The Allow users to log on using biometrics machine setting should be configured correctly. This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the "Allow domain users to log on using biometrics" policy setting will need to be enabled for domain users to log on to the domain. If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and will be able to elevate permissions with UAC using biometrics. If you disable this policy setting, biometrics cannot be used by any users to log on to a local Windows-based computer. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow users to log on using biometrics (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\Enabled