Set wallpaper using OU-policy

Similar Messages

• Assign ringtone and set wallpaper using j2me code

  hi !
  can any one tell me how can i assign ringtone to contact and set my animation as device wallpaper fron j2me application.
  ajay

  You just can't do that kind of stuff.

• Using Group Policy to Set Windows Font DPI size

  I was in need of a way to change the Windows 7 user interface to use the Font size of 100% (vs the default of 125%) for custom applications on our network.
  Many searches on the net did not provide an easy way to accomplish this via Group Policy. The font size is PER USER and not PER MACHINE.
  I found a method using Group policy preferences (GPP) to configure the Font DPI size and wanted to share it for others who might need to do the same...
  I created a new GPO for the users needing this font size and linked it to their OU. Then configured the following:
  User Configuration \ Preferences \ Registry (Right click and select NEW \ Registry Wizard)
  Configure the following DWORD key: HKEY_CURRENT_USER\Control Panel\Desktop\LogPixels
  Use the values as needed:
  00000060 (Small Font Size 100%)
  00000090 (Medium Font Size 125%)
  00000144 (Large Font Size 150%)
  I used 00000060 to set the Small Font Size of 100%. Gpupdate /force a test client machine, then logoff/logon and see the setting take effect.
  When users try to change the font size in via the control panel, the value will be overwritten the next time the group policy updates. Id even recommend preventing users from being able to change the font dpi with another GPO setting:
  User Configuration \ Policies \ Administrative Templates \ Control Panel \ Personalization \ Prohibit selection of visual style font size = Enable
  Just wanted to share this for anyone needing to change the Windows 7 default font DPI size en mass using Group Policy. We can thank Microsoft for not giving us a ADMX template for this issue!!!!
  Drumgod
  me

  User Configuration \ Policies \ Administrative Templates \ Control Panel \ Personalization \ Prohibit selection of visual
  style font size = Enable
  This policy setting states that it is supported on Windows Server 2003, Windows XP, and Windows 2000 operating
  systems only. 
  The description on this setting says that it disables the "Font size" drop-down list on the Appearance tab in Display Properties. This does not exist in Windows 7. I don't think the DPI setting you are talking about is the equivalent.
  The other setting is good to have enough. Thanks for the tip!

• Uninstall IE and set another web browser such as Chrome and FireFox as default using Group Policy

  Hi there,
  Please can anyone instruct me on how to uninstall IE and set another web browser such as Chrome and FireFox as default using Group Policy. Your help would be much appreciated.
  Kind regards,
  RocknRollTim
  P.S. I was redirected by a forum user off the Microsoft Community forum.

  IE can't be uninstalled.  It's part of the operating system and cannot be removed.  You can hide the icon but the engine is still on the machine and still must be updated.
  This is a topic best suited for a Group policy forum. 
  https://social.technet.microsoft.com/Forums/en
  US/home?forum=winserverGP
  Step one is to install the Chrome ADMX templates - see the link below for more detais:
  Configuring Google Chrome via Group Policy | Jack Stromberg:
  http://jackstromberg.com/2013/08/configuring-google-chrome-via-group-policy/
  Of the two browsers, my personal preference is Chrome over Firefox.  Firefox's add in model is too prone to developer insecurity.
  My blog
  Thanks Justin Gu for marking this as the proposed answer.
  Thank you,
  RocknRollTim

• Applying custom Group policy to existing users using group policy

  Hello Everyone,
  i am unable to find a way to push a custom theme to client PC using group policy.
  I have tried "Load a Specific Theme" Group Policy but it is only applying to a new user logging on windows.
  I have a custom theme that i want it to load to every existing user's machine.
  Is there any way to do it using GPO??

