Pin complexity group policy is completely ignored. Obsolete?

Vadim K 21 Reputation points
2023-03-19T20:21:18.97+00:00

Pin complexity group policy doesn't work. This is set to 4 digits minimum with a domain policy and suddenly it stopped working. I tried to set the local policy to 4 digits also (just in case). No result. Now it always asks for 6 digits. Even if I set the policy to 8 digits minimum, it still works with 6 digits. So, this policy is completely ignored. Is this policy obsolete now? Domain Controller: Server 2022 Standard 21H2 20348.1607; Computer: Windows 11 22H2 22621.1413

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,775 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,180 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,165 Reputation points
    2023-03-19T20:43:30+00:00

    It's possible that the issue is caused by a conflicting Group Policy setting. There are some Group Policy settings that take precedence over others, so even if you have set a specific value for a policy, another setting may be overriding it.

    To troubleshoot the issue, you can try the following steps:

    1. Check the Group Policy settings on the Domain Controller. Make sure that the policy for minimum PIN complexity is still enabled and set to 4 digits. You can use the Group Policy Management Console (GPMC) to do this.
    2. Run the command "gpresult /h report.html" on the affected Windows 11 computer to generate a report of the applied Group Policy settings. Check the report to see if there are any conflicting policies that may be overriding the minimum PIN complexity policy.
    3. Check the Windows 11 computer's registry to see if there are any conflicting settings there. To do this, open the Registry Editor and navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System". Look for a value named "AllowDomainPINLogon" and make sure it is set to "1". Also, check if there are any other PIN-related policies that may be overriding the minimum PIN complexity policy.
    4. Try disabling and re-enabling the minimum PIN complexity policy on the Domain Controller. This may help to refresh the policy on the Windows 11 computer.

    If none of these steps resolve the issue, it's possible that there may be a bug or compatibility issue with the version of Windows 11 you are using. You may want to check for any available updates or patches that may address the issue, or contact Microsoft support for further assistance.

    0 comments
  2. Vadim K 21 Reputation points
    2023-03-20T14:36:35.0433333+00:00

    I checked everything, there're no conflicts and the policy for minimum PIN complexity is still enabled and set to 4 digits. Actually, I didn't change anything for the long time. Just one day it stopped working. So, what I did. Clean installation Windows 11 22H2 22621.1413 (no any local policies). 4 digits pin is good. Joined to domain and voila, asking for 6 digits pin. So, I decided to use 6 digits pin (not a big deal). I just don't like being left with no choice.

    0 comments