Force the Photo Screen Saver through Domain Policy

After searching for a way to push out settings to have everyone in the company get a photo screen saver with predefined photos running, I was able to piece out a solution. The steps to enable this are listed below. If there are issues with this or a better way to do a section, please let me know.

Overall, there are three steps to accomplish this. They are:

  1. Create a batch file to copy the photos from a file share to a local folder on the user’s computer, and put this into the logon script of the GPO policy
  2. Set the Administrative Templates to force the correct screen saver to engage
  3. Set the registry keys to direct the screen saver to use the user’s local photo folder

Note: in these examples I have a network file share called “Software” on the fileserver “FS1” that all users have read access to. That contains a folder called “Screen Saver Photos” that is used as the source for the photos. This folder is copied automatically to the user’s C drive when they log on. The reason we just don’t point the screen saver to the share is that we want the screen saver to work when users are disconnected, such as offsite with a laptop.

Step 1: Create a batch file to copy the photos from a file share to a local folder on the user’s computer, and put this into the logon script of the GPO policy

Create a batch file on the domain controller called “ScreenSaverPhotoCopy.bat”. Edit this file and place the following four lines into it. This batch file will run when users log into their machines. These lines map the network drive, make the local folder, purge old files from the folder, and refresh the files from the share, respectively.

net use s: \\fs1\Software
mkdir “C:\Screen Saver Photos”
del /Q “C:\Screen Saver Photos\*.*”
xcopy “S:\Screen Saver Photos” “C:\Screen Saver Photos”

On the domain server, open “Administrative Tools -> Group Policy Management”

Drill into your domain and pick the policy you want to effect, such as “Default Domain Policy”

image

Right click and choose “Edit…”. The Group Policy Management Editor will open.

Open “User Configuration -> Windows Settings -> Scripts (Logon/Logoff)”

image

Double click Logon, this opens Logon Properties

image

You need to move the batch file into a particular store on the server, so click the “Show Files…” button. Copy the “ScreenSaverPhotoCopy.bat” file that you made into this location. Close it.

image

Back on the Logon Properties screen, click “Add…”

Click browse and select the batch file you just copied up.

clip_image006

Click OK and you will see

image

Step 2: Set the Administrative Templates to force the correct screen saver to engage

Back on the Group Policy Management Editor, Expand the “User Configuration –> Policies –> Administrative Templates –> Control Panel” node and click the “Display” item.

image

This lists domain policy settings that affect themes, including screen savers. Enable all the items you want in effect, depending on how strict you want things. In this case, I enabled “Enable Screen Saver”, “Password protect the screen saver”, “Screen saver timeout”, and “Force specific screen saver”. For that last one, set the screen saver to “PhotoScreensaver.scr” as so:

image

Step 3: Set the registry keys to direct the screen saver to use the folder user’s local photo folder

In this step you need to pull the registry settings for the Photo Screen Saver off of a Windows 7 client machine and put them into the domain policy. The Photo Screen Saver uses a particular series of registry keys, and for some reason encrypts the path to the photos folder, so you cannot hand enter this. So the process is, configure the screen saver on a Windows 7 machine, export the registry settings, import them on the domain controller, then add the key path to the policy.

On a Win7 machine, configure the Photo Screen Saver.

Pick “Photos”

image

Click “Settings…”.

image

Browse to the local photo folder, in this case “C:\Screen Saver Photos”. Also set the speed and if you wan them to shuffle.

Run Regedit and drill down into “HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Slideshow\Screensaver”. Here you will see three keys, one called EncryptedPIDL which is the encrypted path to the photos folder, one for shuffle, and one for speed.

image

Right click the “Screensaver” folder and choose “Export”. Save the file as “PhotoKeys.reg”.

Copy the file to your domain controller.

Double click the “PhotoKeys.reg” to import them into the domain controller’s registry. You will see a warning like so:

image

If you want you can repeat the registry steps from the Windows 7 machine to confirm the keys were imported properly.

Back in the “Group Policy Management Editor”, drill into “User Configuration –> Preferences –> Windows Settings –> Registry”

image

Right click “Registry” and choose “New –> Registry Wizard”

In the “Registry Browser” window, choose “Local Computer”. Note: I did try to use “Another Computer” to skip the registry import steps above, but was unable to get this to work.

image

Pick the registry key to include, which is the same one we imported above. Check off the four keys that are listed under the “Screensaver” folder.

image

Click Finish. This will create a folder in the policy under Registry, named “Registry Wizard Values”. I don’t think this name matters, but I changed it to “Photo Screen Saver Settings” for clarity. You can also verify the keys are there and have the correct values.

image

Close the Group Policy Management Editor

Conclusion

Now test logging off and back in on one of your Domain Windows 7 machines, and you should see that the local photos folder was created and the photos copied over from the share and your screen saver settings in place (assuming you allowed them to be viewed / changed). Wait the appropriate time and you should see your photos cycling in all their glory.

Advertisements

27 thoughts on “Force the Photo Screen Saver through Domain Policy

  1. Hi, I try your tip tto force my pictures for a screen saver via GPO. After the time is up, the screen saver start but my pictures do not appear, my screen is black.

    Do youy have some idea to help me.

    Thanks in advenced if it possible for you to help me.

