SOLVED

Assign configuration profile to User or Device group

%3CLINGO-SUB%20id%3D%22lingo-sub-1677190%22%20slang%3D%22en-US%22%3EAssign%20configuration%20profile%20to%20User%20or%20Device%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1677190%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20want%20to%20set%20backgrounds%20for%20AzureAD%20joined%20devices.%20Should%20they%20be%20assigned%20to%20User%20groups%20or%20Device%20groups.%26nbsp%3B%20%26nbsp%3BWe%20want%20to%20activate%20this%20setting%20before%20users%20log%20in%2C%20also%20for%20first%20time%20logon%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1677190%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1680722%22%20slang%3D%22en-US%22%3ERe%3A%20Assign%20configuration%20profile%20to%20User%20or%20Device%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1680722%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F478562%22%20target%3D%22_blank%22%3E%40Hans_from_Copaco%3C%2FA%3E%26nbsp%3Bif%20you%20are%20using%20Windows%20Enterprise%20or%20Education%2C%20you%20can%20use%20the%20appropriate%20Device%20Restriction%20policy%20within%20Intune.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20have%20Windows%2010%20Pro%2C%20you%20have%20to%20use%20a%20Powershell%20script%20and%20assign%20it%20to%20the%20appropriate%20group.%26nbsp%3B%3CBR%20%2F%3EThere%20are%20plenty%20of%20blogs%20about%20this%20topic%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.thelazyadministrator.com%2F2019%2F08%2F08%2Fset-corporate-lock-screen-wallpaper-with-intune-for-non-windows-10-enterprise-or-windows-10-education-machines%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.thelazyadministrator.com%2F2019%2F08%2F08%2Fset-corporate-lock-screen-wallpaper-with-intune-for-non-windows-10-enterprise-or-windows-10-education-machines%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIf%20you%20want%20your%20users%20to%20be%20able%20to%20change%20the%20background%20afterwards%2C%20in%20case%20of%20the%20desktop%20wallpaper%20you%20can%20play%20around%20with%20the%20following%20reg%20key%3A%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-bash%22%3E%3CCODE%3EHKEY_CURRENT_USER%5CControl%20Panel%5CDesktop%5CWallpaper%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20your%20Powershell%20script%20will%20download%20the%20wallpaper%20to%20a%20specified%20local%20path%2C%20afterwards%20you%20set%20this%20path%20as%20image%20destination.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

We want to set backgrounds for AzureAD joined devices. Should they be assigned to User groups or Device groups.   We want to activate this setting before users log in, also for first time logon

3 Replies
best response confirmed by Hans_from_Copaco (Occasional Contributor)
Solution

@Hans_from_Copaco if you are using Windows Enterprise or Education, you can use the appropriate Device Restriction policy within Intune. 

If you have Windows 10 Pro, you have to use a Powershell script and assign it to the appropriate group. 
There are plenty of blogs about this topic
https://www.thelazyadministrator.com/2019/08/08/set-corporate-lock-screen-wallpaper-with-intune-for-...


If you want your users to be able to change the background afterwards, in case of the desktop wallpaper you can play around with the following reg key: 

HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper

 

So your Powershell script will download the wallpaper to a specified local path, afterwards you set this path as image destination. 

Thanks for your reply.
Thanks Burningice for the reply. And also to Hans for the initial question!

I followed the script alternative described by https://msendpointmgr.com/2021/02/02/manage-desktop-wallpaper-with-microsoft-intune
And Iwould like some assistance in regards to my client’s failure to take ownership message prompted. I have pushed this script, but I am getting log errors.

I think it is important to notice this Win10 Pro (19042.1052) client’s are all Azure Active Directory Joined and managed through the Microsoft Endpoint Manager and with Windows Defender turned on.

There are no local accounts in the devices. I noticed that I needed to change the Administrator and User security groups to match the local language (Spanish).

I do not know if there are other language groups to be changed in the script, or If I am missing out other reasons that could be preventing the for the taking ownership command to execute correctly.

Thanks!