Setting Wallpaper, Lock Screen, Registered Owner with Intune

By | July 7, 2022
0 Comment

The solution below will apply customizations to the clients that are mandatory, which means in particular that the user will not be able to change the wallpaper on his machine. See the links below if you just want a pre-configuration that allows the user to change settings. You must provide a 1920×1200 image which will be used as wallpaper, lockscreen or both (default). The registered owner entry is shown when you run winver.exe. The script should be deployed as win32 application.

Please note that you can also configure these settings by a Configuration Profile using device restrictions. This may seem easier, but Microsoft warns that some settings are only available on specific Windows editions, such as Enterprise and that you must provide an internet link to your image.

You may have come across scripts which are based on a replacement of the default background image located in c:\windows\Web\wallpaper\Windows\img0.jpg. This doesn’t work very well and isn’t necessary any more since 1703, but I replace it anyhow to be on the safe side.

Note that you have to run the PowerShell script by using the sysnative parameter, otherwise you won’t find your values in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP but HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\PersonalizationCSP since Intune runs scripts in 32 bit context. The solution is to start the script by a cmd as C:\windows\sysnative\cmd.exe /c “install.cmd” where install.cmd just contains the command

powershell -executionpolicy bypass %~dp0install.ps1

and install.ps1 runs the script below.

#-------------------------------------------------------------------------------- 
# Name: HappyAdmin Customization
# install.ps1, June 2022
# Thanks to: https://www.thelazyadministrator.com
# ------------------------------------------------------------------------------------

'Starting script HappyAdmin Customization' | Out-File 'c:\windows\logs\HappyAdminCustomizations.log'
$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"

$LockScreenPath = "LockScreenImagePath"
$LockScreenStatus = "LockScreenImageStatus"
$LockScreenUrl = "LockScreenImageUrl"
$DesktopPath = "DesktopImagePath"
$DesktopStatus = "DesktopImageStatus"
$DesktopUrl = "DesktopImageUrl"

$StatusValue = "1"

if(!(Test-Path -Path C:\Windows\Customization))
{
   New-Item -Path C:\Windows\Customization -ItemType Directory
}
Copy-Item -Path $PSScriptRoot\img0_1920x1200.jpg -Destination 'C:\Windows\Customization'

$ImageValue = "C:\Windows\Customization\img0_1920x1200.jpg"

if(!(Test-Path -Path $ImageValue))
{
   ('ERROR: Path not found: ' + $ImageValue) | Out-File 'c:\windows\logs\HappyAdminCustomizations.log'
}
else
{
   ('Path exists: ' + $ImageValue) | Out-File 'c:\windows\logs\HappyAdminCustomizations.log'
}
if (!(Test-Path $RegKeyPath))
{
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
}
New-ItemProperty -Path $RegKeyPath -Name $LockScreenStatus -Value $StatusValue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenPath -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $LockScreenUrl -Value $LockScreenImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $Statusvalue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopPath -Value $ImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopUrl -Value $ImageValue -PropertyType STRING -Force | Out-Null
'Replacing default background image' | Out-File 'c:\windows\logs\HappyAdminCustomizations.log'
takeown /f c:\windows\Web\wallpaper\Windows\img0.jpg >> c:\windows\logs\HappyAdminCustomizations.log
Start-Process -FilePath 'c:\windows\system32\icacls.exe' -Wait -ArgumentList 'c:\windows\WEB\wallpaper\Windows\img0.jpg /Grant System:(F)'
Copy-Item -Path C:\Windows\Web\Wallpaper\Windows\img0.jpg -Destination 'C:\Windows\Web\Wallpaper\Windows\img0org.jpg' 
Remove-Item c:\windows\Web\wallpaper\Windows\img0.jpg
Copy-Item -Path ($PSScriptRoot + '\img0_1920x1200.jpg') -Destination 'C:\Windows\Web\Wallpaper\Windows\img0.jpg'

Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'RegisteredOrganization' -Value 'HappyAdmin Inc.' -Force

'Finished script HappyAdmin Customization' | Out-File 'c:\windows\logs\HappyAdminCustomizations.log'

The Application settings and content of the intunewin file

The Application settings
The content of the intunewin

Links:

Manage Desktop Wallpaper with Microsoft Intune

Manage Desktop Wallpaper with Microsoft Intune – MSEndpointMgr

Windows 10/11 device settings to allow or restrict features using Intune

https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10

Leave a Reply

Your email address will not be published. Required fields are marked *