  Apply theme group policy does not work. Known issue.
  I use a vb script,
  '@SLH // This Script applies the Themepack "
  On Error Resume Next
  Select Case themeApplied
  Case "yes"
  'Has been set once before, nothing happens!
  Case Else
  'Has not been set before, Company theme is applied
  strRegistryKey = readfromRegistry("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource", "C:\Windows\web\wallpaper\Windows\img0.jpg")
  End Select
  Function readFromRegistry (strRegistryKey, strDefault )
  Dim WshShell, value
  Set WshShell = CreateObject("WScript.Shell")
  value = WshShell.RegRead( strRegistryKey )
  if strDefault = value then
  'Write key in registry
  WshShell.RegWrite "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\themeApplied", "yes", "REG_SZ"
  'Applying theme from server
  'Remember to change the path tothe location of your .themepack file
  WshShell.Run "rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:""\\seraddressto\ Default.themepack"""
  WScript.Sleep 1000
  WshShell.AppActivate("Desktop Properties")
  WshShell.Sendkeys "%{F4}"
  end if
  End Function
  I then run this in a run once script when the user first logs in, this sets the theme once on new profile generation.

• Steps to apply Proxy settings for all Server in a specific OU using Group Policy ?

  People,
  I have several terminal server (2008 R2) running as RDSH in an OU called Terminal Servers.
  So how can I create the GPO setting to make sure that everyone who login to this terminal server will be getting the proxy settings automatically to proxy.domain.com on port 3128 ?
  I've created the GP object and then link it directly to the Terminal Servers OU using the following options:
  User Configuration (Enabled) > Policies > Windows Settings > Internet Explorer Maintenance >
  Connection/Proxy Settings > Enable proxy settings 
  But somehow when I login as myself and DOMAIN\Administrator the proxy settings in the IE11 is still unchecked with the old Proxy value and sometimes blank in some servers.
  /* Server Support Specialist */

  > I've created the GP object and then link it directly to the Terminal
  > Servers OU using the following options:
  >
  > User Configuration (Enabled) > Policies > Windows Settings > Internet
  > Explorer Maintenance >
  > Connection/Proxy Settings > Enable proxy settings
  User policies apply to user objects - the servers will ignore them, and
  as long as there is no user in your terminal servers OU, no one will get
  this setting.
  Link your policy to the OUs where the users are, then use item level
  targeting to filter for a security group you create for this purpose,
  and add all your terminal servers to this group. Don't forget to reboot
  the servers after changing group memberships...
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:
  Martin,
  Since the browser in the Terminal Servers are all running IE 11, do I need to do the GPO using IEAK or GPP with the new ADMX template ?
  /* Server Support Specialist */

