How to Disable ‘Use Windows Hello with your account’ prompt (Error 0x801c044f)

Configurare noua (How To)

Situatie

When adding a Windows Hello PIN/Fingerprint/Face as sign-in option on a computer joined to Azure AD, or in a Active Directory Domain (on local premises), you must setup a Microsoft Account to access your Organization resources. This is required because, when a device is set up for use in an organization, Windows Hello for Business is automatically enabled.

If for any reason, you don’t setup a Microsoft Account for Windows Hello for Business, you’ll face the following symptoms and problems on your PC:

  • In the Windows Hello PIN you’ll face the error: “This option is currently unavailable” with description “Sorry, this PIN isn’t working for your organization’s resources. Tap or click here to fix it”.
  • You’ll prompted to “Use Windows Hello with your account”, when you setup a PC for first time (Out of the box experience (OOBE)), or after clicking “Tap or click here to fix it” in the Windows Hello PIN options
  • You’ll get the Windows Hello PIN error: “Something went wrong. We aren’t able to setup your PIN. 0x801c044f” after trying to fix the problem without adding a MS account.

Solutie

Pasi de urmat
Disable Windows Hello prompt “Use Windows Hello with your account” in Local Group Policy
  1. Run gpedit.msc to open the Local Group Policy Editor.

  2. In Local Group Policy, navigate to:

    • Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business
  3. At the right open the Use Windows Hello for Business policy.
  4. Set the policy to Enabled* and check the option Do not start Windows Hello provisioning after sign-in.
  5. Restart the PC to apply the change.
Disable Windows Hello prompt in Active Directory

To disable the Windows Hello for Business provisioning in entire AD domain, proceed as follows:

  1. On your Domain Server, open the Server Manager and from Tools open the Group Policy Management.
  2. Under the ‘Domains’ object, right-click on your domain and select Create a GPO in this domain and Link it here.
  3. Type a name for the new GPO (e.g. “Example_GPO”) and click OK.
  4. Right-click at the new GPO (or in Default Domain Policy), and click Edit.
  5. At the left pane navigate to:
    • Computer configuration\Policies\Administrative Templates\Windows Components\Windows Hello for Business
  6. In the right side, open the Use Windows Hello for Business policy and set it to Enabled and then click Apply > OK.
  7. Proceed to next step to disable the Windows Hello for business provisioning.
  8. On the “Example_GPO” GPO (or in default domain policy), navigate to:
    • Computer Configuration\Preferences\Windows Settings\Registry
  9. Right-click at Registry and select New > Registry item.
  10. At the ‘New Registry Properties’ window, apply the following settings and click OK:
    • At Action choose: Create
    • At Hive select: HKEY_LOCAL_MACHINE
    • At Key path type: SOFTWARE\Policies\Microsoft\PassportForWork
    • At Value Name type: DisablePostLogonProvisioning
    • Value type: REG_DWORD
    • Value data: 1
  11. Close the Group Policy Management Editor and restart any domain computer to see if the registry change has applied.

Tip solutie

Permanent

Voteaza

Up Down
(5 din 12 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?