????
Current Path : C:/Windows/PolicyDefinitions/en-US/ |
Current File : C:/Windows/PolicyDefinitions/en-US/Biometrics.adml |
<?xml version="1.0" encoding="utf-8"?> <!-- (c) 2008 Microsoft Corporation --> <policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.0" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"> <displayName>Biometrics Configuration Settings</displayName> <description>Biometrics Configuration Settings</description> <resources> <stringTable> <string id="BiometricsConfiguration">Biometrics</string> <string id="FaceConfiguration">Facial Features</string> <string id="Biometrics_EnableBio">Allow the use of biometrics</string> <string id="Biometrics_EnableBio_Help">This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting, the Windows Biometric Service is available, and users can run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the "Allow users to log on using biometrics" policy setting. If you disable this policy setting, the Windows Biometric Service is unavailable, and users cannot use any biometric feature in Windows. Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials. </string> <string id="Biometrics_EnableCredProv">Allow users to log on using biometrics</string> <string id="Biometrics_EnableCredProv_Help">This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default, local users will be able to log on to the local computer, but the "Allow domain users to log on using biometrics" policy setting will need to be enabled for domain users to log on to the domain. If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and can elevate permissions with UAC using biometrics. If you disable this policy setting, biometrics cannot be used by any users to log on to a local Windows-based computer. Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their logon credentials. </string> <string id="Biometrics_EnableDomainCredProv">Allow domain users to log on using biometrics</string> <string id="Biometrics_EnableDomainCredProv_Help">This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics. If you enable or do not configure this policy setting, Windows allows domain users to log on to a domain-joined computer using biometrics. If you disable this policy setting, Windows prevents domain users from logging on to a domain-joined computer using biometrics. Note: Prior to Windows 10, not configuring this policy setting would have prevented domain users from using biometrics to log on. </string> <string id="Biometrics_FUSTimeout">Specify timeout for fast user switching events</string> <string id="Biometrics_FUSTimeout_Help">This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default, a fast user switch event is active for 10 seconds before becoming inactive. If you enable this policy setting, you can configure the fast user switch event timeout to specify the number of seconds the event remains active. This value cannot exceed 60 seconds. If you disable or do not configure this policy setting, a default value of 10 seconds is used for fast-user switch event timeouts. </string> <string id="Face_EnhancedAntiSpoofing">Configure enhanced anti-spoofing</string> <string id="Face_EnhancedAntiSpoofing_Help">This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. If you disable or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. </string> </stringTable> <presentationTable> <presentation id="Biometrics_FUSTimeout"> <decimalTextBox refId="Pol_Biometrics_FUSTimeout" defaultValue="10">Timeout in seconds:</decimalTextBox> </presentation> </presentationTable> </resources> </policyDefinitionResources>