Setting lockscreen image for all users on a network after sysprep


  1. MikeNomad
    Posts : 20
    WIN10
       New #1

    Setting lockscreen image for all users on a network after sysprep


    Hi I used the sysprep tutorial to create an image for the classroom - during sysprep I created a users profile and locked all the personalization settings - in the system group policy I set a default lock screen image and set to not allow changes to the lock screen - I used the copy profile for my answer file - windows 10 pro 1607 image

    This worked fine for the admin acount I created on initial setup however every new user account uses the slideshow and does not use the default image I setup - the image is stored in Windows/system32 folder

    I have tried editing the registry HKEY Local Machine -> Software -> Polices -> Microsoft -> Windows -> Personalization -> LockScreenImage

    to set the default image but this did not work.

    Is there any way of setting the default lock screen for all users on the machine to use the image I setup

    I also tried gpupdate /force I get the responce gpupdated but this does not fix the problem

    Any suggestions, software, regedits, powershell scrupts I can use to force all users to have the same lock screen

    thanks
    Mike
      My Computer
    Quote Quote

  3. MikeNomad
    Posts : 20
    WIN10
    Thread Starter
       New #2

    Ok so after some searching I created the following PowerShell script to replace the default image for the login page - this works fine for a single user I thought by replacing the image in the Windows/web folder with my own any new users would have the same image but they get the standard image so I am stuck

    Code:
    $code = @"
using System;
using System.Runtime.InteropServices;

namespace CosmosKey.Utils
{
public class TokenManipulator
{


  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
  ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);


  [DllImport("kernel32.dll", ExactSpelling = true)]
  internal static extern IntPtr GetCurrentProcess();


  [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
  internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr
  phtok);


  [DllImport("advapi32.dll", SetLastError = true)]
  internal static extern bool LookupPrivilegeValue(string host, string name,
  ref long pluid);


  [StructLayout(LayoutKind.Sequential, Pack = 1)]
  internal struct TokPriv1Luid
  {
   public int Count;
   public long Luid;
   public int Attr;
  }

  internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
  internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
  internal const int TOKEN_QUERY = 0x00000008;
  internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;

  public const string SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege";
  public const string SE_AUDIT_NAME = "SeAuditPrivilege";
  public const string SE_BACKUP_NAME = "SeBackupPrivilege";
  public const string SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege";
  public const string SE_CREATE_GLOBAL_NAME = "SeCreateGlobalPrivilege";
  public const string SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege";
  public const string SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege";
  public const string SE_CREATE_SYMBOLIC_LINK_NAME = "SeCreateSymbolicLinkPrivilege";
  public const string SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege";
  public const string SE_DEBUG_NAME = "SeDebugPrivilege";
  public const string SE_ENABLE_DELEGATION_NAME = "SeEnableDelegationPrivilege";
  public const string SE_IMPERSONATE_NAME = "SeImpersonatePrivilege";
  public const string SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege";
  public const string SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege";
  public const string SE_INC_WORKING_SET_NAME = "SeIncreaseWorkingSetPrivilege";
  public const string SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege";
  public const string SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege";
  public const string SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege";
  public const string SE_MANAGE_VOLUME_NAME = "SeManageVolumePrivilege";
  public const string SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege";
  public const string SE_RELABEL_NAME = "SeRelabelPrivilege";
  public const string SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege";
  public const string SE_RESTORE_NAME = "SeRestorePrivilege";
  public const string SE_SECURITY_NAME = "SeSecurityPrivilege";
  public const string SE_SHUTDOWN_NAME = "SeShutdownPrivilege";
  public const string SE_SYNC_AGENT_NAME = "SeSyncAgentPrivilege";
  public const string SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege";
  public const string SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege";
  public const string SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege";
  public const string SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege";
  public const string SE_TCB_NAME = "SeTcbPrivilege";
  public const string SE_TIME_ZONE_NAME = "SeTimeZonePrivilege";
  public const string SE_TRUSTED_CREDMAN_ACCESS_NAME = "SeTrustedCredManAccessPrivilege";
  public const string SE_UNDOCK_NAME = "SeUndockPrivilege";
  public const string SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege";

  public static bool AddPrivilege(string privilege)
  {
   try
   {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = GetCurrentProcess();
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    tp.Attr = SE_PRIVILEGE_ENABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
   }
   catch (Exception ex)
   {
    throw ex;
   }

  }
  public static bool RemovePrivilege(string privilege)
  {
   try
   {
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = GetCurrentProcess();
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    tp.Attr = SE_PRIVILEGE_DISABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
   }
   catch (Exception ex)
   {
    throw ex;
   }

  }
}
}
"@

# Take ownership
add-type $code
[void][CosmosKey.Utils.TokenManipulator]::AddPrivilege([CosmosKey.Utils.TokenManipulator]::SE_RESTORE_NAME)
$file = "c:\Windows\Web\Screen\img100.jpg"
$user = $env:username
$Account = New-Object System.Security.Principal.NTAccount($user)
$FileSecurity = new-object System.Security.AccessControl.FileSecurity
$FileSecurity.SetOwner($Account)
[System.IO.File]::SetAccessControl($file, $FileSecurity)
[void][CosmosKey.Utils.TokenManipulator]::RemovePrivilege([CosmosKey.Utils.TokenManipulator]::SE_RESTORE_NAME)

# copy file permissions

$Acl = Get-Acl "C:\Users\Test"
Set-Acl "C:\Windows\Web\Screen\img100.jpg" $Acl
Unblock-File -Path "C:\Windows\Web\Screen\img100.jpg"
# Replace image file

Get-Item -Path C:\screen\img100.jpg
Copy-Item  -Path C:\screen\img100.jpg -Destination C:\Windows\Web\Screen -Recurse -force

# Set registry key
$path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" 
$img =  "C:\Windows\System32\screen.jpg"

Set-ItemProperty -Path $path -Name LockScreenImage -value $img
      My Computer
    Quote Quote

 

  Related Discussions
Thanks for taking a look at my issue. i have ticked the box to enable "show lock screen background picture on sign-in screen" however it works sometimes and doesn't work sometimes. More recently it just doesn't work at all. What do yuo think...
Hey guys, So I have a GPO set for our workplace, and have been using this since the original RTM build of Windows 10 back in 2015. It worked fine on all versions up until the Creator's Update, when it somehow seems to have stopped working, and...
I'm on Windows 10 pro, version 1607, and I have two problems, both of which I believe may be connected. My lock screen spotlight image does not change every now and then; the lock screen spotlight functionality that changes the lock screen picture...
Hi Everyone I am working on creating new Windows10 images for our organization. I am using CopyProfile during sysprep to create a default Windows profile with all our settings. For some reason the default app associations are getting cleared...
Can't see users list on Win 10 Lockscreen
in User Accounts and Family Safety

Hi, I have a new acer desktop with win 10 home version 10.0.14393. The problem is after I lock my screen, I can't see the users so I can select the user I want and enter the password. Mouse and keyboard are working. It's a bit hard for me...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:05.
Find Us




Windows 10 Forums