• Using SAML policy while invoking a web service

  I have to invoke a webservice which is secured using the policy wss10_saml_token_client_policy.
  In order to achieve the above i have creates a stub using JAX-WS and while invoking the web service I pass the policy as a SecurityFeature.Code snippet given below:
  SecurityPolicyFeature[] securityFeatures = new SecurityPolicyFeature[] { new SecurityPolicyFeature(
                      getValueFromPropertyFile("oracle/wss10_saml_token_client_policy"))};
  SomeStub stub =(UserManagementPortTypev1_0)SomeService.getPort("...","....",securityFeatures );
  Once deployed in weblogic and when i invoke the service, the soap request formed is correct. It creates for me the soap header with the correct security nodes. The header formed is like below:
  <S:Header>
  <work:WorkContext xmlns:work="http://oracle.com/weblogic/soap/workarea/">rO0ABXoAAAJDADBvcmFjbGUuZG1zLmNvbnRleHQuaW50ZXJuYWwud2xzLldMU0NvbnRleHRGYW1pbHkAAAFPAAAAKXdlYmxvZ2ljLndvcmthcmVhLlNlcmlhbGl6YWJsZVdvcmtDb250ZXh0AAABSaztAAVzcgAxd2VibG9naWMud29ya2FyZWEuU2VyaWFsaXphYmxlV29ya0NvbnRleHQkQ2Fycmllcv1CAh9z5wpPAwACWgAHbXV0YWJsZUwADHNlcmlhbGl6YWJsZXQAFkxqYXZhL2lvL1NlcmlhbGl6YWJsZTt4cHcEAAAAAXNyAEFvcmFjbGUuZG1zLmNvbnRleHQuaW50ZXJuYWwud2xzLldMU0NvbnRleHRGYW1pbHkkU2VyaWFsaXphYmxlSW1wbAAAAAAAAAAAAwABTAARbVdMU0NvbnRleHRGYW1pbHl0ADJMb3JhY2xlL2Rtcy9jb250ZXh0L2ludGVybmFsL3dscy9XTFNDb250ZXh0RmFtaWx5O3hwdykAJzEuMDAwMEl6T0lYQ0swam9PTE1pcDJpZTFEbUNMdjAwMDAwMjt2MHh3AQF4ACZ3ZWJsb2dpYy5kaWFnbm9zdGljcy5EaWFnbm9zdGljQ29udGV4dAAAAX8AAAAyd2VibG9naWMuZGlhZ25vc3RpY3MuY29udGV4dC5EaWFnbm9zdGljQ29udGV4dEltcGwAAAAiMDAwMEl6T0lYQ0swam9PTE1pcDJpZTFEbUNMdjAwMDAwMgAAAAAAAAAAAAAA</work:WorkContext>
  <wsse:Security S:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <saml:Assertion AssertionID="SAML-L0r20MS5CV0y7B6zHnGX5w22" IssueInstant="2011-05-10T05:03:49Z" Issuer="www.oracle.com" MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:Conditions NotBefore="2011-05-10T05:03:49Z" NotOnOrAfter="2011-05-10T05:08:49Z"/>
  <saml:AuthenticationStatement AuthenticationInstant="2011-05-10T05:03:49Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password">
  <saml:Subject>
  *<saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">anonymous</saml:NameIdentifier>* <saml:SubjectConfirmation>
  <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
  </saml:SubjectConfirmation>
  </saml:Subject>
  </saml:AuthenticationStatement>
  </saml:Assertion>
  </wsse:Security>
  </S:Header>
  The node NameIdentifier is supposed to be populated with the logged in user id, which will be picked up from JAAS principal.
  Now I am invoking the service hosted in weblogic from outside using JSON protocol, I do not have a portal ready to invoke the service.
  My question is, is there any way in which i can replicate/ simulate the JAAS principal such that the nameidentifier is populated even when invoked from outside. THis is a requirement from testing perspective.

  Hi,
  Thanx it is working now.
  BTW can you give me some urls with info of this kind of setting which i need to do for other kind of integarions in J2EE platform.Sorry if i am asking too much as i am a starter in this technology.

• Windows Time Server setting not following group policy

  I hardly use group policy, except for two settings:
  User Configuration\Administrative Templates\System\User Profiles\Exclude directories in roaming profile
  Computer Configuration\Administrative Templates\System\Windows Time Service\Configure Windows NTP Client & Enable Windows NTP Client
  The first setting has worked perfectly for years, but the second one seems to have stopped working, in that the time on client PCs has become out by several minutes. The client PCs are running Windows 7 and Windows 8.1.
  Following is the result under [TimeProviders] when I run W32TM /query /configuration:
  On the server:
  NtpClient (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  ResolvePeerBackoffMinutes: 15 (Policy)
  ResolvePeerBackoffMaxTimes: 7 (Policy)
  CompatibilityFlags: 2147483648 (Local)
  EventLogFlags: 0 (Policy)
  LargeSampleSkew: 3 (Local)
  SpecialPollInterval: 3600 (Policy)
  Type: NTP (Policy)
  NtpServer: time.windows.com,0x9 (Policy)
  NtpServer (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 0 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  On the Windows 8.1 client PC:
  NtpClient (Local)
  DllName: C:\Windows\system32\w32time.DLL (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  CrossSiteSyncFlags: 2 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  ResolvePeerBackoffMinutes: 15 (Local)
  ResolvePeerBackoffMaxTimes: 7 (Local)
  CompatibilityFlags: 2147483648 (Local)
  EventLogFlags: 1 (Local)
  LargeSampleSkew: 3 (Local)
  SpecialPollInterval: 3600 (Local)
  Type: NT5DS (Local)
  VMICTimeProvider (Local)
  DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  NtpServer (Local)
  DllName: C:\Windows\system32\w32time.DLL (Local)
  Enabled: 0 (Local)
  InputProvider: 0 (Local)
  Can anyone help me to fix this please so that the client PCs sync their time correctly with an NTP server?

