Detecting Windows Hello Status
In order to make sure the users have Windows Hello configured, here is a step-by-step guide that will take you through the process of creating a Powershell script which will detect Windows Hello status and prompt the user if not configured
⛔️ Warning ⛔️ These are third-party scripts and have not been recommended by either Microsoft or IDEE. Please do your due diligence to decide if you should use them.
Follow the steps below to implement a script to run on startup:
Execute PowerShell script during Login using GPO
Launch the Group Policy Management Console by running GPMC.msc with administrator privileges. You can also launch the GPMC from the Tools menu of Server Manager.
Right-click on the domain name and select the option “Create a GPO in this domain, and Link it here”.
You will then see a window asking for a name for the new GPO.
In the Group Policy Manager window, browse for the GPO that you just created, right-click on it, and click on Edit.
This will open the Group Policy Management Editor, which will show a neutral folder location.
Go to “User Settings > Policies > Windows Settings > Scripts (Logon/Logoff)”.
Then, right-click on “Logon” and select “Properties”. Then, click on the “PowerShell scripts” tab.
Click on the Add and search for script, click on it.
Your GPO and script should now be configured. To check this, go to the Group Policy Manager, search for your GPO. Then, check its status and see if it is linked to the script.
PowerShell Detection script:
Note: The script needs to be saved on the Sysvol Folder, which can be accessed by going to Run > //domain.com. Open the Sysvol folder and paste the file.
