How to apply custom lock screen image on Windows 10 Pro edition via GPO

Jaswinder Singh Narula Jul 7, 2020 0 Comments

How to apply custom lock screen image on Windows 10 Pro edition via GPO

Last week I faced an interesting challenge. A challenge that made everyone saying it can not be done. If you have researched yourself on this subject, you may know that Windows 10 Professional clients simply ignore group policy setting which is responsible for changing its lock screen. GPO setting for lock screen is only applicable for Windows 10 Enterprise and Windows 10 Education editions. This is by design. And many professionals will simply end the topic by saying "It is by design, can't be done at all." But it can be done if you think out of the box. So let's see how to apply custom lock screen image on Windows 10 Pro edition via GPO.

In this article, I will show you how it is done in a few simple steps and also the troubleshooting.

Prerequisites

Before we start we need to make sure we have all the below-mentioned prerequisites:

  1. Domain controller.
  2. Windows 10 Pro client.
  3. Image file.
  4. Script for the change lock screen. You can download the script from here.

Process

1) Create a shared folder and paste the image file and script it.

First, we will create a shared folder which is accessible within the domain and with read-only permissions for domain computers group. And paste the script file and our image in the shared folder. My shared folder location is "\\TESTDC\Domain_share".

2) Create a batch file

Once our shared folder is set up, we need a batch file to run. Open notepad and paste the below code.

powershell.exe -executionPolicy ByPass \\TESTDC\Domain_share\Set-Screen.ps1 -LockScreenSource "\\TESTDC\Domain_share\LockScreen.jpg"

save the file as run.bat in the same shared folder.

3) Create and link group policy

Now on your domain controller open up group policy management, and create new group policy object "Lockscreen".

Right-click on the newly created object and click edit to open group policy editor. Now go to Computer configuration > Windows Settings > Scripts, and double click on startup to open "Startup properties".

Click on add and browse run.bat that you created a few moments back. Leave script parameters blank and press ok and then ok again.

Now close group policy editor. It's time to link our GPO on the domain, for this just right-click and select "Link an Existing GPO".

Now select GPO that we just created.

It is done! Now if you restart the Windows 10 Pro client PC. You will find the Lock Screen is in effect.


Troubleshooting

If you find group policy failing on client with Event ID 1130

This means your computer account does not have permissions to access and run scripts from your shared location to resolve this just add "Domain Computers" group with read and execute permissions.

For more troubleshooting, you may use "LogPath". This will allow you to trace further issues with the execution of the script.

powershell.exe -executionPolicy ByPass \\TESTDC\Domain_share\Set-Screen.ps1 -LockScreenSource "\\TESTDC\Domain_share\lockscreen.jpg" -LogPath "\\TESTDC\Domain_share\Logs"

Don't forget to create a Logs folder.

At last, I want to thank the author of the script for his/her awesome code.

Script download link.

Tags :
Share :
About Author
Jaswinder Singh Narula

Jaswinder Singh Narula

Vmware SME by day and hard core coder by night. Bringing perfection is my passion.

Leave a Comment

Comments
Jack
Jack
3 years ago

the powershell script has gone fyi

Arles
Arles
4 years ago

Good article! Please share the download link of the script, the link in your post is broken. If do you have the script, please share it. Thank you!