I recently had a client come to me asking about setting the wallpaper and lock screen, which is a fairly simple task by following the original post content under this section. However, they had several business units where they wanted different images deployed, and they planned on changing the images regularly. The challenge here became trying to find a way to easily change these images without having to change our install script and repackage the Win32 app every time. A proactive remediation would also be great here. However, this particular client was not licensed for Proactive Remediations. Therefore, I had to use a Win32 App.
They already had the images they wanted to use on blob storage. So, they were easily accessible to set with this script linked below from my github. For reference, the syntax is below. Basically, this creates our necessary registry key and values, downloads the images from blob storage, and uses those images for our background and lockscreen:
New-Item HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP -Force
#Variable Creation
$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
$BackgroundImageURL = 'https://yourstorageaccount.blob.core.windows.net/wallpaper/background.jpg'
$LockscreenImageURL = 'https://.blob.core.windows.net/wallpaper/lockscreen.jpg'
$ImageDestinationFolder = "C:\temp\images"
$Backgroundimage = "$ImageDestinationFolder\background.jpg"
$LockScreenImage = "$ImageDestinationFolder\Lockscreen.jpg"
#Create image directory
md $ImageDestinationFolder -erroraction silentlycontinue
#Download image file
Start-BitsTransfer -Source $BackgroundImageURL -Destination "$Backgroundimage"
Start-BitsTransfer -Source $LockscreenImageURL -Destination "$LockScreenimage"
#Lockscreen Registry Keys
New-ItemProperty -Path $RegPath -Name LockScreenImagePath -Value $LockScreenImage -PropertyType String -Force | Out-Null
New-ItemProperty -Path $RegPath -Name LockScreenImageUrl -Value $LockScreenImage -PropertyType String -Force | Out-Null
New-ItemProperty -Path $RegPath -Name LockScreenImageStatus -Value 1 -PropertyType DWORD -Force | Out-Null
#Background Wallpaper Registry Keys
New-ItemProperty -Path $RegPath -Name DesktopImagePath -Value $backgroundimage -PropertyType String -Force | Out-Null
New-ItemProperty -Path $RegPath -Name DesktopImageUrl -Value $backgroundimage -PropertyType String -Force | Out-Null
New-ItemProperty -Path $RegPath -Name DesktopImageStatus -Value 1 -PropertyType DWORD -Force | Out-NullPretty simple, but now I had to determine a way to easily update these images without repacking everything. That’s where the new custom detection script came in. I needed to find something unique about these files I could use. That’s when I thought of using one of the file properties if we use PowerShell to look at file details:
get-itemproperty -path c:\temp\images\background.jpg | FL * We can look at the date and time the file was modified. This value will differ between the images as they replace the background and lockscreen images:
So our new custom detection script was born and is available on github here and the syntax is below. The key here is the images used for background and lockscreen must always be named background.jpg and lockscreen.jpg as they’re replaced. This keeps the install and detection scripts unchanged and requires no repackaging of the Win32 app or updating of the detection script. The detection script creates a temporary directory, downloads the current version of the background.jpg and lockscreen.jpg from blob storage, and compares the modified timestamp on the file to the files in use on the workstation. If they match, the script detects the images are correct. If the dates don’t match, then the images have been updated on the storage account, and the install script will be re-run to pull the latest images down for the background and lock screen.
$BackgroundImageURL = 'https://yourstorageaccount.blob.core.windows.net/wallpaper/background.jpg'
$LockscreenImageURL = 'https://yourstorageaccount.blob.core.windows.net/wallpaper/lockscreen.jpg'
$ImageDestinationFolder = "C:\temp\images\temp"
$Backgroundimage = "$ImageDestinationFolder\background.jpg"
$LockScreenImage = "$ImageDestinationFolder\Lockscreen.jpg"
#Create Temp Image Directory
md $ImageDestinationFolder -erroraction silentlycontinue
#download images
Start-BitsTransfer -Source $BackgroundImageURL -Destination "$Backgroundimage"
Start-BitsTransfer -Source $LockscreenImageURL -Destination "$LockScreenimage"
#Get Timestamps from downloaded images. This checks to see if there have been updates
$blobbackground = Get-ItemProperty "$backgroundimage" | Select-Object -ExpandProperty LastWriteTime
$bloblockscreen = Get-ItemProperty "$lockscreenimage" | Select-Object -ExpandProperty LastWriteTime
#Checks last modified timestamp of the current files and looks for correct registry values
$backgrounddate = Get-ItemProperty "C:\TEMP\images\background.jpg" | Select-Object -ExpandProperty LastWriteTime
$lockscreendate = Get-ItemProperty "C:\TEMP\images\lockscreen.jpg" | Select-Object -ExpandProperty LastWriteTime
$reg1 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "DesktopImagePath"
$reg2 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "DesktopImageStatus"
$reg3 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "DesktopImageUrl"
$reg4 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "LockScreenImagePath"
$reg5 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "LockScreenImageStatus"
$reg6 = Get-ItemPropertyValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP" -Name "LockScreenImageUrl"
#cleanup temp dir
Remove-Item -Path $ImageDestinationFolder -Recurse -Force
If (($lockscreendate -eq $bloblockscreen) -and ($backgrounddate -eq $blobbackground) -and ($reg2 -and $reg5 -eq $true) -and ($reg1 -and $reg3 -eq "C:\temp\images\background.jpg") -and ($reg4 -and $reg6 -eq "C:\temp\images\lockscreen.jpg"))
{
Write-Output "Detected"
exit 0
}
else {
Write-Output "Image files outdated or missing Registry Values"
exit 1
}