SOLVED

Powershell - Lock screen & Desktop background issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2724139%22%20slang%3D%22en-US%22%3EPowershell%20-%20Lock%20screen%20%26amp%3B%20Desktop%20background%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2724139%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20currently%20starting%20to%20configure%20for%20a%20smaller%20organisation%2C%20using%20Intune%20for%20MDM%2C%20I've%20managed%20to%20successfully%20change%20my%20Azure%20AD%20login%20to%20be%20a%20standard%20user%20(I%20don't%20want%20every%20user%20having%20full%20administration%20rights)%20-%20that%20works%20well%20and%20I've%20assigned%20an%20Azure%20AD%20group%20to%20have%20admin%20privileges.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20my%20next%20step%20is%20to%20set%20a%20corporate%20lock%20screen%20and%20desktop%20background%20image%2C%20using%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fgeirdybbugt%2FArchive-Dybbugt.no%2Fblob%2Fmaster%2FWin10%2FWin10-SetWallpaperAndLockscreenFromUri.ps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%3C%2FA%3E%20script.%26nbsp%3B%20But%20I%20now%20have%20an%20issue%2C%20either%20way%20I%20want%20to%20handle%20the%20script%20in%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERunning%20script%20as%3A%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3ERun%20this%20script%20using%20the%20logged%20on%20credentials%3A%20No%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EThe%20script%20runs%2C%20but%20the%20user%20doesn't%20download%20the%20image%20files%20(having%20tested%20with%20administrative%20privileges%20in%20Powershell%20-%20the%20user%20doesn't%20have%20an%20internet%20connection%2C%20as%20the%20laptop%20is%20on%20wifi).%26nbsp%3B%20So%20the%20lock%20screen%20and%20desktop%20background%20don't%20get%20set.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3ERun%20this%20script%20using%20the%20logged%20on%20credentials%3A%20Yes%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%3EThe%20script%20runs%2C%20downloads%20the%20files%20successfully%20but%20then%20can't%20set%20the%20registry%20keys%20(as%20my%20standard%20user%20doesn't%20have%20permission%20to%20alter%20registry%20keys).%26nbsp%3B%20So%20the%20lock%20screen%20and%20desktop%20background%20don't%20get%20set.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EDo%20Powershell%20scripts%20run%20in%20order%20-%20and%20sequentially%3F%26nbsp%3B%20That%20way%20I%20could%20set%20two%20scripts%2C%20one%20to%20download%20and%20one%20to%20set%20the%20registry%20keys.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EOr%20is%20there%20any%20other%20way%20of%20achieving%20this%3F%26nbsp%3B%20Please%20bear%20in%20mind%20I'm%20using%20Windows%2010%20Pro%20-%20so%20the%20usual%20Intune%20background%20settings%20don't%20work%20with.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMany%20thanks.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2724139%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ebackground%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Edesktop%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Elock%20screen%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2725526%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%20-%20Lock%20screen%20%26amp%3B%20Desktop%20background%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2725526%22%20slang%3D%22en-US%22%3ESome%20time%20ago%20I%20received%20the%20same%20question...%20This%20script%20worked%20perfectly%20for%20him%20(running%20as%2064%20bits%20and%20as%20system%20(Run%20this%20script%20using%20the%20logged%20on%20credentials%20--%26gt%3B%20no)%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%24RegKeyPath%20%3D%20%22HKLM%3A%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CPersonalizationCSP%22%3CBR%20%2F%3E%24DesktopPath%20%3D%20%22DesktopImagePath%22%3CBR%20%2F%3E%24DesktopStatus%20%3D%20%22DesktopImageStatus%22%3CBR%20%2F%3E%24DesktopUrl%20%3D%20%22DesktopImageUrl%22%3CBR%20%2F%3E%24StatusValue%20%3D%20%221%22%3CBR%20%2F%3E%24url%20%3D%20%22%3CA%20href%3D%22https%3A%2F%2Fcall4cloud.nl%2Fwp-content%2Fuploads%2F2020%2F03%2Fcropped-nieuw.jpg%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcall4cloud.nl%2Fwp-content%2Fuploads%2F2020%2F03%2Fcropped-nieuw.jpg%3C%2FA%3E%22%3CBR%20%2F%3E%24DesktopImageValue%20%3D%20%22C%3A%5CMDM%5Cwallpaper.jpg%22%3CBR%20%2F%3E%24directory%20%3D%20%22C%3A%5CMDM%5C%22%3CBR%20%2F%3EIf%20((Test-Path%20-Path%20%24directory)%20-eq%20%24false)%3CBR%20%2F%3E%7B%3CBR%20%2F%3ENew-Item%20-Path%20%24directory%20-ItemType%20directory%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%3CBR%20%2F%3E%24wc%20%3D%20New-Object%20System.Net.WebClient%3CBR%20%2F%3E%24wc.DownloadFile(%24url%2C%20%24DesktopImageValue)%3CBR%20%2F%3Eif%20(!(Test-Path%20%24RegKeyPath))%3CBR%20%2F%3E%7B%3CBR%20%2F%3EWrite-Host%20%22Creating%20registry%20path%20%24(%24RegKeyPath).%22%3CBR%20%2F%3ENew-Item%20-Path%20%24RegKeyPath%20-Force%20%7C%20Out-Null%3CBR%20%2F%3E%7D%3CBR%20%2F%3ENew-ItemProperty%20-Path%20%24RegKeyPath%20-Name%20%24DesktopStatus%20-Value%20%24Statusvalue%20-PropertyType%20DWORD%20-Force%20%7C%20Out-Null%3CBR%20%2F%3ENew-ItemProperty%20-Path%20%24RegKeyPath%20-Name%20%24DesktopPath%20-Value%20%24DesktopImageValue%20-PropertyType%20STRING%20-Force%20%7C%20Out-Null%3CBR%20%2F%3ENew-ItemProperty%20-Path%20%24RegKeyPath%20-Name%20%24DesktopUrl%20-Value%20%24DesktopImageValue%20-PropertyType%20STRING%20-Force%20%7C%20Out-Null%3C%2FLINGO-BODY%3E
Occasional Contributor

