Monday, January 13, 2014

Windows 8 Pin Logon for Domain Joined Machines

Windows 8 Pin Logon is a new feature in Windows 8 that lets you log on and unlock a Windows PC with a PIN, the same way you unlock a phone.

It's enabled by default for workgroup machines, but disabled by default for domain joined machines.  You can use group policy or edit the registry to re-enable this feature.

Enabling Windows 8 Pin Logon on a domain joined PC via Group Policy

Note:  This is a Computer setting and the GPO will need to be applied to the OU containing the Computer Account.

Note: If you don't have this setting in your group policy editor, you may need to install newer versions of the .ADMX Administrative Templates.

The setting is located under Computer Configuration\Administrative Templates\System\Logon > "Turn on Pin Sign-In"


 

Enabling Windows 8 Pin Logon on a domain joined PC via the Registry

To enable this via the registry create the following value.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
 Value Type: REG_DWORD
 Value Name: AllowDomainPINLogon
 Value Data:1



A restart is required for the settings to take effect.  Unfortunately, I have not found a knob that lets you control the minimum complexity or length of the PIN.  Yet.

To configure the PIN login, open the start menu and search for "Create or Change a PIN" under the settings menu.

Cheers,
Elizabeth

No comments: