|I got a request from client to deploy their organization wallpaper and lock screen image across all the domain joined workstations. Domain joined workstations also include the laptops which are not in office but connect via VPN. I have created one GPO which covers both the scenarios. Its a tested policy which is working fine on the target systems / users. Let me share the policy details which can save some time for you if you get a similar request.|
For Domain joined PC’s which are not in the office and connect occasionally via VPN –> I have used wallpaper.bat file which is copied on users desktop and i have also set RUN reg key which will run this file every time the PC will restart. I will show you how to set this up with screenshots, but first lets create a bat file wallpaper.bat and save it in sysvol folder.
copyfrom = Wallpaper source location. Keep your wallpaper in this location.
Update the name of the wallpaper in below bat file.
@ECHO OFF set wallpaper=C:\wallpaper set copyfrom=\\<domainname>\NETLOGON\PAMDesktop.jpg IF EXIST "%wallpaper%\PAMDesktop.jpg" ( EXIT ) ELSE ( MKDIR %wallpaper% xcopy "%copyfrom%" "%wallpaper%" /k/y )
Create a Group Policy Object (GPO)
Name: DesktopWall and ScreenLock
Right click on the Policy and click Edit
Configure below settings in this GPO
For Copying the wallpaper on each PC in C:\wallpaper Location:
Computer Configuration -> Policies -> Windows Settings -> Scripts -> Add a Startup script
For Lock Screen Image:
We can target lock screen to C:\wallpaper\PAMdesktop.jpg, As the startup script is going to copy the wallpaper from source location to this folder (bat file will create wallpaper folder if it does not exist). Local path is preferable as this has no dependency on the server and will work even if there is no connection to the server which will benefit the PCs which are domain joined and connect via VPN.
Computer Configuration -> Administrative Templates -> Control Panel -> Personalization
Force a specific default lock screen image: C:\wallpaper\PAMDesktop.jpg
For Desktop Wallpaper:
We will target the desktop wallpaper to the same location as lock screen image as we want to keep both the same. If you want to have a different desktop wallpaper than lock screen then you can modify the bat file to copy the desktop wallpaper to C:\wallpaper location and provide the path and name of that wallpaper in the below policy setting.
User Configuration -> Policies -> Desktop -> Desktop -> Desktop Wallpaper -> Enable
Desktop Wallpaper: C:\wallpaper\PAMDesktop.jpg
Wallpaper Style: Select according to your requirement.
Copy wallpaper.bat file on users desktop
This is mostly for people who are working from domain joined windows 10 PC’s from home. The startup script might not work for the offline clients, therefore this step will copy wallpaper.bat file on users desktop.
Wallpaper.bat file can be manually invoked by users, they can simply double click on the file and run it. This will create a folder called wallpaper in their C:\ drive and copy the wallpaper from source location (copyfrom location as per bat file) to this folder.
To automate this step, an entry is created in registry as shown in the next section of this article. But i will still copy this file on users desktop just in case.
User configuration -> Preferences -> Windows Settings -> Files
Source file: Provide UNC path where the wallpaper.bat file is existing. Please make sure all users have full permissions on this folder. I will suggest to create a shared folder on a server and provide everyone with full control (Share permission and NTFS Permission) and copy the wallpaper.bat file in this location. Provide the UNC path in the source file(s) textbox.
Destination file: Copy it on users desktop so that users can double click and run this bat file if startup script is having any issues for users who are not on the network. To avoid this manual step, I will create a reg entry in the next step so that users do not have to run this script manually and it will be automatically run on every reboot. I will show you that step in the next section.
Create an Entry in RUN reg key to run the bat file automatically:
This step will create an entry in reg key location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run for running wallpaper.bat file on every logon. (Run registry keys cause programs to run each time that a user logs on). Therefore, users do not need to manually invoke the wallpaper.bat file (however it can still be run manually in work case scenarios) and it will make sure wallpaper image file exist in c:\wallpaper location.
Computer Configuration -> Preferences -> Registry -> Create a registry Item
Loopback Processing Mode:
Make sure loopback procesing mode is set to Merge in the same policy:
Computer Configuration -> Administrative Templates -> System -> Group Policy -> Configure user Group Policy loopback processing mode -> set it to Enabled and set it to Merge.
Group Policy Scope and Linking
Final step is to update the Security Filtering and attach or link it to OU. This is important step and will determine which users and which computers will get this policy. I am going to apply this policy to all the users.
Security Filtering: Add Authenticated Users and Domain Computers
Link this GPO: Link this GPO to Users OU and Computers OU
Group Policy Troubleshooting
Some bullet points for troubleshooting the Group Policy Issues:
- Make sure the Domain Controllers are replicated after creating the group policy or after making any changes in the group policy. To Force the Active Directory Replication, Open command prompt as administrator and run
repadmin /syncall /APed.
gupdate /forcecommand on the workstation to force any policy changes.
gpresult /r /v | morecommand to find out if the policy DesktopWall and ScreenLock has been applied on the workstation. This will only show user configuration policy settings. For checking the computer configuration policy, open command prompt as administrator and run the command
gpresult /r /v /scope computer | more
Gpresult User configuration Policy
Gpresult Computer configuration Policy