Windows Hello for Business options currently unavailable

Question

Greetings Everyone, I am stock on this one and can't figure out why it won't work. I have gone through every walk through and settings and nothing seems to enable Hello Business. Background of the project, Server 2012 R2 server, used RSAT tools from my Windows 10 laptop to create the Domain Policy on the Domain controller to get the Hello for Business options. Here are some screen shots of what I have tried which I swear is everything. Thank you for the help!

Answer 1

Clearing all the contents of the NGC folder
path: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc, you need to take ownership of this folder.
Found a solution at https://social.technet.microsoft.com/Forums/en-US/84a0bd50-1360-4a94-bfb3-b049ecace521/pin-and-fingerprint-signin-options-unavailable-greyed-out-in-windows-10-1607-enterprise?forum=win10itprogeneral

1. "Turn on Convenience PIN sign-in" policy must be enabled
2. All 3 Policies under Computer Configuration\Administrative Templates\Windows Components\Windows Hello for Business\ must be in the state "Not configured". This was the piece that was missing, and not documented properly on Technet.
   Then, add the reg key mentioned above manually:
   [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
   "AllowDomainPINLogon"=dword:00000001

-------------------------------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Greetings TeemoTang,
Check my Ngc folder and it was all clear with nothing at all in it. The Convenience Pin Sign in I already had enabled in one of the pictures above but I triple checked and still enabled. I switched the Three Policies you suggested back to Not Configured and DWORD (64bit right I hope since I am running 64bit windows?) in my registry. Now the wait and see game. I did a gpupdate /force and a reboot of my PC but no changes yet. I will let you know the results for sure in a couple hours just to make sure. Thank you for your help!

Answer 3

I figured with a GPupdate /force and a couple reboots, the new settings should be working but same results. :( Seems like it should be a simple thing but I am stumped.

Answer 4

Very strange, please try the method here:
In my case, I added a new user (Add someone else to this PC) on the Accounts page (Family & other users) by creating a new Microsoft account. I was allowed to set up the Windows Hello for this new user. The new user was set to Administrator. Then I logged out and logged in with the old Admin account. Finally Windows allowed me to set up Hello for the old Admin account!!!!
Source:
https://social.technet.microsoft.com/Forums/windows/en-US/8eade100-6ea8-4e84-a332-f733920cf974/fresh-install-of-windows-10-1903-windows-hello-face-this-option-is-currently-unavailable-click?forum=win10itprosecurity

Answer 5

I will totally give that a shot. None of our accounts are set as local admins. Even me being the network admin but we have separate admin accounts when needed. I never thought of that and could see it totally working when set as a local admin. I will let you know the results when I get done testing it. Thank you for your help!