  Hi,
  >>but the second one seems to have stopped working, in that the time on client PCs has become out by several minutes. The client PCs are running Windows 7 and Windows 8.1.
  Does this happen to all clients in our environment? For group policy, we can run command
  gpresult/h gpreport.html with administrative privileges to collect group policy result to have a check. Besides, we can check event logs in Event Viewer to see if some related events were logged.
  Here, we can try to resync time with domain by following the steps described in the article below.
  Configure a client computer for automatic domain time synchronization
  https://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
  In addition, regarding time configuration in Active Directory, the following article can be referred to for more information.
  “It’s Simple!” – Time Configuration in Active Directory
  http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Uninstall Lync 2010 client, Install Lync 2013 using Group Policy/VB/MS Customisation Tool

  Hi, I am using Group Policy/vb/Lync customization tools to deploy 2013 and remove 2010. The machines have Office 2010. The vb script is as below:
  Dim objShell 'As Object
  Dim objFSO 'As FileSystemObject
  '-- SET OBJECTS
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  Set objShell = CreateObject("WScript.Shell")
  strComputerName = objShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
  Dim WshNetwork : Set WshNetwork = WScript.CreateObject("WScript.Network")
  objShell.Run """\\xxxxxxxxx - Do not Remove\Lync Install 2013 2010\Lync 2013 Outlook 2010\setup.exe"""
  I have amended the OCT with relevant settings, Lync 2013 installs but Lync 2010 does not uninstall. Here is how i have it set:
  In the Office Customization Tool - Set-up - Add Installation and Run Programs,
  In target - pointing to the Lync2010 exe file (on above share)
  In Arguments - /silent /uninstall
  Is this correct?
  Also, i would have thought that, Remove Previous Installations, it would have an option to remove Lync2010?
  Anyway..pulling my hair out here!
  Hope you can help.

  Hi,
  Based on your description, we can refer to the following threads for help.
  Slient Unninstall of Lync 2010 on client machines script required
  http://social.technet.microsoft.com/Forums/lync/en-US/69e32128-4581-4be5-9a44-b5d133e1f480/slient-unninstall-of-lync-2010-on-client-machines-script-required
  Scripting a Lync 2010 client Uninstall
  http://social.technet.microsoft.com/Forums/en-US/a65bd0d0-daa1-4616-8725-63f349fdde86/scripting-a-lync-2010-client-uninstall?forum=lyncconferencing
  For this issue is more related to Lync, in order to get better help, we can ask the question in the following TechNet dedicated Lync forum.
  Lync 2010 and OCS - Lync Clients and Devices
  http://social.technet.microsoft.com/Forums/lync/en-US/home?forum=ocsclients&filter=alltypes&sort=lastpostdesc
  In addition, for it also involves scripts, we can also ask for help in the following scripting forum.
  The Official Scripting Guys Forum
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG&filter=alltypes&sort=lastpostdesc
  Hope it helps.
  Best regards,
  Frank Shen

• Setting wallpaper/bmpanel in openbox? [SOLVED]

  I am on my first succesful HD install of Arch wirh Openbox right now and I have been documenting some of the things that are giving me issues. If you are curious about how I went about with my installation you can check this thread out:
  http://bbs.archlinux.org/viewtopic.php?id=76315
  One of the issues Im having is with themeing and autostart programs. I did a little research and found that in order to have, for instance, my bmpanel and desktop wallpaper start up with x I had to make an autostart.sh under my ~/.config/openbox/ and add this within:
  # Run the system-wide support stuff
  . $GLOBALAUTOSTART
  # Programs to launch at startup
  nitrogen /media/vault/Wallpapers/107320-Tranquility-1680.jpg &
  xcompmgr -c -t-5 -l-5 -r4.2 -o.55 &
  # SCIM support (for typing non-english characters)
  export LC_CTYPE=ja_JP.utf8
  export XMODIFIERS=@im=SCIM
  export GTK_IM_MODULE=scim
  export QT_IM_MODULE=scim
  scim -d &
  # Programs that will run after Openbox has started
  (sleep 2 && bmpanel arch) &
  So thats what I make it look like. I have nitrogen and bmpanel (with arch theme) installed and working correctly. The problem is that when i startx and the script runs, it just opens nitrogen with no images selectable. Also bmpanel does start with arch theme but it is not transparant like in the photo available where I downloaded it.
  I do have composting available as I have my nvidia drivers installed and i checked that it is working in the terminal, but I am at a loss as to why they arent working correctly. I have checked the documentation for this and found it a little lacking? Anyone know where to go from here?
  Last edited by beatepix (2009-07-21 00:38:53)

