ConfigMgr Console

Setting the Lock Screen

Author Photo Gary Blok
Published on: March 11, 2021
Topics: ConfigMgr Console

Receive notification right in your inbox whenever new content like this is released & sign up for our email list!

We’ll send you the latest updates, how-to’s, and solutions to empower you at every endpoint.

By signing up you agree to our Privacy Policy.

Set Windows 10 Lock Screen Image

This post is part of a Windows Customizations series.

The Default Lock Screen:
LockScreen 06

I actually like the Windows Default, with Bing Rotation and Spotlight enabled. I enjoy getting a new picture everyday. But that’s a personal thing, and perhaps on your enterprise devices you want to brand some machines in your classrooms, or other specialized machines, like a call center, whatever the reason maybe, there are ways to do it.

This can be done a couple of ways, first off, do you want to lock it down, or do you just want to set a default and allow your end users to change it. That’s going to be a theme for most of your changes.

Let’s take a look at some ways:

  • Intune Management
  • Group Policy
  • ConfigMgr OSD
  • ConfigMgr Application

Yes, there are several ways to do it, basically if you have a way to deploy files, run commands, and set registry values, you can do this.

How this all works: (Setting Default, but allowing User to Change)

  • Replace img100.jpg (Default Lockscreen Image)

Windows Location: c:windowswebScreen

LockScreen 01

Copy-Item .lockscreen.jpg C:windowswebScreenimg100.jpg -Force -Verbose
Copy-Item .lockscreen.jpg C:windowswebScreenimg105.jpg -Force -Verbose

However, if you tried that, you might have gotten access denied errors, even if running as system. You’ll need to take ownership of those files and then add permissions for system account.

That process isn’t too difficult using a couple command line utilities.

takeown /f c:windowsWEBScreen*.*
icacls c:windowsWEBScreen*.* /Grant 'System:(F)'

Or you can do it all with native powershell, which takes a bit more code.

Using this method, you’ll need to copy down an image to the local machine, and set a registry value to the path of the image.

Key: HKLMSOFTWAREPoliciesMicrosoftWindowsPersonalization
Property: LockScreenImage
[Reg_SZ]Value: Path to Image

Task Sequence Run Command or Batch File:

REG ADD HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsPersonalization" /V LockScreenImage /T REG_SZ /D C:programdataorganizationlockscreen.jpg /F

Windows Activation & Lock Screen Quirks

If you’re using a lab and you don’t activate the machines you’re get the “Bing” Images instead of what you wanted. There are some extra registry keys you can set to override that.

This is what I’ve done to override these settings and allow the lock screen to work without “spotlight” and “bing” to take over.

Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LockImageFlags Type: REG_DWORD Value: 00000000  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LockScreenOptions Type: REG_DWORD Value: 00000000  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: CreativeId Type: REG_SZ Value: ""   
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: DescriptionText Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ActionText Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ActionUri Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: PlacementId Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ClickthroughToken Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ImpressionToken Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: CreativeJson Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: PortraitAssetPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LandscapeAssetPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: HotspotImageFolderPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionContentDeliveryManager Property: RotatingLockScreenOverlayEnabled Type: REG_DWORD Value: 0  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionContentDeliveryManager Property: RotatingLockScreenEnabled Type: REG_DWORD Value: 0  
Key: HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftWindowsCloudContent Property: DisableWindowsSpotlightFeatures Type: REG_DWORD Value: 00000001

Demos

Task Sequence

To use in a task sequence, the images need to be in a package.

Run Command Line Option

If you want, you can have use two simple “Run Command” Steps and reference the package with the image

Step 1: Take OwnerShip & Grant Permissions

cmd.exe /c takeown /f C:WindowsWebScreen*.* & cmd.exe /c icacls C:WindowsWebScreen*.* /Grant System:(F)
LockScreen 03

Step 2: Copy Images (Reference Package that has your lockscreen.jpg image)

cmd.exe /c copy lockscreen.jpg C:WindowsWebScreenimg100.jpg /Y & cmd.exe /c copy lockscreen.jpg C:WindowsWebScreenimg105.jpg /Y
LockScreen 04

PowerShell Option

You’d have a “Run PowerShell Script” Step, that points to the Script: Set-LockScreen.ps1, and the package would include both the lockscreen.jpg & the powershell script Set-LockScreen.ps1

LockScreen 02

Disable Spotlight / Bing Rotate

I have a run command line step that strings all this together.

Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LockImageFlags Type: REG_DWORD Value: 00000000  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LockScreenOptions Type: REG_DWORD Value: 00000000  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: CreativeId Type: REG_SZ Value: ""   
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: DescriptionText Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ActionText Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ActionUri Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: PlacementId Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ClickthroughToken Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: ImpressionToken Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: CreativeJson Type: REG_SZ Value: ""  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: PortraitAssetPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: LandscapeAssetPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionLock ScreenCreative Property: HotspotImageFolderPath Type: REG_SZ Value: "C:WindowsWebScreenimg100.jpg"  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionContentDeliveryManager Property: RotatingLockScreenOverlayEnabled Type: REG_DWORD Value: 0  
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionContentDeliveryManager Property: RotatingLockScreenEnabled Type: REG_DWORD Value: 0  
Key: HKEY_CURRENT_USERSOFTWAREPoliciesMicrosoftWindowsCloudContent Property: DisableWindowsSpotlightFeatures Type: REG_DWORD Value: 00000001
LockScreen 05

Group Policy

You can do both methods using group policy. Forcing the lockscreen is quite easy, where as replacing the default images is bit more tricky.

