Unable to sign in after GPO change

homegeeksnet 1 Reputation point
2021-09-13T08:41:08.493+00:00

Good morning!

After changing my default domain policy GPO to enable Windows Hello For Business, I can no longer sign into ANY of my normal or admin domain users and get this message every time?!

"You must use Windows Hello or a smart card to sign in."

How can I undo this?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,748 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,141 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marco Schiavon 706 Reputation points
    2021-09-13T10:16:42.427+00:00

    Don't worry..
    Log on as a domain administrator to a DC.
    open a CMD with Admin Rights and type:

    dcgpofix /target:Domain

    To reset the Default DC GPO, type : dcgpofix /target:DC

    If you need to reset also de default Domain Controller policy do :
    dcgpofix /target:both

    after that, do :
    repadmin /syncall /AdeP

  2. Limitless Technology 37,771 Reputation points
    2021-09-13T19:54:24.367+00:00

    Hello @homegeeksnet

    Additionally to revert back the changes.

    If you can not login to any of Domain PCs after this GPO then Install Windows Admin tools and access the GPO settings from there by entering your Domain Admin credentials
    Press Shift button and right click to run as different user then enter your Domain credentials.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments