top of page
Search

How to Set the Lock Screen Image Using Intune (Windows)

Writer's picture: Gareth OxendineGareth Oxendine
Jan 253 min read

Updated: Feb 1

SUMMARY:

Using Intune and a PowerShell script, you can set the lock screen image of your Windows devices! For example, you may want the lock screen on all your company devices to the company logo.

Table of Contents


Foreword

Before we go over the steps, I wanted to briefly explain why I chose to use a PowerShell script to set the lock screen rather than a custom configuration profile targeting the Personalization CSP.


According to Microsoft's documentation, targeting the Personalization CSP with a custom configuration profile is only supported for Windows Enterprise and Education versions. The script below applies to devices running Windows Professional, Enterprise, and Education.


To learn more about custom configuration profiles and CSPs, please review the articles linked below:


Steps to Set the Lock Screen

NOTE:

The lock screen will apply to all of the users on a targeted device. Also, once the lock screen is set, users will not be able to change it.

Step 1: Modify the PowerShell Script

Below is the PowerShell script. Please be sure to modify the variables under the Variables you need to define heading. Save the script once you are done modifying it.

IMPORTANT:

The PowerShell script copies the lock screen image from a source location to a destination folder on the devices. You have a few options for the source:


  • You can leave the script as is and use the Invoke-URI command to download the file from a cloud storage provider such as Azure Blob Storage, Box, OneDrive, or Dropbox.

  • Or, you change the Invoke-URI command to the Copy-Item command and copy the file from an on-premises file share.

TIP:

I recommend signing your script before deploying it with Intune to avoid any potential conflicts with devices having the Allsigned PowerShell Execution policy set. See the articles linked below to learn how to sign a PowerShell script and add the public certificate to the devices' Trusted Publisher certificate store:

Step 2: Deploy the Script using Intune

Adding a Script using Microsoft Endpoint Manager (Intune)

  • Launch the Intune portal.

  • Select Devices in the left-hand menu blade.

  • Select Windows > Scripts & Remediations.

  • Select the Platform Scripts tab.

  • Select + Add.


Configuring the script settings using Intune.

  • Script Location: select the folder icon, browse to the script you saved in step 1, and select it.

  • Run this command using the logged on credentials: select No (the script must be run with elevated privileges).

  • Enforce Script signature check: select Yes if you signed your script; select No if you did not sign your script.

  • Run script in 64 bit PowerShell Host: you can leave this set to No which is the default unless you need to change it.


Once done, select Next, add the appropriate assignment(s), and review/create your script! The assigned computers will receive and execute the script the next time they check in with Intune. If a script does not execute after a device checks in with Intune, try rebooting the device.


To learn more about deploying PowerShell scripts using Intune, see the article linked below:





Cover picture provided by Freepik.

 
 
 

Comments

Recent Posts

Click the Heart to Like!

If this post is helpful,please click the heart at the bottom of the page. 

Follow us on LinkedIn!

We'd like to invite you to follow us on LinkedIn! Click the icon to follow.

Never Miss a Post. Subscribe Now!

Want to be notified whenever a new article is posted? Enter your email address and subscribe!

Thanks for submitting!

Donate to the Blog?

We hope the blog was helpful to you! If so, we'll take a donation as a form of thanks! :) 

© 2024 by DMTT. Powered and secured by Wix

$

Thank you for your donation!

bottom of page