How To Windows

Fix Access Denied, 0x80090010, NTE_PERM Windows Hello Error

By Raj Bepari 3 min read
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

The error “Access denied, 0x80090010, NTE_PERM” in Windows Hello typically appears when trying to set up or use Windows Hello PIN, fingerprint, or facial recognition. This error is related to cryptographic permissions and usually indicates that Windows cannot access or modify security keys stored in the system’s Trusted Platform Module (TPM) or local security container.

This issue often occurs after Windows updates, profile corruption, TPM changes, domain policy enforcement, or damaged NGC (Next Generation Credentials) folder permissions. When the security container becomes corrupted or inaccessible, Windows Hello fails with the NTE_PERM (Permission) error.

Fixing this Windows Hello error involves resetting the PIN container, repairing system files, checking TPM status, and correcting folder permissions. Follow the detailed steps below to resolve the issue safely.

How to Fix Access Denied, 0x80090010, NTE_PERM Windows Hello Error

Proceed step by step and test Windows Hello setup after completing each method.

1. Restart Your Computer

Temporary security service glitches can trigger the error.

  1. Save all open work.
  2. Restart Windows 11.
  3. Go to Settings > Accounts > Sign-in options.
  4. Try setting up Windows Hello again.

If the error persists, continue with the next steps.

2. Remove and Recreate Windows Hello PIN

Resetting the PIN often resolves permission issues.

  1. Open Settings.
  2. Go to Accounts.
  3. Select Sign-in options.
  4. Click PIN (Windows Hello).
  5. Select Remove.
  6. Restart your PC.
  7. Add a new PIN.

If the remove option fails, proceed to manually reset the NGC folder.

3. Delete the NGC Folder (Reset PIN Container)

The NGC folder stores Windows Hello credentials.

  1. Press Windows + R.
  2. Navigate to: C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
  3. Take ownership of the NGC folder if access is denied.
  4. Delete all contents inside the folder.
  5. Restart Windows.
  6. Set up Windows Hello again.

This recreates the credential container.

4. Check TPM Status

Windows Hello relies on TPM for secure key storage.

  1. Press Windows + R.
  2. Type tpm.msc and press Enter.
  3. Confirm the TPM status shows Ready for use.
  4. If TPM is not ready, enable it in BIOS.

A malfunctioning TPM can cause NTE_PERM errors.

5. Clear TPM (If Necessary)

Only do this if TPM corruption is suspected.

  1. Open Windows Security.
  2. Go to Device security.
  3. Select Security processor details.
  4. Click Security processor troubleshooting.
  5. Select Clear TPM.
  6. Restart your PC.

Ensure you have BitLocker recovery keys before clearing TPM.

6. Run System File Checker (SFC)

Corrupted system files may cause permission errors.

  1. Open Command Prompt as administrator.
  2. Run: sfc /scannow
  3. Restart your PC after completion.

This repairs corrupted Windows components.

7. Use DISM to Repair Windows Image

If SFC does not fix the issue:

  1. Open Command Prompt as administrator.
  2. Run: DISM /Online /Cleanup-Image /RestoreHealth
  3. Restart Windows.

DISM repairs deeper system image corruption.

8. Check Cryptographic Services

Required security services must be running.

  1. Press Windows + R.
  2. Type services.msc and press Enter.
  3. Ensure the following services are running:
    1. Cryptographic Services
    2. Windows Biometric Service
    3. Security Accounts Manager
  4. Set startup type to Automatic if needed.

Stopped services can cause NTE_PERM errors.

9. Create a New User Account

Corrupted user profiles can break Windows Hello.

  1. Open Settings.
  2. Go to Accounts > Other users.
  3. Add a new local user.
  4. Log into the new account.
  5. Try setting up Windows Hello.

If it works, the original profile may be corrupted.

10. Check Group Policy (Pro Editions)

Enterprise policies may block Windows Hello.

  1. Press Windows + R.
  2. Type gpedit.msc.
  3. Navigate to Windows Hello and PIN-related policies.
  4. Ensure Windows Hello is not disabled.
  5. Restart Windows if changes are made.

Managed devices may enforce restrictions.

11. Install Windows Updates

Security patches may resolve cryptographic issues.

  1. Open Settings.
  2. Go to Windows Update.
  3. Click Check for updates.
  4. Install available updates.
  5. Restart your PC.

Updates often fix TPM and authentication bugs.

12. Reset Windows (Last Resort)

If all else fails:

  1. Back up important files.
  2. Open Settings.
  3. Go to System > Recovery.
  4. Click Reset this PC.
  5. Choose Keep my files.
  6. Complete the reset process.

This restores system security components.

Final Thoughts

The “Access denied, 0x80090010, NTE_PERM” Windows Hello error is typically caused by corrupted PIN containers, TPM misconfiguration, permission issues, or damaged system files rather than hardware failure. In most cases, deleting the NGC folder and recreating the PIN resolves the issue quickly.

Raj Bepari

I’m a digital content creator passionate about everything tech.