<#
# It is recommended to test the script on a local machine for its purpose and effects.
# Endpoint Central will not be responsible for any
# damage/loss to the data/setup based on the behavior of the script.
# Description: Script to Enable / Disable Biometrics
# Configuration Type - Computer
# Arguments: 0 = Disable / 1 = Enable
# Example : 0 [OR] 1
# Note: If any GPO policy is enabled, it will not be effective.
# Refer: https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.MicrosoftPassportForWork::MSPassport_UseBiometrics
#>
# Check if an argument is provided
if ($args.Length -eq 0) {
Write-Host "Please provide an argument: '1' to enable or '0' to disable biometrics."
exit
}
# Determine the registry value based on the argument
$RegistryValue = if ($args[0] -eq '1') { 1 } elseif ($args[0] -eq '0') { 0 } else {
Write-Host "Invalid argument. Please specify '1' to enable or '0' to disable biometrics."
exit
}
# Define registry key and value information
$RegistryPaths = @(
"HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider",
"HKLM:\SOFTWARE\Policies\Microsoft\Biometrics",
"HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider"
)
$RegistryNames = @(
"Domain Accounts",
"Enabled",
"Enabled"
)
$RegistryTypes = @(
[Microsoft.Win32.RegistryValueKind]::DWORD,
[Microsoft.Win32.RegistryValueKind]::DWORD,
[Microsoft.Win32.RegistryValueKind]::DWORD
)
# Function to create registry path if it doesn't exist
function Create-RegistryPathIfNotExists($Path) {
if (!(Test-Path $Path)) {
New-Item -Path $Path -Force
}
}
# Set the registry values
try {
for ($i = 0; $i -lt $RegistryPaths.Length; $i++) {
# Create registry path if it doesn't exist
Create-RegistryPathIfNotExists $RegistryPaths[$i]
# Set the registry value
Set-ItemProperty -Path $RegistryPaths[$i] -Name $RegistryNames[$i] -Value $RegistryValue -Type $RegistryTypes[$i]
}
$action = if ($RegistryValue -eq 1) { "enabled" } else { "disabled" }
Write-Host "Biometrics have been successfully $action."
} catch {
Write-Host "Error: $_"
}