Fingerprint logon to Windows 10 with a domain account fails outside the domain network
Windows 10 logon with fingerprint reader on laptops seems to works different than with Windows 8.1.
Within the domain network, the logon works fine. Outside of the domain network (or offline) I got the following effects:
- Start notebook: Registration with the fingerprint results in an error message (see below)
- Login with name and password, locking notebook, unlock the fingerprint: Works
- Log off and again login (without rebooting): Works
- Restart the notebook and login again with the fingerprint results in an error message (see below)
Error message:
“Fingerprint Logon is not enabled for domain accounts on this machine. Log on using other credentials or see your system administrator”
Solution:
Configure the following policy to let Windows 10 accept the fingerprint reader as valid method to login from outside the domain network:
Computer Configuration / Windows Settings / Security Settings / Local Policies / Security Options
Interactive logon: Do not display last user name: disabled
Alternative: Make sure that the computer object does not inherited the enabled policy. “Not configured” is also an adequate configuration.
Many thanks to Markus Bell, who has figured out all this.