I am currently starting to configure for a smaller organisation, using Intune for MDM, I've managed to successfully change my Azure AD login to be a standard user (I don't want every user having full administration rights) - that works well and I've assigned an Azure AD group to have admin privileges.

 

So my next step is to set a corporate lock screen and desktop background image, using this script.  But I now have an issue, either way I want to handle the script in Intune.

 

Running script as:

  • Run this script using the logged on credentials: No

The script runs, but the user doesn't download the image files (having tested with administrative privileges in Powershell - the user doesn't have an internet connection, as the laptop is on wifi).  So the lock screen and desktop background don't get set.

 

  • Run this script using the logged on credentials: Yes

The script runs, downloads the files successfully but then can't set the registry keys (as my standard user doesn't have permission to alter registry keys).  So the lock screen and desktop background don't get set.

 

Do Powershell scripts run in order - and sequentially?  That way I could set two scripts, one to download and one to set the registry keys.

 

Or is there any other way of achieving this?  Please bear in mind I'm using Windows 10 Pro - so the usual Intune background settings don't work with.

 

Many thanks.

5 Replies
best response confirmed by JasonWilliams1974 (Occasional Contributor)
Solution
Some time ago I received the same question... This script worked perfectly for him (running as 64 bits and as system (Run this script using the logged on credentials --> no)


$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
$DesktopPath = "DesktopImagePath"
$DesktopStatus = "DesktopImageStatus"
$DesktopUrl = "DesktopImageUrl"
$StatusValue = "1"
$url = "https://call4cloud.nl/wp-content/uploads/2020/03/cropped-nieuw.jpg"
$DesktopImageValue = "C:\MDM\wallpaper.jpg"
$directory = "C:\MDM\"
If ((Test-Path -Path $directory) -eq $false)
{
New-Item -Path $directory -ItemType directory
}

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($url, $DesktopImageValue)
if (!(Test-Path $RegKeyPath))
{
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
}
New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $Statusvalue -PropertyType DWORD -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopPath -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopUrl -Value $DesktopImageValue -PropertyType STRING -Force | Out-Null
Thanks @Rudy_Ooms, I've tested this both using Powershell (executes fine, when running as an Administrator) but when added in the context as you've described - it doesn't execute (I can see no registry key is created). I've tried changing the script around using old snippets but nothing appears to work (unless triggered manually).
You also configured the powershell script to run64 bits?

I haven't had it set to 64 bit, as my testing involved 32 bit Powershell, I've changed the setting now - will let you know if that works - many thanks.

 

To be honest - you have stated 64 bit in your original post, I think I skipped over this part.

Works perfectly after changing to running as 64 bit - thank you!