  Ghost1227 wrote:
  Don't know bmpanel (never liked it myself), but the
  problem with nitrogen is that in order to set wallpaper from the
  commandline you have to include a switch. Chose whichever of the
  following best suits the image in question.
  nitrogen --set-best
  /media/vault/Wallpapers/107320-Tranquility-1680.jpg &
  nitrogen --set-centered
  /media/vault/Wallpapers/107320-Tranquility-1680.jpg &
  nitrogen --set-scaled
  /media/vault/Wallpapers/107320-Tranquility-1680.jpg &
  nitrogen --set-tiled
  /media/vault/Wallpapers/107320-Tranquility-1680.jpg &
  Or, if you rely on nitrogen's GUI wallpaper interface, you can just
  use the following:
  nitrogen --restore &
  This will set the desktop to the last image you selected via the GUI
  interface.
  Then if you want to get fancy, you can add a menu item to your openbox
  menu to launch the nitrogen selector:
  <item label="Wallpaper">
  <action name="Execute">
  <execute>nitrogen ~/wallpaper</execute>
  </action>
  </item>
  Also never used bmpanel, so can't be of help there. Tint2 and pypanel
  both have nice transparency.

• Does using Group Policy Preferences to deploy printers require the print driver to be pre-installed?

  I'm trying to prepare our school system for Windows 7 (we currently use XP).  I would like to use the new Group Policy Preferences method of deploying printers.  I pushed out the XP client side extensions through WSUS.  In my test environment, I added the shared printer in group policy preferences.  My XP machine had the printers show up automatically, but my Windows 7 machine did not.  I realized that I had previously connected a printer of the same type to my XP machine before and the drivers were already installed.  To test this theory, I manually connected the shared printers to the Windows 7 machine, deleted them, then logged off and back on.  Now the printers are showing up from group policy.  My question is does using group policy preferences to deploy printers require the print driver to be pre-installed?  If not, then what am I doing wrong?  If so, is there a way to work around this?  Thanks for your help.
  EDIT:  To clarify, I am using the share method in GPP.  This is the error message I get in the event log:
  The user 'PRINTERNAME' preference item in the 'win7 printer test {946461A1-27F8-406F-A0B3-0A1A05AF34F6}' Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.' This error was suppressed.

  This link have a description of resolution:
  http://technet.microsoft.com/en-us/library/cc725938.aspx
  Open the GPMC.
  Open the GPO where the printer connections are deployed, and navigate to Computer Configuration, Policies, Administrative Templates, Control
  Panel, and thenPrinters.
  Note
  The Point and Print Restrictions setting can also be found under User Configuration\Policies\Administrative Templates\Control Panel\Printers.
  This policy is ignored by Windows 7 and Windows Server 2008 R2, but is enforced by earlier editions of Windows including Windows XP with SP1, Windows Server 2003 with SP1, and Windows Server 2008. We recommend that you change
  this policy setting in both locations so that all down-level clients have a consistent experience.
  Right-click Point and Print Restrictions, and then click Properties.
  Click Enabled.
  Clear the following check boxes:
  Users can only point and print to these servers 
  Users can only point and print to machines in their forest 
  In the When installing drivers for a new connection box, select Do not show warning or elevation prompt.
  Scroll down, and in the When updating drivers for an existing connection box, select Show warning only.
  Click OK.

