Forum Discussion

JasonWilliams1974's avatar
JasonWilliams1974
Copper Contributor
Sep 06, 2021

Powershell - Lock screen & Desktop background issue

I am currently starting to configure for a smaller organisation, using Intune for MDM, I've managed to successfully change my Azure AD login to be a standard user (I don't want every user having full administration rights) - that works well and I've assigned an Azure AD group to have admin privileges.

 

So my next step is to set a corporate lock screen and desktop background image, using this script.  But I now have an issue, either way I want to handle the script in Intune.

 

Running script as:

  • Run this script using the logged on credentials: No

The script runs, but the user doesn't download the image files (having tested with administrative privileges in Powershell - the user doesn't have an internet connection, as the laptop is on wifi).  So the lock screen and desktop background don't get set.

 

  • Run this script using the logged on credentials: Yes

The script runs, downloads the files successfully but then can't set the registry keys (as my standard user doesn't have permission to alter registry keys).  So the lock screen and desktop background don't get set.

 

Do Powershell scripts run in order - and sequentially?  That way I could set two scripts, one to download and one to set the registry keys.

 

Or is there any other way of achieving this?  Please bear in mind I'm using Windows 10 Pro - so the usual Intune background settings don't work with.

 

Many thanks.

  • Some time ago I received the same question... This script worked perfectly for him (running as 64 bits and as system (Run this script using the logged on credentials --> no)


    $RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
    $DesktopPath = "DesktopImagePath"
    $DesktopStatus = "DesktopImageStatus"
    $DesktopUrl = "DesktopImageUrl"
    $StatusValue = "1"
    $url = "https://call4cloud.nl/wp-content/uploads/2020/03/cropped-nieuw.jpg"
    $DesktopImageValue = "C:\MDM\wallpaper.jpg"
    $directory = "C:\MDM\"
    If ((Test-Path -Path $directory) -eq $false)
    {
    New-Item -Path $directory -ItemType directory
    }

    $wc = New-Object System.Net.WebClient
    $wc.DownloadFile($url, $DesktopImageValue)
    if (!(Test-Path $RegKeyPath))
    {
    Write-Host "Creating registry path $($RegKeyPath)."
    New-Item -Path $RegKeyPath -Force | Out-Null
    }
    New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $Statusvalue -PropertyType DWORD -Force | Out-Null
    New-ItemProperty -Path $RegKeyPath -Name $DesktopPath -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
    New-ItemProperty -Path $RegKeyPath -Name $DesktopUrl -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
  • Some time ago I received the same question... This script worked perfectly for him (running as 64 bits and as system (Run this script using the logged on credentials --> no)


    $RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
    $DesktopPath = "DesktopImagePath"
    $DesktopStatus = "DesktopImageStatus"
    $DesktopUrl = "DesktopImageUrl"
    $StatusValue = "1"
    $url = "https://call4cloud.nl/wp-content/uploads/2020/03/cropped-nieuw.jpg"
    $DesktopImageValue = "C:\MDM\wallpaper.jpg"
    $directory = "C:\MDM\"
    If ((Test-Path -Path $directory) -eq $false)
    {
    New-Item -Path $directory -ItemType directory
    }

    $wc = New-Object System.Net.WebClient
    $wc.DownloadFile($url, $DesktopImageValue)
    if (!(Test-Path $RegKeyPath))
    {
    Write-Host "Creating registry path $($RegKeyPath)."
    New-Item -Path $RegKeyPath -Force | Out-Null
    }
    New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $Statusvalue -PropertyType DWORD -Force | Out-Null
    New-ItemProperty -Path $RegKeyPath -Name $DesktopPath -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
    New-ItemProperty -Path $RegKeyPath -Name $DesktopUrl -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
    • JasonWilliams1974's avatar
      JasonWilliams1974
      Copper Contributor
      Thanks Rudy_Ooms_MVP, I've tested this both using Powershell (executes fine, when running as an Administrator) but when added in the context as you've described - it doesn't execute (I can see no registry key is created). I've tried changing the script around using old snippets but nothing appears to work (unless triggered manually).
      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Not 100% sure... but the first thing that comes to mind is defining the WallPaperStyle in the
        HKEY_CURRENT_USER\Control Panel\Desktop registry key

Resources