Forcing Lock Screen

This is by far the most easy way to set a branded lock screen in your environment.
Group Policy Path: Administrative TemplatesControl PanelPersonalization
Item: Force a specific default lock screen and logon image:
LockScreen 07
Coping the Image Locally:
LockScreen 08

Once you’ve done this and applied it to the endpoint, the next restart it will be applied.

Setting the Default with Group Policy

This is much more tricky, and request a very extensive group policy setup which changes permissions on files, then copies the file to overwrite the one there. I personally do not like this method and wouldn’t implement it myself, as I feel using ConfigMgr for this is a better option, but I’m going to show you anyway.

Note, because I’m setting this up in a lab on Windows machines that are NOT activated, it required enabling group policy loopback and setting up both machine & user polices. In your environment, I’d suggest starting with the machine policy part and seeing if that is good enough.
Here we take add permissions for System & Administrators to have Full Control of the C:WindowsWeb folder
LockScreen 11

Here we copy the branded lockscreen image over the ones on the machine
LockScreen 09

And here I clean out cached lock screen images that can drive you crazy when you see the lock screen images in c:windowswebscreen have been overwritten, and yet the lock screen image hasn’t updated. This is not required if you apply these during OSD, because it will never have cached the wrong image before the policy is set.

LockScreen 10

And now let’s deal with all of the user policies that need to get set too:

LockScreen 12

These are all of the Registry items listed above on the page. Remember, you might not need to do this in a non-lab environment. Do lots of testing.

Once I moved a computer into the OU with this policy applied, it took 2 restarts and logons for it to fully take.

Intune (Enforced)

MS Docs has good information about setting up a lock screen that is enforced.

Basically, you setup a Device Policy in Devices then Assign it to a group:

LockScreen 14
LockScreen 13

Summary: Setting the Lock Screen

That’s it, simple concept, simple to add to your task sequence, and super handy.

Windows Customizations Series: Table of Contents

About Recast Software

1 in 3 organizations using Microsoft Configuration Manager rely on Right Click Tools to surface vulnerabilities and remediate quicker than ever before.

Trending Topics

Recast Software Achieves ISO 27001 Certification 

How to Build Compliance Baselines in Intune to Determine the Compliance Status of Devices 

How to Use Recast Builder to Automate the Force Reinstall of ConfigMgr Clients

Streamlining IT Management: The Advantages of Consolidating with Recast Software 

Related Resources

Featured Image
ConfigMgr Console

How to Use Recast Builder to Automate the Force Reinstall of ConfigMgr Clients

Author Photo
John Yoakum
April 12, 2024
Featured Image
ConfigMgr Console

No Need to Switch Endpoint Management Software

Author Photo
Matt Wieland
April 13, 2023
Featured Image
ConfigMgr Console

ConfigMgr / SCCM Scripts: Best Feature of ConfigMgr?

Author Photo
Garth Jones
October 6, 2022
Featured Image
ConfigMgr Console

How Can I Install Report Builder?

Author Photo
Garth Jones
October 5, 2022
Featured Image
ConfigMgr Console

OSD Cloud with ConfigMgr

Author Photo
Gary Blok
February 27, 2022
Featured Image
ConfigMgr Console

Windows Servicing (Feature Updates)

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Content Items

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

WaaS

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Task Sequence Adv.

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Hyper-V

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Disks

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Software

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

General

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

Task Sequence Basics

Author Photo
Gary Blok
February 17, 2022
Featured Image
ConfigMgr Console

OSD Cloud

Author Photo
Gary Blok
February 15, 2022
Featured Image
ConfigMgr Console

Leverage BGInfo in WinPE

Author Photo
Gary Blok
February 10, 2022
Featured Image
ConfigMgr Console

Create Shortcuts with PowerShell

Author Photo
Gary Blok
February 2, 2022
Featured Image
ConfigMgr Console

Customize Quick Access

Author Photo
Gary Blok
February 2, 2022
Featured Image
ConfigMgr Console

WaaS – Features on Demand – RSAT

Author Photo
Gary Blok
September 9, 2021
Featured Image
ConfigMgr Console

WaaS – Language Support – Overview

Author Photo
Gary Blok
September 1, 2021
Featured Image
ConfigMgr Console

WaaS – Language Support – Packages

Author Photo
Gary Blok
September 1, 2021
Featured Image
ConfigMgr Console

Leveraging Hyper-V to Automate Test VMs

Author Photo
Gary Blok
July 28, 2021
Featured Image
ConfigMgr Console

Hyper-V to Automate VHDx Optimization

Author Photo
Gary Blok
July 28, 2021
Featured Image
ConfigMgr Console

Enable PSGallery Support

Author Photo
Gary Blok
July 16, 2021
Featured Image
ConfigMgr Console

HP Management via PowerShell

Author Photo
Gary Blok
June 15, 2021
Featured Image
ConfigMgr Console

Get More Asset Intelligence Details

Author Photo
Garth Jones
May 13, 2021
Featured Image
ConfigMgr Console

Manufacturer Tools

Author Photo
Gary Blok
May 13, 2021
Featured Image
ConfigMgr Console

Models Support Tips

Author Photo
Gary Blok
May 13, 2021
Featured Image
ConfigMgr Console

Integrating Dell Tools and Intune

Author Photo
Gary Blok
May 13, 2021
Featured Image
ConfigMgr Console

Dell | ConfigMgr

Author Photo
Gary Blok
May 13, 2021
Back to Top