• How to use Group Policy to remove the shutdown button on the logon screen

  Environment:  Shared use computers running Window 7 Professional and MS office Suite; Windows 2008 Standard server, Windows 7 EC Domain Policy and MS Office 2007 ADML Template downloaded from Microsoft. WIndows 7 Accounts OU.
  I am in the process of developing a shared use computer lockdown policy for several Windows 7 computers that will made available in my client's computer lab.  I need to use a group policy setting to remove the Shut Down button on
  the logon screen of the Windows 7 client computers.  I am editing the Windows 7 EC Domain Policy to user accounts in a Windows 7 Accounts OU that I created.  I am using the Group Policy editor in the Group Policy Management Console.  
  Please let me know the best practice for accomplishing this using Group Policy editor.
  Thanks.
  P.S. I tried a setting recommended in the following link in the Windows 7 EC Domain Policy which did not seem to work.
  http://www.windowsitpro.com/article/group-policy/can-i-use-group-policy-to-display-or-remove-the-shut-down-button-on-the-logon-screen-.aspx

  Hi Vernon,
  I tried the group policy you mentioned (Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Security Options, "Shutdown: Allow system to be shut down without having to log on") and it worked on a Windows 7 client.
  Thus you may need to check if the group policy you created is actually applied to clients.
  A screenshot can be found here:
  http://cid-b7ed40feb32ba29f.office.live.com/self.aspx/.Public/desktop/Capture.JPG

• Lightdm - can not set wallpaper and empty shutdown dialog.

