1.    21 Feb 2017 #1
    Join Date : Jun 2016
    Thailand
    Posts : 20
    WIN10

    Setting lockscreen image for all users on a network after sysprep


    Hi I used the sysprep tutorial to create an image for the classroom - during sysprep I created a users profile and locked all the personalization settings - in the system group policy I set a default lock screen image and set to not allow changes to the lock screen - I used the copy profile for my answer file - windows 10 pro 1607 image

    This worked fine for the admin acount I created on initial setup however every new user account uses the slideshow and does not use the default image I setup - the image is stored in Windows/system32 folder

    I have tried editing the registry HKEY Local Machine -> Software -> Polices -> Microsoft -> Windows -> Personalization -> LockScreenImage

    to set the default image but this did not work.

    Is there any way of setting the default lock screen for all users on the machine to use the image I setup

    I also tried gpupdate /force I get the responce gpupdated but this does not fix the problem

    Any suggestions, software, regedits, powershell scrupts I can use to force all users to have the same lock screen

    thanks
    Mike
      My ComputerSystem Spec
  2.    21 Feb 2017 #2
    Join Date : Jun 2016
    Thailand
    Posts : 20
    WIN10
    Thread Starter

    Ok so after some searching I created the following PowerShell script to replace the default image for the login page - this works fine for a single user I thought by replacing the image in the Windows/web folder with my own any new users would have the same image but they get the standard image so I am stuck

    Code:
    $code = @"
    using System;
    using System.Runtime.InteropServices;
    
    namespace CosmosKey.Utils
    {
    public class TokenManipulator
    {
    
    
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
      ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
    
    
      [DllImport("kernel32.dll", ExactSpelling = true)]
      internal static extern IntPtr GetCurrentProcess();
    
    
      [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
      internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr
      phtok);
    
    
      [DllImport("advapi32.dll", SetLastError = true)]
      internal static extern bool LookupPrivilegeValue(string host, string name,
      ref long pluid);
    
    
      [StructLayout(LayoutKind.Sequential, Pack = 1)]
      internal struct TokPriv1Luid
      {
       public int Count;
       public long Luid;
       public int Attr;
      }
    
      internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
      internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
      internal const int TOKEN_QUERY = 0x00000008;
      internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
    
      public const string SE_ASSIGNPRIMARYTOKEN_NAME = "SeAssignPrimaryTokenPrivilege";
      public const string SE_AUDIT_NAME = "SeAuditPrivilege";
      public const string SE_BACKUP_NAME = "SeBackupPrivilege";
      public const string SE_CHANGE_NOTIFY_NAME = "SeChangeNotifyPrivilege";
      public const string SE_CREATE_GLOBAL_NAME = "SeCreateGlobalPrivilege";
      public const string SE_CREATE_PAGEFILE_NAME = "SeCreatePagefilePrivilege";
      public const string SE_CREATE_PERMANENT_NAME = "SeCreatePermanentPrivilege";
      public const string SE_CREATE_SYMBOLIC_LINK_NAME = "SeCreateSymbolicLinkPrivilege";
      public const string SE_CREATE_TOKEN_NAME = "SeCreateTokenPrivilege";
      public const string SE_DEBUG_NAME = "SeDebugPrivilege";
      public const string SE_ENABLE_DELEGATION_NAME = "SeEnableDelegationPrivilege";
      public const string SE_IMPERSONATE_NAME = "SeImpersonatePrivilege";
      public const string SE_INC_BASE_PRIORITY_NAME = "SeIncreaseBasePriorityPrivilege";
      public const string SE_INCREASE_QUOTA_NAME = "SeIncreaseQuotaPrivilege";
      public const string SE_INC_WORKING_SET_NAME = "SeIncreaseWorkingSetPrivilege";
      public const string SE_LOAD_DRIVER_NAME = "SeLoadDriverPrivilege";
      public const string SE_LOCK_MEMORY_NAME = "SeLockMemoryPrivilege";
      public const string SE_MACHINE_ACCOUNT_NAME = "SeMachineAccountPrivilege";
      public const string SE_MANAGE_VOLUME_NAME = "SeManageVolumePrivilege";
      public const string SE_PROF_SINGLE_PROCESS_NAME = "SeProfileSingleProcessPrivilege";
      public const string SE_RELABEL_NAME = "SeRelabelPrivilege";
      public const string SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege";
      public const string SE_RESTORE_NAME = "SeRestorePrivilege";
      public const string SE_SECURITY_NAME = "SeSecurityPrivilege";
      public const string SE_SHUTDOWN_NAME = "SeShutdownPrivilege";
      public const string SE_SYNC_AGENT_NAME = "SeSyncAgentPrivilege";
      public const string SE_SYSTEM_ENVIRONMENT_NAME = "SeSystemEnvironmentPrivilege";
      public const string SE_SYSTEM_PROFILE_NAME = "SeSystemProfilePrivilege";
      public const string SE_SYSTEMTIME_NAME = "SeSystemtimePrivilege";
      public const string SE_TAKE_OWNERSHIP_NAME = "SeTakeOwnershipPrivilege";
      public const string SE_TCB_NAME = "SeTcbPrivilege";
      public const string SE_TIME_ZONE_NAME = "SeTimeZonePrivilege";
      public const string SE_TRUSTED_CREDMAN_ACCESS_NAME = "SeTrustedCredManAccessPrivilege";
      public const string SE_UNDOCK_NAME = "SeUndockPrivilege";
      public const string SE_UNSOLICITED_INPUT_NAME = "SeUnsolicitedInputPrivilege";
    
