Unable to sign in after GPO change

homegeeksnet 6 Reputation points

Good morning!

After changing my default domain policy GPO to enable Windows Hello For Business, I can no longer sign into ANY of my normal or admin domain users and get this message every time?!

"You must use Windows Hello or a smart card to sign in."

How can I undo this?

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,087 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,575 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marco Schiavon 711 Reputation points

    Don't worry..
    Log on as a domain administrator to a DC.
    open a CMD with Admin Rights and type:

    dcgpofix /target:Domain

    To reset the Default DC GPO, type : dcgpofix /target:DC

    If you need to reset also de default Domain Controller policy do :
    dcgpofix /target:both

    after that, do :
    repadmin /syncall /AdeP

  2. Limitless Technology 39,511 Reputation points

    Hello @homegeeksnet

    Additionally to revert back the changes.

    If you can not login to any of Domain PCs after this GPO then Install Windows Admin tools and access the GPO settings from there by entering your Domain Admin credentials
    Press Shift button and right click to run as different user then enter your Domain credentials.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments