Issue on windows 10 laptop where local admins cant make certain changes

We have a laptop with windows 10 on it and it was setup with an admin account. New we added 2 new users to this same computer and put them in the administrators group on the laptop but there are some settings that the 2 new users still cant get to because they are greyed out.
Is there something I have to do with the original admin account that was used to setup the laptop to allow these new local users the ability to make any changes needed on the laptop?
LVL 1
vmichAsked:
Who is Participating?
 
vmichConnect With a Mentor Author Commented:
Here is how I resolved the issue by setting this on the win 10 laptop..
Once this was set, they could access all again



down vote
Setting the following registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
0
 
JohnBusiness Consultant (Owner)Commented:
Log into each user (since they are all Administrators) and make sure in each user, no updates are pending, Complete updates if they are pending.

If that does not solve the issue, make the second two accounts Standard temporarily, restart and test the first. account.
0
 
Joseph HornseyPresident and JanitorCommented:
If the computers are in a domain, there will be settings controlled by Group Policy which will not be available for local admins to change.
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
vmichAuthor Commented:
Yes the computer is in a domain but one of the users that logs onto this computer is one of the owners so I would think he should be able to do what he wants on this laptop
0
 
Joseph HornseyPresident and JanitorCommented:
Not necessarily.  When a computer joins the domain, it is now under the authority of that domain and any settings enforced by the domain will override the local computer's settings.
0
 
vmichAuthor Commented:
So I guess the admin account that was used to setup this laptop must be immune to the group policy that maybe there
0
 
David Johnson, CD, MVPOwnerCommented:
On a domain joined machine no person owns the hardware it is managed by the domain and not the user. One could logon using a local account that is an administrator or even enable the 'administrator' account.  the problem being that once the user logs off of the local account and logs into the domain account the changes may be overwritten by group policy.
0
 
vmichAuthor Commented:
Ok where would in the GPO do I find the settings like finger print scan and facial recognition because that is where some of the settings are that the users cannot make changes to that they need to?
0
 
vmichAuthor Commented:
Anyone know what in the GPO I need to make the change for the facial rec and the finger sign on because it looks like these are greyed out by default because we don't have any GPO that I can find that would be greying out these options?
0
 
McKnifeCommented:
There's an excel sheet that you can search: https://www.microsoft.com/en-us/download/details.aspx?id=25250
0
 
DonNetwork AdministratorCommented:
Check this policy

Expand "Computer Configuration > Administrative Templates > Windows Components > Biometrics"

https://community.spiceworks.com/how_to/123490-enable-logons-to-domain-accounts-using-biometric-fingerprint-reader
0
 
DonNetwork AdministratorCommented:
You may also need to check this setting

Interactive logon: Do not display last user name:                Enable

https://support.microsoft.com/en-us/help/3169080/facial-recognition-logon-doesn-t-work-after-you-apply-a-group-policy-s
0
 
vmichAuthor Commented:
Donald,
Will this then allow the user to make changes to the finger print login and fascial rec?
0
 
David Johnson, CD, MVPOwnerCommented:
either machine or user
Windows Components\Windows Hello for Business
0
 
DonNetwork AdministratorCommented:
That's the hope, We don't use those yet...but that's what I found that may help you.
0
 
McKnifeCommented:
Good. Will you close the question, please?
0
 
vmichAuthor Commented:
Your Comment
by:vmich


Best Solution
Here is how I resolved the issue by setting this on the win 10 laptop..
Once this was set, they could access all again




Setting the following registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.