GPOs

From KG7QIN's Wiki
Revision as of 04:21, 18 February 2024 by Kg7qin (talk | contribs) (Created initial page)
Jump to navigation Jump to search

The following are various Windows GPOs I've used at some point:

Shared PC Login Screen and Desktop Wallpaper

Windows Pro can have a login screen and default desktop wallpaper using the following GPO. This GPO will set the login screen background image, desktop wallpaper, and turn off the Content Delivery Manager (source of the random lock screen images). This is useful for computers that are Shared PCs (like in conference rooms, etc).

Note: The login screen background is only available out of the box on the Enterprise and Education versions of Windows 10. The registry changes listed here will enable this feature on the Pro version of Windows 10. This has not been tested with Windows 11.

File Share

Setup a network file share that can be accessed READ ONLY by AUTHENTICATED USERS. This is where you will store the login screen and desktop background wallpaper files at in .jpg format. Note that this file share will be accessed by computer accounts using this GPO and will fail without the proper share and file system permissions.

GPO Settings

Create the following GPO under Computer Configuration:

Policies -> Administrative Templates -> Control Panel/Personalization

  • Force a specific default lock screen and logon image: Enabled
  • Path to lock screen image: C:\Windows\Personalization\SharedPC.jpg
  • Turn off fun facts, tips, tricks, and more on lock screen: Enabled

Preferences -> Windows Settings -> Files

 
GPO Editing: Preferences -> Windows Settings -> Files Dialog
  • Add the following entries:
    • File:
      • Target Path: C:\Windows\Personalization\SharedPC.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of lock screen wallpaper.jpg>
      • Destination file: C:\Windows\Personalization\SharedPC.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled
      • Options - Stop processing items on this extension if an error occurus on this item: No
      • Options - Remove this item when it is no longer applied: No
      • Options - Apply once and do not reapply: No
    • File:
      • Target Path: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of background wallpaper.jpg>
      • Destination file: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Folders

 
GPO Editing: Preferences -> Windows Settings -> Folders Dialog
  • Add the following entries:
    • Folder:
      • Path: C:\Windows\Personalization
      • Action: Update
      • Attributes - Path: C:\Windows\Personalization
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Registry

 
GPO Editing: Preferences -> Windows Settings -> Registry Dialog
  • Add the following entries:
    • OEMBackground
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
      • Properties - Value name: OEMBackground
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • SetEduPolicies:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedPC
      • Properties - Value name: SetEduPolicies
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • PersonalizationCSP:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
    • LockScreenImagePath:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImagePath
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • LockScreenImageStatus:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageStatus
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • LockScreenImageUrl:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageUrl
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • RotatingScreenLockEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
    • RotatingScreenLockOverlayEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockOverlayEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
Retrieved from "https://wiki.kg7qin.org/index.php?title=GPOs&oldid=166"