Configure Desktop and Lock Screen Wallpaper using a GPO

Photo of author
Jatin Makhija
2

Background

I received a request from a client to deploy their organization’s wallpaper and lock screen image across all domain-joined workstations, including laptops that connect via VPN.

I have created a GPO that covers both scenarios. It’s a tested policy that is working effectively on the target systems/users. Let me share the policy details, which can save you some time if you receive a similar request.

For domain-joined PCs that are not in the office and connect occasionally via VPN, I have used a wallpaper.bat file, which is copied to the user’s desktop. I have also set a RUN registry key that will execute this file every time the PC restarts. I will guide you on how to set this up with screenshots, but first, let’s create a bat file named wallpaper.bat and save it in the sysvol folder.

1. Prepare Wallpaper.bat file

The first step is to prepare the wallpaper.bat file. Copy the code below and paste it into a file named wallpaper.bat. Make the necessary changes in the file.

  • copyfrom = Update this variable to point it to a location where your Wallpaper file is stored. It’s convenient to store a wallpaper in the NETLOGON folder which is generally accessible from all Active directory domain-joined PCs.
  • Update the Name of the wallpaper file wherever necessary in this bat file.

Wallpaper.bat

@ECHO OFF
set wallpaper=C:\wallpaper
set copyfrom=\\<domainname>\NETLOGON\PAMDesktop.jpg
IF EXIST "%wallpaper%\PAMDesktop.jpg" (
EXIT
)
ELSE (
MKDIR %wallpaper%
xcopy "%copyfrom%" "%wallpaper%" /k/y
)

2. Create a Group Policy Object (GPO)

The next step is to create a Group Policy Object in Active Directory using the following steps:

  • Login on a Domain Controller and Open Group Policy Management Console
  • Navigate to the Group Policy Objects folder and right-click on it, Select New.
  • Provide a Name. For Example DesktopWall and ScreenLock and click on OK.
  • Once the GPO is created, Right-click on it and select Edit.
Create Desktop Wallpaper and Screen lock GPO

3. Copy the Wallpaper on User’s Devices

To copy our wallpaper to each PC at C:\wallpaper location, we will use the wallpaper.bat file created earlier and deploy it using this GPO by configuring a Startup script. Follow the steps below to add a Startup script.

  • Go to Computer Configuration -> Policies -> Windows Settings -> Scripts
  • Double-click on Startup and then Click on the Add button.
  • Browse to Wallpaper.bat file.
Windows Wallpaper GPO batch file

4. Configure Desktop and Lock Screen Wallpaper in GPO

In this step, we will configure Desktop and Lock screen wallpaper in the same GPO we created before: DesktopWall and ScreenLock.

Configure Lock Screen Wallpaper

We can target the lock screen to C:\wallpaper\PAMdesktop.jpg, as the startup script is going to copy the wallpaper from the source location to this folder.

The local path is preferable as it has no dependency on the server and will work even if there is no connection to the server, benefiting the PCs that are domain-joined and connect via VPN.

To configure Lock Screen Wallpaper, follow below steps:

  • Go to Computer Configuration > Administrative Templates > Control Panel > Personalization
  • On the right-hand side, Find “Force a specific default lock screen image” setting and set it to Enabled.
  • In the Path to the lock screen image, Provide C:\wallpaper\PAMDesktop.jpg path.
Windows Lock Screen Image GPO

Configure Desktop Wallpaper

We will target the desktop wallpaper to the same location as the lock screen image, as we want to keep both the same. If you want to have a different desktop wallpaper than the lock screen, you can modify the bat file to copy the desktop wallpaper to the C:\wallpaper location and provide the path and name of that wallpaper in the below policy setting.

To configure Desktop Wallpaper, follow the below steps:

  • Go to User Configuration > Policies > Desktop > Desktop
  • On the right-hand side, Find the “Desktop Wallpaper” setting and set it to Enabled.
  • Wallpaper Name: C:\wallpaper\PAMDesktop.jpg path.
  • Wallpaper Style: Fill
Set Desktop Wallpaper

That’s it, Our Desktop and Lock Screen wallpaper is configured in the GPO. Now, let’s link the GPO to an OU so that it can be deployed on devices.

