Hello,
I am assisting an end user with setting up a convenience PIN on an AD-joined device, but am having a difficult time being able to enable the option! I am continually getting the message that the option is not available, and "Something went wrong. Try again later."
Here is what has been done so far:
- A tech has done generic OS troubleshooting to ensure no corruption (dism online restore, sfc, Windows updates)
- The NGC folder's, at the below path, contents has been cleared:
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
- The below registry key has been set:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "AllowDomainPINLogon"=dword:00000001
- Set all group policy settings at the following path to "Not configured"
Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business
- Set the group policy setting for "Turn on convenience PIN sign-in" at the following path to "Enabled". All other settings are set to "Not Configured"
Computer Configuration > Administrative Templates > Logon
- Set all group policy settings at the following path to "Not configured"
User Configuration > Administrative Templates > Windows Components > Windows Hello for Business
The PIN is able to be set on a local account on the computer, so it seems at this time to be profile-specific and I performed the following with this in mind:
- Reviewed all GPOs being applied to the account to ensure that no settings would interfere with this
- Audited an export of her User Configuration gp settings against mine (working on my AD-joined computer) and verified no differences
- Removed a registry key at the below path for an old profile not removed during a prior profile recreation:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
I'm nearly at the end of my rope and am hoping that someone can assist!
More...