I am building a Windows embedded kiosk application that automatically logs in a default user on boot and launches the kiosk application. Once this occurs, the user cannot interact with any windows features, only the kiosk application.
However, when an admin comes to work on the system, he can log out of the default windows user account and log into a windows admin account. When the admin manually logs out, I want to automatically log the default user back in, and launch the kiosk application.
I have been searching for a couple hours on how to accomplish this with no luck. I am thinking a Powershell logoff script or something similar, but have no idea how to implement it (I have not Powershell experience). Does anyone have an idea on how to accomplish this?
Note: I already know how to automatically log in the default user and launch the kiosk app on computer startup (using group policy editor). I am only asking how to do the same thing when the admin logs off.
Create a logoff script with the following registry keys. Doesn't have to be powershell, this code would work for a normal command line batch script. The username is "user" and the password is "user"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUsername /t REG_SZ /d user /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d user /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ForceAutoLogon /t REG_SZ /d 1 /f
If you have a "welcome message", you will still have to click OK to fully log in, though
Here is how you create a logoff script: http://technet.microsoft.com/en-us/magazine/dd630947.aspx
You can put a PS script in the Local group policy editor (logoff script). You have to
Make a script that checks which user is logged in.
And if it is the admin you can use the shutdown -s so it will restart the PC and auto login the user.
Then it's what you want, only an unnecessary reboot.
Be careful: if your script is wrong about the usercheck (= admin), you cannot log off the user and you can't go anymore to the admin anymore!
Related
While setting up a new workstation, which is meant to be outside company's domain, I ran the script Baseline-LocalInstall -Win11NonDomainJoined. After the script was done, I cannot turn the Remote Desktop Protocol function. The slider stays on 'off', no matter what I do (tried editing GPO as well as adding a couple of REG_DWORD's, and for the life of mine I cannot figure out what else to do. Has anyone, by any chance, encountered similiar issues? What I've noticed is that the RDP has turned of automatically while the following line was being returned in PowerShell:
Running LGPO.exe /v /g ..\GPOs\{2C3C079A-D4FB-47BD-BF32-DE883E9AF6C4} Applying GPO "MSFT Windows 11 - Domain Security"... Running LGPO.exe /v /g ..\GPOs\{091755B0-6C83-48E7-A77A-E89D0C2EAF27} Applying GPO "MSFT Windows 11 - User"... Running LGPO.exe /v /g ..\GPOs\{80A3C624-3A13-4302-89AD-62D667966E4B} Non-domain-joined: back out the local-account restrictions... Running LGPO.exe /v /s ConfigFiles\DeltaForNonDomainJoined.inf /t ConfigFiles\DeltaForNonDomainJoined.txt
Any help would be appreciated!
I am trying to automate sever setup of a windows 2019 server using userdata. I need to update the local group policy settings.
The specific group policy i want to enable is "Set time limit for disconnected sessions"
How can i enable this 'local' group policy for a vm using powershell or bash or even Regedit.
I have tried but i cant seem to get it be in an "enabled" state.
Look at this Registry Edit.
You can access this registry key in Powershell or Bash.
More information here.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxDisconnectionTime /t REG_DWORD /d 5000 /f
Try this, its the same registry key but using Powershell to set.
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name MaxDisconnectionTime -Type REG_DWORD -Value 900000
The value is in ms, this would set it to 15 minutes.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SESSIONS_Disconnected_Timeout_2
After you run that, restart the device and the settings should be updated.
There is no way to directly configure the local group policy using PowerShell.
When configured, the GPO sets a registry key and value.
It's not bi-directional where you can set the registry key and then the GPO is configured.
You can use Microsoft's tool LGPO.exe to export the policy settings from a computer you've configured, and then use PowerShell to import those settings to your new computer.
I am trying to change the default location of the documents folder using powershell or cmd specifically.
What I have tried:
I have tried changing both the shell folders and user folders registry path and restarted the computer but nothing happens:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Personal /t REG_EXPAND_SZ /d "C:\users\JatonJustice\desktop\testfolder"
But I still see it in the users folder in documents(even after restarting. The picture below is after restarting the computer.):
I tried using the answer from here: Set location of Special Folders with PowerShell
However that didn't seem to do anything either:
If anyone has any ideas for this, that would be awesome. If I have to I guess I can use wswshell but that is the last resort.
I found out that reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Personal /t REG_EXPAND_SZ /d "C:\users\JatonJustice\desktop\testfolder" works but when you are using an azure domain account or an amazon workspace account, the registry location for the user shell folders will be in a different place
you can verify the user location of the shell folder key by navigating to HKEY_CURRENT_USER and double checking which account you are in. There are accounts like .DEFAULT, or S-1-5-18 (SYSTEM ACCOUNT), etc.
We have an application from third party, it requires WebView2. Installed WebView2 in our machine as per instruction, it is working fine in our desktop.
We installed exactly in the same way in the Citrix server, but it is not working. Any idea if the Citrix Server supports WebView2 or any specific action needed. The third Party does not provide customer support for the Citrix installation - Please help.
We had a similar issue with WebView2. It worked just fine everywhere, except on our Citrix environment.
The solution that made it work for "msedgewebview2.exe" is described here: https://support.citrix.com/article/CTX107825
REG ADD HKLM\SOFTWARE\Citrix\CtxHook /v ExcludedImageNames /t REG_EXPAND_SZ /d msedgewebview2.exe /f
REG ADD HKLM\SOFTWARE\Wow6432Node\Citrix\CtxHook /v ExcludedImageNames /t
REG_EXPAND_SZ /d msedgewebview2.exe /f
REG ADD HKLM\SOFTWARE\Wow6432Node\Citrix\CtxHook64 /v ExcludedImageNames /t
REG_EXPAND_SZ /d msedgewebview2.exe /f
I have a windows 10 machine and I need to change the Security settings to not defined for Local Security Policy->Local Policies->Security Options->
DCOM:Machine Launch Restrictions in SDDL syntax
and
DCOM:Machine Access Restrictions in SDDL syntax from a command line.
Would anybody know how to do this?
REG DELETE "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DCOM " /v MachineLaunchRestriction /f
REG DELETE "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DCOM " /v MachineAccessRestriction /f
Deleting the keys worked