      public static bool AddPrivilege(string privilege)
      {
       try
       {
        bool retVal;
        TokPriv1Luid tp;
        IntPtr hproc = GetCurrentProcess();
        IntPtr htok = IntPtr.Zero;
        retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
        tp.Count = 1;
        tp.Luid = 0;
        tp.Attr = SE_PRIVILEGE_ENABLED;
        retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
        retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
        return retVal;
       }
       catch (Exception ex)
       {
        throw ex;
       }
    
      }
      public static bool RemovePrivilege(string privilege)
      {
       try
       {
        bool retVal;
        TokPriv1Luid tp;
        IntPtr hproc = GetCurrentProcess();
        IntPtr htok = IntPtr.Zero;
        retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
        tp.Count = 1;
        tp.Luid = 0;
        tp.Attr = SE_PRIVILEGE_DISABLED;
        retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
        retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
        return retVal;
       }
       catch (Exception ex)
       {
        throw ex;
       }
    
      }
    }
    }
    "@
    
    # Take ownership
    add-type $code
    [void][CosmosKey.Utils.TokenManipulator]::AddPrivilege([CosmosKey.Utils.TokenManipulator]::SE_RESTORE_NAME)
    $file = "c:\Windows\Web\Screen\img100.jpg"
    $user = $env:username
    $Account = New-Object System.Security.Principal.NTAccount($user)
    $FileSecurity = new-object System.Security.AccessControl.FileSecurity
    $FileSecurity.SetOwner($Account)
    [System.IO.File]::SetAccessControl($file, $FileSecurity)
    [void][CosmosKey.Utils.TokenManipulator]::RemovePrivilege([CosmosKey.Utils.TokenManipulator]::SE_RESTORE_NAME)
    
    # copy file permissions
    
    $Acl = Get-Acl "C:\Users\Test"
    Set-Acl "C:\Windows\Web\Screen\img100.jpg" $Acl
    Unblock-File -Path "C:\Windows\Web\Screen\img100.jpg"
    # Replace image file
    
    Get-Item -Path C:\screen\img100.jpg
    Copy-Item  -Path C:\screen\img100.jpg -Destination C:\Windows\Web\Screen -Recurse -force
    
    # Set registry key
    $path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization" 
    $img =  "C:\Windows\System32\screen.jpg"
    
    Set-ItemProperty -Path $path -Name LockScreenImage -value $img
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Installation & Upgrade Customize Windows 10 Image in Audit Mode with Sysprep
First a quote from Microsoft TechNet: Understanding Audit Mode: The Audit Mode, although originally intended to be used in corporate environment in preparing Windows images for deployment (a fancy geek word ;), installing same image on multiple...
Tutorials
Missing Lockscreen setting icons and unfunctional spotlight lockscreen
I'm on Windows 10 pro, version 1607, and I have two problems, both of which I believe may be connected. My lock screen spotlight image does not change every now and then; the lock screen spotlight functionality that changes the lock screen picture...
Customization
Failure in Sysprep building install image
I am the manager of a group refurbishing computers for children and needy adults. We were doing Windows 7 until it was stopped. I am trying to build an image in Windows 10 which maintains the look and feel of the Win 7 machine. I have not made any...
Installation and Upgrade
Can't see users list on Win 10 Lockscreen
Hi, I have a new acer desktop with win 10 home version 10.0.14393. The problem is after I lock my screen, I can't see the users so I can select the user I want and enter the password. Mouse and keyboard are working. It's a bit hard for me...
User Accounts and Family Safety
Trouble with Windows 10 system image - made with sysprep & audit mode
I followed this great tutorial an creating a custom Windows 10 image: Windows 10 Image - Customize in Audit Mode with Sysprep - Windows 10 Forums Everything worked great and I put the image on several computers and all seemed to be working great...
Installation and Upgrade
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:44.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums