GPOs

From KG7QIN's Wiki
Jump to navigation Jump to search

The following are various Windows GPOs I've used at some point:

Shared PC Login Screen and Background

Windows Pro can have a Login screen using the following GPO. This GPO will set both the login screen, turn off the Content Delivery Manager (source of the random lock screen images), and set the background wallpaper once logged in. This is useful for computers that are Shared PCs (like in conference rooms, etc):

  1. Setup a network file share that can be accessed READ ONLY by EVERYONE. This is where you will store the login screen file(s) at in .jpg format.
  2. Create the following GPO under Computer Configuration:

Policies -> Administrative Templates -> Control Panel/Personalization

  • Force a specific default lock screen and logon image: Enabled
  • Path to lock screen image: C:\Windows\Personalization\SharedPC.jpg
  • Turn off fun facts, tips, tricks, and more on lock screen: Enabled

Preferences -> Windows Settings -> Files

GPO Editing: Preferences -> Windows Settings -> Files Dialog
  • Add the following entries:
    • File:
      • Target Path: C:\Windows\Personalization\SharedPC.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of lock screen wallpaper.jpg>
      • Destination file: C:\Windows\Personalization\SharedPC.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled
      • Options - Stop processing items on this extension if an error occurus on this item: No
      • Options - Remove this item when it is no longer applied: No
      • Options - Apply once and do not reapply: No
    • File:
      • Target Path: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Action: Update
      • Source file(s): <UNC path to file share>\<filename of background wallpaper.jpg>
      • Destination file: C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg
      • Suppress errors on individual file actions: Enabled
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Folders

GPO Editing: Preferences -> Windows Settings -> Folders Dialog
  • Add the following entries:
    • Folder:
      • Path: C:\Windows\Personalization
      • Action: Update
      • Attributes - Path: C:\Windows\Personalization
      • Attributes - Read Only: Disabled
      • Attributes - Hidden: Disabled
      • Attributes - Archive: Enabled

Preferences -> Windows Settings -> Registry

GPO Editing: Preferences -> Windows Settings -> Registry Dialog
  • Add the following entries:
    • OEMBackground
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background
      • Properties - Value name: OEMBackground
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • SetEduPolicies:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedPC
      • Properties - Value name: SetEduPolicies
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • PersonalizationCSP:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
    • LockScreenImagePath:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImagePath
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • LockScreenImageStatus:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageStatus
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x1 (1)
    • LockScreenImageUrl:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP
      • Properties - Value name: LockScreenImageUrl
      • Properties - Value type: REG_SZ
      • Properties - Value data: C:\Windows\Personalization\SharedPC.jpg
    • RotatingScreenLockEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
    • RotatingScreenLockOverlayEnabled:
      • Action: Update
      • Properties - Hive: HKEY_LOCAL_MACHINE
      • Properties - Key path: SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager
      • Properties - Value name: RotatingScreenLockOverlayEnabled
      • Properties - Value type: REG_DWORD
      • Properties - Value data: 0x0 (0)
Retrieved from "https://wiki.kg7qin.org/index.php?title=GPOs&oldid=110"