GPOs: Difference between revisions

From KG7QIN's Wiki
Jump to navigation Jump to search
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Microsoft Windows]]
The following are various Windows GPOs I've used at some point:
The following are various Windows GPOs I've used at some point:


= Shared PC Login Screen and Background =
= Shared PC Login Screen and Desktop Wallpaper =
Windows Pro can have a Login screen using the following GPO.  This GPO will set both the login screen, turn off the Content Delivery Manager (source of the random lock screen images), and set the background wallpaper once logged in.  This is useful for computers that are Shared PCs (like in conference rooms, etc):
Windows Pro can have a login screen and default desktop wallpaper using the following GPO.  This GPO will set the login screen background image, desktop wallpaper, and turn off the Content Delivery Manager (source of the random lock screen images).  This is useful for computers that are Shared PCs (like in conference rooms, etc)
 
Note: The login screen background is only available out of the box on the Enterprise and Education versions of Windows 10 and 11.  The registry changes listed here will enable this feature on the Pro versions of both Windows 10 and 11.
== File Share ==
== File Share ==
Setup a network file share that can be accessed READ ONLY by EVERYONE. This is where you will store the login screen file(s) at in .jpg format.  Note that this file share will be read by the Computer accounts and not users.
Setup a network file share that can be accessed '''''READ ONLY''''' by '''''AUTHENTICATED USERS'''''.   This is where you will store the login screen and desktop background wallpaper files at in .jpg format.  Note that this file share will be accessed by computer accounts using this GPO and will fail without the proper share and file system permissions.


== GPO Settings ==
== GPO Settings ==

Latest revision as of 04:11, 16 January 2025

The following are various Windows GPOs I've used at some point:

Shared PC Login Screen and Desktop Wallpaper

Windows Pro can have a login screen and default desktop wallpaper using the following GPO. This GPO will set the login screen background image, desktop wallpaper, and turn off the Content Delivery Manager (source of the random lock screen images). This is useful for computers that are Shared PCs (like in conference rooms, etc).

Note: The login screen background is only available out of the box on the Enterprise and Education versions of Windows 10 and 11. The registry changes listed here will enable this feature on the Pro versions of both Windows 10 and 11.

File Share

Setup a network file share that can be accessed READ ONLY by AUTHENTICATED USERS. This is where you will store the login screen and desktop background wallpaper files at in .jpg format. Note that this file share will be accessed by computer accounts using this GPO and will fail without the proper share and file system permissions.

GPO Settings

Create the following GPO under Computer Configuration:

Policies -> Administrative Templates -> Control Panel/Personalization

  • Force a specific default lock screen and logon image: Enabled
  • Path to lock screen image: C:\Windows\Personalization\SharedPC.jpg
  • Turn off fun facts, tips, tricks, and more on lock screen: Enabled

Preferences -> Windows Settings -> Files

GPO Editing: Preferences -> Windows Settings -> Files Dialog
  • Add the following entries:
    • File:
      • Target Path: C:\Windows\Personalization\SharedPC.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of lock screen wallpaper.jpg>
      • Destination file: C:\Windows\Personalization\SharedPC.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled
      • Options - Stop processing items on this extension if an error occurus on this item: No
      • Options - Remove this item when it is no longer applied: No
      • Options - Apply once and do not reapply: No
    • File:
      • Target Path: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of background wallpaper.jpg>
      • Destination file: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Folders

GPO Editing: Preferences -> Windows Settings -> Folders Dialog
  • Add the following entries:
    • Folder:
      • Path: C:\Windows\Personalization
      • Action: Update
      • Attributes - Path: C:\Windows\Personalization
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Registry

GPO Editing: Preferences -> Windows Settings -> Registry Dialog
  • Add the following entries:
    • OEMBackground
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
      • Properties - Value name: OEMBackground
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • SetEduPolicies:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedPC
      • Properties - Value name: SetEduPolicies
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • PersonalizationCSP:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
    • LockScreenImagePath:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImagePath
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • LockScreenImageStatus:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageStatus
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • LockScreenImageUrl:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageUrl
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • RotatingScreenLockEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
    • RotatingScreenLockOverlayEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockOverlayEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
Retrieved from "https://wiki.kg7qin.org/index.php?title=GPOs&oldid=230"