Windows 10 Lock Screen

So, you think you’re setting the lock screen, just to have OSD finish and be like “Why is the lock screen missing and showing a dark blueish color?” or “Argh, it’s the stinking Windows default lock screen, not the one I wanted”. Perhaps you have a lab, and don’t activate your PC’s, so you get the rotating Bing Picture of the day, which is actually pretty cool and all, unless you’re trying to test Lock Screens.  Thanks to Doug (managedoug.com) for bringing this to my attention and having me dig into it a bit more.

I’ve got Several Steps to control this during OSD which include Copying Files over the default lock screen images, and setting registry keys, basically depends on exactly what outcome you’re looking for.

Scenario 1, you want to set the Lock Screen and NEVER allow the user to change it.

Scenario 2, you’re cool with the user changing it, but want to set it to your own custom default.

To accomplish both, there are several things in common you need to do, so I’ll start with the steps you need to do for either situation, then break apart the single additional step that enables scenario 1.

image

  • Tweak – Replace Default LockScreen Step 1
    image
  • Tweak – Replace Default LockScreen Step 2
    image
  • Tweak – Mount ntuser.dat as defuser
    image


    • Tweak – LockScreen Tools TIps & Rotation Disable
      image
    • Tweak – LockScreen BING Rotation Disable
      image
    • Tweak – LockScreen SpotLight Disable
      image
  • Tweak – Unmount ntuser.dat as defuser
    image

     

Lock Down Mode (Scenario 1)

  • Tweak – Set Enforced Lock Screen Step 1 (Copy) –Same as the one used above, just different description
    image
  • Tweak – Set Enforced Lock Screen Step 2 (Registry)
    image

After OSD in the registry:

You can download this entire TS from my blog post about Windows 10 Customizations.

So, how does it look when after OSD completes… pretty. Smile

image

Posted originally at garytown.com - @gwblok

5 thoughts on “Windows 10 Lock Screen

  • June 13, 2018 at 11:05 am
    Permalink

    Do some of those disable lock screen annoyances/ads commands you have also work for win 10 pro or just enterprise?

    How about setting a custom theme? I've got a theme i created with custom corporate wallpapers that rotate and exported it as a theme, id like to be able to apply that in OSD. Id like to move away from copy profile entirely which is how i currently keep a custom theme set as default for everyone.

    Reply
    • June 13, 2018 at 1:23 pm
      Permalink

      I just ran my TS on Pro instead of Enterprise. The LockScreen tweaks appear to have worked. FYI, this is just one test, and I typically don't test or run Pro. I'd recommend just give it a try on one machine, and let it run for awhile and see what happens. But my initial results look good.

      Reply
      • June 13, 2018 at 10:38 pm
        Permalink

        From what I understand, if we deployed this from GPO it wouldn't work on Windows 10 Pro, Microsoft disabled most of these policies after the anniversary update. But since we're making so many local user registry and file modifications it appears to take effect. Make sure that when you do a feature update that these are reapplied to the device as some of the settings will not make it through.

        Reply
    • July 12, 2018 at 12:22 am
      Permalink

      I was able to replicate your problem. To fix it, I took the settings I was applying the default user profile, and applying the HKCU registry hive, which requires having the user logged on during the TS. I'd recommend just applying them via GPO. (I assume you have no plans to use SpotLight) - As always, please test this yourself.

      From the blog post https://garytown.com/windows-10-lock-screen
      there are 3 steps that I use to apply to default profile:
      Tweak – LockScreen Tools TIps & Rotation Disable
      Tweak – LockScreen BING Rotation Disable
      Tweak – LockScreen SpotLight Disable

      Those 3 steps work great for OSD when a user hasn't logged on, but if you didn't have them there before hand, and those keys aren't currently applied to the user's profile, then the method in the blog wouldn't work. In my test, I just took those 3 steps and modified them, and all was well.
      I did a find / replace. HKEY_LOCAL_MACHINE\defuser -> HKEY_CURRENT_USER
      Then placed those 3 steps in the upgrade TS. The LockScreen I wanted then applied after IPU instead of the blue screen, or windows default.

      Since odds are good you'll be doing the IPU when a user isn't logged on, I'd recommend just doing it all via group policy.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.