The Allow domain users to log on using biometrics machine setting should be configured correctly. This policy setting determines whether domain users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, domain users cannot use biometrics to log on. If you enable this policy setting, domain users can log on to a Windows-based computer using biometrics. Depending on the biometrics you use, enabling this policy setting can reduce the security of users who use biometrics to log on. If you disable or do not configure this policy setting, domain users will not be able to log on to a Windows-based computer using biometrics. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow domain users to log on using biometrics (2) KEY: HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\Domain Accounts