Share via

Face recognition feature on Windows server 2016 Active Directory

Saurabh Joshi 0 Reputation points
2024-08-01T12:24:16.1833333+00:00

Hello,

We are using windows server 2016 as our on premise active directory. I want to setup the Facial recognition to some computers who joined the domain to authenticate.

Is there any way to do it through Windows Hello Option on Active Directory server or group policy ?

Thanks & Regards

Saurabh Joshi

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Yanhong Liu 14,200 Reputation points Microsoft External Staff
    2024-08-02T05:43:10.2+00:00

    Hello,

    Thank you for posting in Q&A forum.

    Windows Hello for Business can integrate with your Active Directory environment to enable biometric authentication, including facial recognition. However, it requires certain configuration and prerequisites:

    1. Windows 10 clients: Make sure the computers on which you want to enable facial recognition are running Windows 10 version 1703 or later.
    2. Hardware compatibility: Make sure these Windows 10 clients have compatible hardware, such as a compatible infrared (IR) camera for facial recognition.
    3. Windows Hello for Business: This feature requires setup and configuration.

    Here are the high-level steps to enable Windows Hello for Business in your environment:

    1. Schema update: Make sure your Active Directory schema has been updated to at least Windows Server 2016.
    2. Certificate Authority: Deploy a certificate authority if you don't already have one. This is required to issue Windows Hello for Business certificates. For specific steps, refer to the link:Configure Active Directory Federation Services in an on-premises certificate trust model | Microsoft Learn
    3. Group Policy Configuration:

    Open the Group Policy Management Console (GPMC).

    Enable policies related to using Windows Hello for Business. Specifically:

    3.1 Navigate to "Computer Configuration -> Administrative Templates -> Windows Components -> Windows Hello for Business".

    "Use Windows Hello for Business"

    "Use biometrics"

    "Use certificates for local authentication"

    "Use hardware security devices"

    3.2 Also navigate to: "Computer Configuration -> Windows Settings->Security Settings->Public Key Policies "Certificate Services Client - Auto-enrollment"

    Reference link: Configure Windows Hello for Business Policy settings in an on-premises certificate trust | Microsoft Learn

    Windows Hello for Business policy settings | Microsoft Learn

    1. Client Configuration: On the client computer:

    Go to Settings -> Accounts -> Sign-in options.

    Set up Windows Hello (Facial Recognition) under the Windows Hello section.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.