    Franc

    1. The key to making this work is the photos need to copy down to a local drive because the screen saver cannot pull them from a network share. Verify that the folder on the local machine has a copy of the photos after the user logs in. If it does, make sure the paths were all entered correctly.

    2. Your solution is excellent and I would also like to stress the PIDL point in the process. If the EncryptedPIDL does not reflect the encrypted string that is imported into the policy it will come up as an untargeted black screen when the time expires to go to screen saver. I found that the process sometimes made the PIDL loose the encrypted key and when that happened it inserted a local drive target which forced it to black screen. The solution to that was to go back to the computer that i exported the PhotoKey.reg file from, find the PIDL key and copy paste the string manually into GP and then force the gpupdate.

  2. Hi, I exported the regkey from a window 7 box and imported onto my Windows 2008R2 domain controller, all keys import except the EncryptedPIDL Key. If I edit the exported reg file to take a look what’s in it, the EncryptedPIDL is in the reg file… Any ideas why EncryptedPIDL won’t import on my domain controller?
    Many Thanks for this article.

  3. Thanks for the guide, very handy. But when I export the reg key “Screensaver” it doesn’t include the encrypted key, just the other two.

  4. Hi,

    I used this solution a few months ago. It worked perfectly. We have recently created a new SOE for Windows 7. Nothing major was changed however now the Screen saver doest work. The GPO applies as I can open up the screen saver on the client machines and all settings are there. I can click preview and it works. However it does not start by itself after the time-out period any more.

    I don’t know what else I can check.

  5. This has to be the best implementation I’ve seen yet, thanks!

    One suggestion though, instead of deleting the contents of the Screensaver folder and then xcopy is to use robocopy and mirror the folder. This will only copy photos that have been updated or added.

    Example:

    net use S: “\\FS1\Share”
    mkdir “C:\Screen Saver Photos”
    robocopy “S:\Screen Saver Photos” “C:\Screen Saver Photos” /MIR
    net use S: /delete

  6. for STEP 1 : better to use User\preferences\Windows Settings\Files
    to copy/replace the files from file server or remote server

  7. Hello, I’ve followed your instructions and it works to a degree, i can see a folder created on users C:\ the correct files are there, but when you select personalization, screen saver shows as ‘none’ but when you go into screen saver, ‘Photos’ is selected as the greyed out choice, if i make a change to the minutes, and press ok then screen saver then becomes active, but if no changes are applied in screensaver screen, the screen saver is not active. does anyone know whats happening?

  8. Please share in more detail the first step of creating a batch file to copy the photos from a file share. Where exactly am I creating the file? On the server or a client in the domain?
    Also, there is no Windows Photo Viewer folder in the registry in the domain server

  9. Don’t know yet if it allready is solved, just made it tru with this tutorial, and have to say
    NICE.
    second, yes it is correct windows server 2012R2 doesn’t have the registry with the location.
    You have to first create a registry with the registries you merged with your windows server machine, i have the registries, accept the encrypted pidl. open a wordpad to take the key out of the regfix, and copy+paste the value into your newly created encrypted pidl.

    third. Why not create a servershare with readpermissions from the group you want to show the scr to, and a read+write permission for the group creating the scr. That’s how i have done it in my domain…
    It’s for a school, where a group for multicultural activities can create folders or posters for their projects, and upload it to the netshare let’s say MCS “multiculturalscreensaver”. where all computerlogons on the computers of the students recieve this photoscreensaver als default, but they can change it, until a reboot, then it’s back to default photoscreensaver with the location of the pictures in the netshare “MCS”…

  10. I tried the batch file but it seems to be creating to folderes on my desktop only,they have no data…see below what i have…please help

    “net use z: \\tsamfile01\shares\gpo icons\pictures
    mkdir “C:\Screen Saver Photos”
    del /Q “C:\Screen Saver Photos\*.*”
    xcopy “z:\Screen Saver Photos” “C:\Screen Saver Photos ”

  11. Nice article. Another option is to use a third-party offering. We (SnapComms) offer a solution where screensaver content can be easily updated by marketing\management and pushed out automatically across your whole organisation.

  12. Please, let someone help us with the solution to below challenge as I’m experiencing same here. Thanks

    Hello, I’ve followed your instructions and it works to a degree, i can see a folder created on users C:\ the correct files are there, but when you select personalization, screen saver shows as ‘none’ but when you go into screen saver, ‘Photos’ is selected as the greyed out choice, if i make a change to the minutes, and press ok then screen saver then becomes active, but if no changes are applied in screensaver screen, the screen saver is not active. does anyone know whats happening?

  13. So I have gotten this to work, but not. The logon script runs fine, the folder is created in C: and the pictures are copied over from the network share. When the screensaver starts it goes immediately to the lock screen. However if I navigate to c:\windows\system32 and double click PhotoScreensaver.scr, the photo’s show just fine. So I think the policy is sort of working.

  14. Never mind. I found my problem. There was a GPO screen saver configuration at the domain level and was causing a conflict. Problem fixed and the Photos screen save is being pushed out via a new GPO and is working perfectly. Thanks a lot for this post.

  15. Thanks, this was a huge help. I did have to manually create the one EncrytpedPIDL key in the gpo (it wouldn’t export), but besides that everything worked great. Thanks again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s