management › Sleep Settings › Require a password when a computer wakes (on battery)
☑
ENABLED
Updated: 2021-02-19 Reference
Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PowerPowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51
DCSettingIndex
DWORD
1
ACSettingIndex
DWORD
1
Updated: 2021-02-19 Reference
GPO
Computer Configuration › Administrative Templates › Windows Components › Credential User Interface › Prevent the use of security questions for local accounts
☑
DISABLED
Updated: 2022-01-20 Reference
6.1.3. Privacy
Disable Show account details such as my email address on the sign-in screen.
GPO
Computer Configuration › Administrative Templates › System › Logon › Block user from showing account details on sign-in
☑
ENABLED
Updated: 2021-02-19 Reference
Disable Use my sign-in info to automatically finish setting up my
device after an update or restart
Disable caching of credentials for auto-login. This causes spurious update user account password resets, see: Reset Password.
Computer Configuration › Administrative Templates › Windows Components › Windows Logon Options › Sign-in and lock last interactive user automatically after a restart
☑
DISABLED
Updated: 2021-02-19 Reference