Windows Hello, SCRIL and Pin Reset Issue

%3CLINGO-SUB%20id%3D%22lingo-sub-976627%22%20slang%3D%22en-US%22%3EWindows%20Hello%2C%20SCRIL%20and%20Pin%20Reset%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-976627%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3CBR%20%2F%3EWe%20are%20testing%20Windows%20Hello%20for%20Business%20with%20goal%20to%20disable%20password%20completely%20with%20users%20restricting%20to%20login%20via%20Windows%20Hello(by%20enabling%20Smart%20card%20is%20required%20for%20interactive%20login)%20and%20remove%20password%20credential%20provider.%3C%2FP%3E%3CP%3EOne%20thing%20we%20are%20struggling%20with%20is%2C%20how%20admins%20can%20reset%20the%20PIN%20if%20users%20forget%20their%20PIN.%20Right%20now%20if%20we%20enable%20PIN%20reset%20option%20for%20users%20and%20user%20try%20to%20reset%20the%20PIN%2C%20the%20reset%20screen%20asks%20for%20user%20password%20to%20verify%20the%20identity%2C%20but%20we%20have%20disabled%20the%20password%20credentials%20and%20by%20enabling%20the%20smart%20card%20is%20required%20options%20in%20user%20profiles%2C%20%2C%20Active%20Directory%20changes%20the%20affected%20user's%20password%20to%20a%20random%20128%20bits%20of%20data..%20so%20there%20is%20no%20password%20anymore.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20short%20by%20enabling%20SCRIL%20and%20enforcing%20user%20to%20login%20via%20smart%20card%2FWindows%20Hello%20for%20Business%20only%2C%20how%20users%20can%20reset%20their%20PIN%20if%20forgotten(without%20knowing%20their%20password).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1008980%22%20slang%3D%22en-US%22%3ERE%3A%20Windows%20Hello%2C%20SCRIL%20and%20Pin%20Reset%20Issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1008980%22%20slang%3D%22en-US%22%3Ecar%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi
We are testing Windows Hello for Business with goal to disable password completely with users restricting to login via Windows Hello(by enabling Smart card is required for interactive login) and remove password credential provider.

One thing we are struggling with is, how admins can reset the PIN if users forget their PIN. Right now if we enable PIN reset option for users and user try to reset the PIN, the reset screen asks for user password to verify the identity, but we have disabled the password credentials and by enabling the smart card is required options in user profiles, , Active Directory changes the affected user's password to a random 128 bits of data.. so there is no password anymore.

 

In short by enabling SCRIL and enforcing user to login via smart card/Windows Hello for Business only, how users can reset their PIN if forgotten(without knowing their password).

 

 

1 Reply