Unable to sign in after GPO change

homegeeksnet 1 Reputation point

Good morning!

After changing my default domain policy GPO to enable Windows Hello For Business, I can no longer sign into ANY of my normal or admin domain users and get this message every time?!

"You must use Windows Hello or a smart card to sign in."

How can I undo this?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,748 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,141 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marco Schiavon 706 Reputation points

    Don't worry..
    Log on as a domain administrator to a DC.
    open a CMD with Admin Rights and type:

    dcgpofix /target:Domain

    To reset the Default DC GPO, type : dcgpofix /target:DC

    If you need to reset also de default Domain Controller policy do :
    dcgpofix /target:both

    after that, do :
    repadmin /syncall /AdeP

  2. Limitless Technology 37,771 Reputation points

    Hello @homegeeksnet

    Additionally to revert back the changes.

    If you can not login to any of Domain PCs after this GPO then Install Windows Admin tools and access the GPO settings from there by entering your Domain Admin credentials
    Press Shift button and right click to run as different user then enter your Domain credentials.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    0 comments No comments