question

cjcuster89-2897 avatar image
0 Votes"
cjcuster89-2897 asked ShivamSingh-7062 commented

Default Domain Lock Screen in Group Policy Management

Hi. I'm having an issue with setting a lock screen in my domain. I have created the image and placed it on one of our network shared drives which is \\server\folder\folder\image.png (this is an example path, but same formatting.

I have also created and set up the parameters for a new object under Group Policy Objects --> New. Then Policies --> Administrative Templates --> Control Panel --> Personalization (seen below)
15601-capture.png


Now at this part is where I'm a bit confused. I know I have to link the GPO somewhere in the domain, but I'm not sure where to. Should I link it directly to our domain under domain.local (again, example see screenshot). Or should it go under the destinations where to workstations are? I've tried both and did a gpupdate/force on my computer and restarted but the lock screen isn't changing. Does the whole server have to be restarted for it to take effect? I appreciate any help.

15559-capture2.png


windows-group-policywindows-server-2012
capture.png (13.6 KiB)
capture2.png (23.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Try to change the picture name

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered ShivamSingh-7062 commented

Hi,

Since the group policy is under Computer Configuration, we have to link the GPO to the OUs containing the workstations or the domain level.
If you link the GPO to the domain level , all the workstations in the domain will apply the policy.
If you link the GPO to the OU level, only workstations in the OU will apply the policy, workstations not in the OU will not effected by the policy.

When you edit the GPO and define the path for the image, type the fully qualified path and name of the file that stores the default lock screen and logon image. You can type a local path, such as C:\windows\web\screen\lockscreen.jpg or a UNC path, such as \\Server\Share\Corp.jpg.

Then on the client run cmd as administrator and type command:

Gpupdate /force

Gpresult /h report.html confirm if the policy was applied.

If the policy was applied in the gpresult, then go into the Registry and verified that the String Value is pointing the the correct path where the custom image is located.
Hive HKEY_LOCAL_MACHINE
Registry Path Software\Policies\Microsoft\Windows\Personalization
Value Name LockScreenImage
Value Type REG_SZ

Welcome to share here if you have any progress.
Best Regards,

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Okay, so I've followed your instructions and linked the GPO to the entire domain, but still having an issue. In the GP report I don't see the policy being applied anywhere. I would assume it's under Preferences --> Windows Settings? Or under Applied GPOs? It's not there either.

However, when I check the registry path you specified, I do see that the LockScreenImage is displaying the correct path. But, when I lock the computer, I'm still getting the windows spotlight lock screen. Any other thoughts?

15708-capture3.png


0 Votes 0 ·
capture3.png (9.1 KiB)

Hi,
The settings in the gpresult can be seen under the computer settings>administrative >control panel >
16003-8065.jpg
If the policy was applied but not showing correctly , may be a version problem.If it is WIN10 ,it only apply to Windows 10 Enterprise and Education.
https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight

And in this situation , GPO startup script can be used to do this.
https://gallery.technet.microsoft.com/scriptcenter/Change-Lock-Screen-and-245b63a0

Best Regards,


1 Vote 1 ·
8065.jpg (116.0 KiB)

Thanks for providing the script. The machines here at my organization are Windows 10 professional. Unfortunately I'm just local IT and I have no background in coding, so I honestly have no idea how to edit that code to make it work, or how I should go about implementing it. Do you possibly know which values I need to replace and with what so I can make this work?

Thank you,

0 Votes 0 ·

Hi I do not find the script. Please help me

0 Votes 0 ·
FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FabioFarinha-3439 published

Hi,


Download the Powershell script, and save it under a location you can find it easily.
16268-8078.jpg
You don't need to change anything in the script. When you deploy the Startup script GPO, we just need to put different parameters into it as following (4 types),you can select one as your requirement:
16305-80711.jpg
Create a GPO ,Llink it to the OU containing the computers
Under Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup / Shutdown).Double click it.
Under the Powershell script click add
16267-8079.jpg

Script Name:Set-Screen.ps1
Script Parameters:(change it to your own lock image and background image path):
-LockScreenSource "\\SERVER-FS01\LockScreen.jpg" -BackgroundSource "\\SERVER-FS01\BackgroundScreen.jpg"**
Click Show files, and copy the script you download into this location.
16160-80710.jpg
16323-80712.jpg
Also other steps are needed to be done, you can refer to the following link:
http://woshub.com/running-powershell-startup-scripts-using-gpo/



8078.jpg (32.4 KiB)
80711.jpg (57.2 KiB)
8079.jpg (80.4 KiB)
80710.jpg (71.1 KiB)
80712.jpg (26.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

=======================
Hi,
 
Just checking in to see if the information provided was helpful.
 
If the reply helped you, please remember to mark it as an answer.
If no, please reply and tell us the current situation in order to provide further help

Best Regards,

0 Votes 0 ·

Hi FanFan-MSFT,

Where do i get the link of the ps1 script that you showed in the picture? Can you post it here?

Thanks

0 Votes 0 ·
AyodeleOlafare-8395 avatar image
0 Votes"
AyodeleOlafare-8395 answered

Hello Fanfan

Kindly send me 132745-image.png the set-screen .ps1

script for logon screen

ayodele.olafare@outlook.com



image.png (84.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DonPickard-7259 avatar image
0 Votes"
DonPickard-7259 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.