GPOs

From KG7QIN's Wiki
Jump to navigation Jump to search

The following are various Windows GPOs I've used at some point:

Shared PC Login Screen and Background

Windows Pro can have a login screen and default desktop wallpaper using the following GPO. This GPO will set both the login screen, turn off the Content Delivery Manager (source of the random lock screen images), and set the background wallpaper once logged in. This is useful for computers that are Shared PCs (like in conference rooms, etc):

File Share

Setup a network file share that can be accessed READ ONLY by EVERYONE. This is where you will store the login screen file(s) at in .jpg format. Note that this file share will be accessed by computer accounts and not user, and needs to have both the share and file permissions set to READ by EVERYONE.

GPO Settings

Create the following GPO under Computer Configuration:

Policies -> Administrative Templates -> Control Panel/Personalization

  • Force a specific default lock screen and logon image: Enabled
  • Path to lock screen image: C:\Windows\Personalization\SharedPC.jpg
  • Turn off fun facts, tips, tricks, and more on lock screen: Enabled

Preferences -> Windows Settings -> Files

GPO Editing: Preferences -> Windows Settings -> Files Dialog
  • Add the following entries:
    • File:
      • Target Path: C:\Windows\Personalization\SharedPC.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of lock screen wallpaper.jpg>
      • Destination file: C:\Windows\Personalization\SharedPC.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled
      • Options - Stop processing items on this extension if an error occurus on this item: No
      • Options - Remove this item when it is no longer applied: No
      • Options - Apply once and do not reapply: No
    • File:
      • Target Path: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of background wallpaper.jpg>
      • Destination file: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Folders

GPO Editing: Preferences -> Windows Settings -> Folders Dialog
  • Add the following entries:
    • Folder:
      • Path: C:\Windows\Personalization
      • Action: Update
      • Attributes - Path: C:\Windows\Personalization
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Registry

GPO Editing: Preferences -> Windows Settings -> Registry Dialog
  • Add the following entries:
    • OEMBackground
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
      • Properties - Value name: OEMBackground
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • SetEduPolicies:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedPC
      • Properties - Value name: SetEduPolicies
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • PersonalizationCSP:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
    • LockScreenImagePath:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImagePath
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • LockScreenImageStatus:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageStatus
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • LockScreenImageUrl:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageUrl
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • RotatingScreenLockEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
    • RotatingScreenLockOverlayEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockOverlayEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
Retrieved from "https://wiki.kg7qin.org/index.php?title=GPOs&oldid=115"