N
N-kei
A similar question was already asked here:
How to disable Windows Hello
but the given answer is incorrect.
HOW ONE CAN DISABLE WINDOWS HELLO FOR BUSINESS COMPLETELY?
it is a fairly straightforward question that requires a fairly straightforward answer.
Here is what I did so far:
1. Disabled Use of Biometrics and Biometrics for Logon in Group Policy
2. Disabled Use of Biometrics and Use Windows hello for Business in Group Policy
However, every logon it tries to actually use it as if it was intended to launch and but then fails and logs errors:
Microsoft-Windows-HelloForBusiness -> Windows Hello for Business prerequisites check started
Microsoft-Windows-HelloForBusiness -> Windows Hello for Business successfully completed the remote desktop prerequisite check.
Error Microsoft-Windows-HelloForBusiness -> The Primary Account Primary Refresh Token prerequisite check failed.
Error: Microsoft-Windows-HelloForBusiness -> "Windows Hello for Business prerequisites check failed. Error: 0x1"
Warning Microsoft-Windows-User Device Registration -> "Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Windows Hello for Business post-logon provisioning is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See What's new in Active Directory Federation Services for Windows Server 2016 for more details."
Why woulda system run something that was supposedly disabled?
Continue reading...
How to disable Windows Hello
but the given answer is incorrect.
HOW ONE CAN DISABLE WINDOWS HELLO FOR BUSINESS COMPLETELY?
it is a fairly straightforward question that requires a fairly straightforward answer.
Here is what I did so far:
1. Disabled Use of Biometrics and Biometrics for Logon in Group Policy
2. Disabled Use of Biometrics and Use Windows hello for Business in Group Policy
However, every logon it tries to actually use it as if it was intended to launch and but then fails and logs errors:
Microsoft-Windows-HelloForBusiness -> Windows Hello for Business prerequisites check started
Microsoft-Windows-HelloForBusiness -> Windows Hello for Business successfully completed the remote desktop prerequisite check.
Error Microsoft-Windows-HelloForBusiness -> The Primary Account Primary Refresh Token prerequisite check failed.
Error: Microsoft-Windows-HelloForBusiness -> "Windows Hello for Business prerequisites check failed. Error: 0x1"
Warning Microsoft-Windows-User Device Registration -> "Windows Hello for Business provisioning will not be launched.
Device is AAD joined ( AADJ or DJ++ ): Not Tested
User has logged on with AAD credentials: No
Windows Hello for Business policy is enabled: Not Tested
Windows Hello for Business post-logon provisioning is enabled: Not Tested
Local computer meets Windows hello for business hardware requirements: Not Tested
User is not connected to the machine via Remote Desktop: Yes
User certificate for on premise auth policy is enabled: Not Tested
Machine is governed by none policy.
See What's new in Active Directory Federation Services for Windows Server 2016 for more details."
Why woulda system run something that was supposedly disabled?
Continue reading...