5. Group Policy Scope and Linking

  • Security Filtering: Add Authenticated Users and Domain Computers under Security Filtering of this GPO.
  • Link this GPO to an OU container’s Users and Computers.
Group Policy Scope and Linking

That’s it! Desktop and Lock screen wallpaper have been configured for users. There is no further action required. However, if you have a remote user scenario and you want to ensure that those users also get a new Desktop and Lock screen as per the deployment, you can follow the guidance in the next steps:

Deploy Desktop and Lock Screen Wallpaper (In a VPN Scenario)

Copy the wallpaper.bat file on Uses Devices

The following steps are necessary to ensure that remote users who are not connected to the office network most of the time also get the new Desktop and Lock screen wallpaper.

This includes users working from domain-joined Windows 10/11 PCs at home. The startup script might not work for offline clients; therefore, this step will copy the wallpaper.bat file to users desktops.

We used the wallpaper.bat file as a startup script to copy necessary wallpaper files to users devices. However, when users do not often connect to the office network or face network issues, the startup script may not execute.

Either you can provide Wallpaper.bat file to the user so that they can double-click on it and manually Execute it to fetch the wallpapers or you can also create a GPO that will copy Wallpaper. bat file from a shared location accessible from the device.

Manually invoking the wallpaper.bat file will create a folder called “wallpaper” in their C:\ drive and copy the wallpaper from copyfrom location configured in the script.

Let’s check the steps to Copy Wallpaper.bat file using a GPO.

Go to User configuration -> Preferences -> Windows Settings -> Files

Source file: Provide the UNC path where the wallpaper.bat file is located. Please ensure that all users have full permissions on this folder. I suggest creating a shared folder on a server, granting everyone full control (both share permission and NTFS permission), and copying the wallpaper.bat file to this location. Provide the UNC path in the source file(s) textbox.

Destination file: Provide a destination path to download the script file from the Source location.

Copy wallpaper.bat file on users desktop
Copy wallpaper.bat file on users desktop
Copy wallpaper.bat file on users desktop

Now comes the execution part where you can instruct the users to execute the wallpaper.bat file manually. However, to avoid this step, you can create a RUN registry entry and provide the path to this batch file. On every reboot, Windows will execute the wallpaper.bat file from the location provided in the Run registry key.

Configure Execution of Wallpaper.bat file

Create an Entry in the RUN reg key to run the bat file automatically:

The Run registry key location is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Let’s configure it via a GPO.

  • Go to Computer Configuration -> Preferences -> Registry -> Create a registry Item
Copy wallpaper.bat file on users desktop
  • Action: Update
  • Hive: HKEY_LOCAL_MACHINE
  • Key Path: /SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Value Name: Wallpaper
  • Value type: REG_SZ
  • Value data: C:\users\%username%\desktop\wallpaper.bat
Copy wallpaper.bat file on users desktop
Copy wallpaper.bat file on users desktop

Loopback Processing Mode:

Make sure Loopback processing mode is set to Merge in the same policy:

  • Go to Computer Configuration -> Administrative Templates -> System -> Group Policy
  • Configure user Group Policy loopback processing mode -> Enabled and set it to Merge.

Group Policy Troubleshooting

If there are any issues with the GPO, you can follow the steps below to troubleshoot.

  • Make sure the Domain Controllers are replicated after creating the group policy or after making any changes in the group policy. To force Active Directory replication, open the command prompt as an administrator and run repadmin /syncall /APed.
  • Run gupdate /force command on the workstation to force Sync any policy changes.
  • Run the command gpresult /r /v | more to find out if the policy DesktopWall and ScreenLock have been applied on the workstation. This will only show user configuration policy settings.
  • To check the computer configuration policy, open the command prompt as an administrator and run the command gpresult /r /v /scope computer | more.

Gpresult User Configuration Policy

Group Policy Troubleshooting

Gpresult Computer Configuration Policy

Group Policy Troubleshooting

2 thoughts on “Configure Desktop and Lock Screen Wallpaper using a GPO”

  2. Thank you, Worked perfectly on my test lab. even though I did not place the file on the client’s desktop to run on their end. but, if I am not connected to my network and have 2 different lockscreen and wallpaper images it won’t work for the wallpaper.

    Reply

Leave a Comment

Detailed Step-by-Step guides for Setup/Troubleshooting/Configuration solutions on Intune, Microsoft 365, Powershell, Windows, Azure, and other Cloud technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Let's Connect!

Discover more from TechPress

Subscribe now to keep reading and get access to the full archive.

Continue reading