GPMC, Group Policy Objects, Group Policy Preferences, Registry, Windows 10

How to: Enable Windows 10 Biometrics (Facial and Fingerprint) Logon

Enable all of these policies and set the registry key to enable the Windows 10 facial and fingerprint logon feature.

Group Policy settings:

Computer Configuration\Administrative Templates\System\Logon

  • Turn on convenience PIN sign-in (Enabled)

Computer Configuration\Administrative Templates\Biometrics

  • Allow the use of biometrics (Enabled)
  • Allow users to log on using biometrics (Enabled)
  • Allow domain users to log on using biometrics (Enabled)

Computer Configuration\Administrative Templates\Biometrics\Facial Features

  • Use enhanced anti-spoofing when available (Disabled)

Computer Configuration\Administrative Templates\Windows Hello for Business

  • Use a hardware security device (Enable)
  • Use biometrics (Enabled)

Group Policy Preference settings:



BitLocker, Configuration Manager 2012, Deployment, Registry, Task Sequence, Windows 10, Windows 7, Windows Preinstallation Environment

Windows 7 Pre-Provision Bitlocker Not Working

After updating Configuration Manager 2012 R2 and adding the Windows 10 ADK, task sequences will no longer pre-provision BitLocker


With WinPE 10 it uses the AES-CBC 128-bit encryption method.


Add the following Run Command Line steps after Format and Partition and before Pre-provision BitLocker.

  1.  Set EncryptionMethodWithXtsFdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsFdv /d 3 /f
  2. Set EncryptionMethodWithXtsOs – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsOs /d 3 /f
  3. Set EncryptionMethodWithXtsRdv – reg add HKLM\SOFTWARE\Policies\Microsoft\FVE /t REG_DWORD /v EncryptionMethodWithXtsRdv /d 3 /f

Available Encryption Methods in WinPE 10

  1. Value Data: 3 (Description: AES-CBC 128-bit)
  2. Value Data: 4 (Description: AES-CBC 256-bit)
  3. Value Data: 6 (Description: XTS-AES 128 bit)
  4. Value Data: 7 (Description: XTS-AES 256-bit)
Configuration Manager 2012, Deployment, Logs, Registry, Script, Task Sequence

CScript Error: Can’t find script engine “VBScript” for script

During a OSD task sequence in Configuration Manager, we ran into an error with a VBS script that has worked previously.

The error in the SMSTS.LOG file was: CScript Error: Can’t find script engine “VBScript” for script

The problem appears to be caused by a changed registry value: HKEY_LOCAL_MACHINE\Software\Microsoft\COM3\REGDBVersion

After some searching on the internet the solution was to add the modify the REGDBVersion to a value of hex:01,00,00

Add to task sequence via a Command Line: REG ADD HKLM\Software\Microsoft\COM3 /v REGDBVersion /t REG_BINARY /d 010000 /f



Enabling/Disabling Fast Startup and Hibernation

Enable Hibernation: powercfg -h on

Enable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 1 /F

Disable Hibernation: powercfg -h off

Disable Fast Startup: REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power” /V HiberbootEnabled /T REG_dWORD /D 0 /F

Administration, Group Policy Preferences, Registry

Modify Performance Options and Visual Effects via Registry

Had a situation where I needed to modify the Visual Effects, under Performance Options, for a customer.

Create a Registry Item in Group Policy Preference under the User Configuration.


You have a number of options for the data value:

VisualFXSetting=dword:00000000 = Let Windows choose what’s best

VisualFXSetting=dword:00000001 = Adjust for best apperance

VisualFXSetting=dword:00000002 = Adjust for best performance

VisualFXSetting=dword:00000003 = Custom

Add the Apply once option and the end user can modify as required.

Group Policy Preferences, Office 2007, Registry

Office 2007 – Update links on save – Registry Setting – KB928737

I needed to uncheck the Update links on save in Excel 2007 options. There is a Microsft KB aricle about this setting:

KB928737 – A hyperlink does not work in an Excel 2007 client workbook that is published to Excel Services in SharePoint Server 2007

Microsoft show the manual method, but I need the registry setting so it can be applied via Group Policy Preferences.

After exporting to registry snapshots I used WinMerge to see what has changed.

The new registry setting is:


DWORD = 0 (Checked) Default
DWORD = 1 (Unchecked)

Deployment, MDT, Registry, Script, Task Sequence, Virtualization, VMware, Windows 7

VMware View Optimization Guide for Windows 7

Great guide to optimise your virtual Windows 7 build using Microsoft Deployment Toolkit. Takes you through services, profiles and registry setting in an easy to read document.