The content below is taken from the original (How to enable & configure PIN Complexity Group Policy in Windows 10), to continue reading please visit the site. Remember to respect the Author & Copyright.
You can force your users to create a complex PIN that uses digits, lowercase, uppercase & special characters to sign into in Windows 10 or Windows Server 2016 by enabling PIN Complexity Group Policy.
To create a PIN for signing into Windows 10 you have to open Settings > Accounts > Sign-in options. Here under PIN you will a Create or Add button to create a new PIN or you will see a Change or Remove button to change the PIN or remove it. You can enforce a policy where your users will be required to create a strong complex PIN to sign in. Let us see how to do this.
PIN Complexity Group Policy
To configure this policy, your version of Windows must ship with the Group Policy Editor. The Group Policy Editor is available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions only, and not in Windows 10 Home.
Run gpedit.msc to open the Local Group Policy Editor and navigate to the following setting:
Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business > PIN Complexity
Here you will see the following settings that are available:
- Require digits: Use this policy setting to configure the use of digits in the PIN.
- Require lowercase letters: Use this policy setting to configure the use of lowercase letters in the PIN.
- Maximum PIN length: The largest number you can configure for this policy setting is 127
- Minimum PIN length: The lowest number you can configure for this policy setting is 4
- Expiration: This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it.
- History: This setting specifies the number of past PINs that can be associated to a user account that can’t be reused.
- Require special characters: Use this policy setting to configure the use of special characters in the PIN.
- Require uppercase letters: Use this policy setting to configure the use of uppercase letters in the PIN.
Double-clicking on each of these settings will open up the configuration box for this setting – and the options & details are as follows-
| Require digits | Not configured: Users must include a digit in their PIN.
Enabled: Users must include a digit in their PIN. Disabled: Users cannot use digits in their PIN. |
| Require lowercase letters | Not configured: Users cannot use lowercase letters in their PIN.
Enabled: Users must include at least one lowercase letter in their PIN. Disabled: Users cannot use lowercase letters in their PIN. |
| Maximum PIN length | Not configured: PIN length must be less than or equal to 127.
Enabled: PIN length must be less than or equal to the number you specify. Disabled: PIN length must be less than or equal to 127. |
| Minimum PIN length | Not configured: PIN length must be greater than or equal to 4.
Enabled: PIN length must be greater than or equal to the number you specify. Disabled: PIN length must be greater than or equal to 4. |
| Expiration | Not configured: PIN does not expire.
Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0. Disabled: PIN does not expire. |
| History | Not configured: Previous PINs are not stored.
Enabled: Specify the number of previous PINs that can be associated to a user account that can’t be reused. Disabled: Previous PINs are not stored. |
| Require special characters | Not configured: Users cannot include a special character in their PIN.
Enabled: Users must include at least one special character in their PIN. Disabled: Users cannot include a special character in their PIN. |
| Require uppercase letters | Not configured: Users cannot include an uppercase letter in their PIN.
Enabled: Users must include at least one uppercase letter in their PIN. Disabled: Users cannot include an uppercase letter in their PIN. |
Go through the options carefully before you enable them.
As an example, let us say we want that users should use special characters in their PIN. In this case, you will have to double-click on Require special characters to open its configuration box.
Select Enabled and click on Apply.
Use this policy setting to configure the use of special characters in the PIN. Allowable special characters are: ! ” # $ % & ‘ ( ) * + , – . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ . If you enable this policy setting, Windows Hello for Business requires users to include at least one special character in their PIN. If you disable or do not configure this policy setting, Windows Hello for Business does not allow users to use special characters in their PIN.
Once you enable these policies, your users will be required to change the PIN and depending on the policies you have set, they will see the PIN requirements that you may have set.
Hope this helps.
See this post of PIN does not work and will not let you sign in to Windows 10.