Share via

Unable to turn off Smart Card Emulation since Windows 11 24H2

Nicolas Blanc 0 Reputation points
2024-10-14T10:05:27.86+00:00

Hello all !

Within my company we use a specific manager for French Health System, which need to use Smart Card. The official system does not support the creation of a virtual «Windows Hello for Business» virtual smart card.

Before w11 24H2, i was able to turn it off with GPO, following this documentation:

https://zcusa.951200.xyz/en-us/windows/security/identity-protection/hello-for-business/policy-settings?tabs=smartcard

Since 24H2, every new user reseting his Windows Hello for Business parameter has the Virtual Smart Card back (even if the GPO is set to correct value)... Can someone here know if there's a new way of doing to turn off virtual smart card emulation ?

Best regards,

--

Nicolas Blanc.

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
9,750 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Zunhui Han 2,240 Reputation points Microsoft Vendor
    2024-10-18T09:35:57.3133333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    To further troubleshoot this issue, please kindly try below steps:

    1.Check if there's any wrong GPO configuration.

    2.Meanwhile you can try editing the registry to disable the virtual smart card emulation in below path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity -> set the value to 02.

    3.Ensure the group policy is up to date and applied to the machine.

    To help other customers who may be facing the same issue, please don't forget to vote if the reply is helpful.

    Best Regards

    Zunhui

  2. Nicolas Blanc 0 Reputation points
    2024-10-18T14:10:09.5333333+00:00

    Hello Zunhui,

    First, thanks a lot for your answer.

    Then, i tried as you asked me, but it failed. Let me detailed

    1. I checked the configuration on 2 laptops (one under W11 23H2, another one under W11 24H2), all the same.
    2. I tried the new key you gave me. And it failed. Originaly the Key modified by the GPO i used is:https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.MicrosoftPassportForWork::MSPassport_DisableSmartCardNode
    3. How can i verify it ? I use the one provided in the default W11 installation.

    I tried another test on a third laptop. Installed on 23H2, applied the GPO, modified the PIN. No «Windows For Hello business» virtual smart card. Then, with windows update, the laptop was migrated to 24H2. The virtual smart card is not there on the account.

    After another reboot to be sure, i verified the GPO and registry keys, all ok. If i click on modify my PIN, the virtual smart card come back. So to me the change is on 24h2 definitively... But i don’t know how to overcome.

    Thanks in advance,

    --

    Nicolas Blanc.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.