If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the "Allow users to log on using biometrics" policy setting. If you disable this policy setting, the Windows Biometric Service will not be available, and users will be unable to use any biometric features in Windows. Note: Users who log on using biometrics should create a password-recovery disk; this will prevent data loss in the event that someone forgets their logon credentials. Countermeasure: Enable or disable this policy setting depending on whether or not your organization uses biometrics. Potential Impact: If you enable (or do not configure) this policy setting, the Windows Biometric Service will be available, and users will be able to run applications that use biometrics on Windows. If you want to enable the ability to log on with biometrics, you must also configure the "Allow users to log on using biometrics" policy setting. If you disable this policy setting, the Windows Biometric Service will not be available, and users will be unable to use any biometric features in Windows."

[enabled/disabled]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow the use of biometrics (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics!Enabled