Issue on windows 10 laptop where local admins cant make certain changes

We have a laptop with windows 10 on it and it was setup with an admin account. New we added 2 new users to this same computer and put them in the administrators group on the laptop but there are some settings that the 2 new users still cant get to because they are greyed out.
Is there something I have to do with the original admin account that was used to setup the laptop to allow these new local users the ability to make any changes needed on the laptop?
LVL 1
vmichAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Log into each user (since they are all Administrators) and make sure in each user, no updates are pending, Complete updates if they are pending.

If that does not solve the issue, make the second two accounts Standard temporarily, restart and test the first. account.
0
Joseph HornseyPresident and JanitorCommented:
If the computers are in a domain, there will be settings controlled by Group Policy which will not be available for local admins to change.
0
vmichAuthor Commented:
Yes the computer is in a domain but one of the users that logs onto this computer is one of the owners so I would think he should be able to do what he wants on this laptop
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Joseph HornseyPresident and JanitorCommented:
Not necessarily.  When a computer joins the domain, it is now under the authority of that domain and any settings enforced by the domain will override the local computer's settings.
0
vmichAuthor Commented:
So I guess the admin account that was used to setup this laptop must be immune to the group policy that maybe there
0
David Johnson, CD, MVPOwnerCommented:
On a domain joined machine no person owns the hardware it is managed by the domain and not the user. One could logon using a local account that is an administrator or even enable the 'administrator' account.  the problem being that once the user logs off of the local account and logs into the domain account the changes may be overwritten by group policy.
0
vmichAuthor Commented:
Ok where would in the GPO do I find the settings like finger print scan and facial recognition because that is where some of the settings are that the users cannot make changes to that they need to?
0
vmichAuthor Commented:
Anyone know what in the GPO I need to make the change for the facial rec and the finger sign on because it looks like these are greyed out by default because we don't have any GPO that I can find that would be greying out these options?
0
McKnifeCommented:
There's an excel sheet that you can search: https://www.microsoft.com/en-us/download/details.aspx?id=25250
0
DonNetwork AdministratorCommented:
Check this policy

Expand "Computer Configuration > Administrative Templates > Windows Components > Biometrics"

https://community.spiceworks.com/how_to/123490-enable-logons-to-domain-accounts-using-biometric-fingerprint-reader
0
DonNetwork AdministratorCommented:
You may also need to check this setting

Interactive logon: Do not display last user name:                Enable

https://support.microsoft.com/en-us/help/3169080/facial-recognition-logon-doesn-t-work-after-you-apply-a-group-policy-s
0
vmichAuthor Commented:
Donald,
Will this then allow the user to make changes to the finger print login and fascial rec?
0
David Johnson, CD, MVPOwnerCommented:
either machine or user
Windows Components\Windows Hello for Business
0
DonNetwork AdministratorCommented:
That's the hope, We don't use those yet...but that's what I found that may help you.
0
vmichAuthor Commented:
Here is how I resolved the issue by setting this on the win 10 laptop..
Once this was set, they could access all again



down vote
Setting the following registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
Good. Will you close the question, please?
0
vmichAuthor Commented:
Your Comment
by:vmich


Best Solution
Here is how I resolved the issue by setting this on the win 10 laptop..
Once this was set, they could access all again




Setting the following registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.