  hello guys!
  i can not set wallpaper in my lightdm-gtk-greeter - screen behind login dialog is still black.
  besides when i click on the shutdown button - where are no options at all!
  here is my lightdm-gtk-greeter.conf and lightdm.conf:
  # logo = Logo file to use, either an image absolute path, or a path relative to the greeter data directory
  # background = Background file to use, either an image path or a color (e.g. #772953)
  # theme-name = GTK+ theme to use
  # icon-theme-name = Icon theme to use
  # font-name = Font to use
  # cursor-name = Cursor theme to use
  # xft-antialias = Whether to antialias Xft fonts (true or false)
  # xft-dpi = Resolution for Xft in dots per inch (e.g. 96)
  # xft-hintstyle = What degree of hinting to use (hintnone, hintslight, hintmedium, or hintfull)
  # xft-rgba = Type of subpixel antialiasing (none, rgb, bgr, vrgb or vbgr)
  # show-language-selector (true or false)
  [greeter]
  logo=/usr/share/icons/hicolor/64x64/devices/archlinux-icon-crystal-64.svg
  background=/usr/share/pixmaps/backgroundlfm.png
  theme-name=Adwaita
  icon-theme-name=mate
  font-name=Sans Regular 11
  cursor-name=Human
  xft-antialias=true
  xft-dpi=96
  xft-hintstyle=slight
  xft-rgba=rgb
  show-language-selector=true
  # General configuration
  # start-default-seat = True to always start one seat if none are defined in the configuration
  # greeter-user = User to run greeter as
  # minimum-display-number = Minimum display number to use for X servers
  # minimum-vt = First VT to run displays on
  # lock-memory = True to prevent memory from being paged to disk
  # user-authority-in-system-dir = True if session authority should be in the system location
  # guest-account-script = Script to be run to setup guest account
  # log-directory = Directory to log information to
  # run-directory = Directory to put running state in
  # cache-directory = Directory to cache to
  # xsessions-directory = Directory to find X sessions
  # remote-sessions-directory = Directory to find remote sessions
  # xgreeters-directory = Directory to find X greeters
  [LightDM]
  #start-default-seat=true
  #greeter-user=lightdm
  #minimum-display-number=0
  #minimum-vt=7
  #lock-memory=true
  #user-authority-in-system-dir=false
  #guest-account-script=guest-account
  #log-directory=/var/log/lightdm
  run-directory=/run/lightdm
  #cache-directory=/var/cache/lightdm
  #xsessions-directory=/usr/share/xsessions
  #remote-sessions-directory=/usr/share/lightdm/remote-sessions
  #xgreeters-directory=/usr/share/xgreeters
  # Seat defaults
  # type = Seat type (xlocal, xremote)
  # xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
  # xserver-layout = Layout to pass to X server
  # xserver-config = Config file to pass to X server
  # xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
  # xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
  # xdmcp-port = XDMCP UDP/IP port to communicate on
  # xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
  # greeter-session = Session to load for greeter
  # greeter-hide-users = True to hide the user list
  # greeter-allow-guest = True if the greeter should show a guest login option
  # greeter-show-manual-login = True if the greeter should offer a manual login option
  # greeter-show-remote-login = True if the greeter should offer a remote login option
  # user-session = Session to load for users
  # allow-guest = True if guest login is allowed
  # guest-session = Session to load for guests (overrides user-session)
  # session-wrapper = Wrapper script to run session with
  # display-setup-script = Script to run when starting a greeter session (runs as root)
  # greeter-setup-script = Script to run when starting a greeter (runs as root)
  # session-setup-script = Script to run when starting a user session (runs as root)
  # session-cleanup-script = Script to run when quitting a user session (runs as root)
  # autologin-guest = True to log in as guest by default
  # autologin-user = User to log in with by default (overrides autologin-guest)
  # autologin-user-timeout = Number of seconds to wait before loading default user
  # autologin-session = Session to load for automatic login (overrides user-session)
  # exit-on-failure = True if the daemon should exit if this seat fails
  [SeatDefaults]
  #type=xlocal
  #xserver-command=X
  #xserver-layout=
  #xserver-config=
  #xserver-allow-tcp=false
  #xdmcp-manager=
  #xdmcp-port=177
  #xdmcp-key=
  greeter-session=lightdm-gtk-greeter
  #greeter-hide-users=false
  #greeter-allow-guest=true
  #greeter-show-manual-login=false
  #greeter-show-remote-login=true
  #user-session=default
  #allow-guest=true
  #guest-session=UNIMPLEMENTED
  session-wrapper=/etc/lightdm/xsession
  #display-setup-script=
  #greeter-setup-script=
  #session-setup-script=
  #session-cleanup-script=
  #autologin-guest=false
  #autologin-user=
  #autologin-user-timeout=0
  #autologin-session=UNIMPLEMENTED
  #pam-service=lightdm-autologin
  #exit-on-failure=false
  # Seat configuration
  # Each seat must start with "Seat:".
  # Uses settings from [SeatDefaults], any of these can be overriden by setting them in this section.
  #[Seat:0]
  # XDMCP Server configuration
  # enabled = True if XDMCP connections should be allowed
  # port = UDP/IP port to listen for connections on
  # key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
  # The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
  # it can be a word and the first 7 characters are used as the key.
  [XDMCPServer]
  #enabled=false
  #port=177
  #key=
  # VNC Server configuration
  # enabled = True if VNC connections should be allowed
  # port = TCP/IP port to listen for connections on
  [VNCServer]
  #enabled=false
  #port=5900
  #width=1024
  #height=768
  #depth=8
  any ideas?
  upd: here is lightdm.log
  [+0.08s] DEBUG: Logging to /var/log/lightdm/lightdm.log
  [+0.12s] DEBUG: Starting Light Display Manager 1.4.0, UID=0 PID=504
  [+0.12s] DEBUG: Loaded configuration from /etc/lightdm/lightdm.conf
  [+0.12s] DEBUG: Using D-Bus name org.freedesktop.DisplayManager
  [+0.58s] DEBUG: Registered seat module xlocal
  [+0.58s] DEBUG: Registered seat module xremote
  [+0.58s] DEBUG: Adding default seat
  [+0.58s] DEBUG: Starting seat
  [+0.58s] DEBUG: Starting new display for greeter
  [+0.58s] DEBUG: Starting local X display
  [+3.88s] DEBUG: Could not run plymouth --ping: Failed to execute child process "plymouth" (No such file or directory)
  [+3.88s] DEBUG: Using VT 7
  [+3.93s] DEBUG: Activating VT 7
  [+3.93s] DEBUG: Logging to /var/log/lightdm/x-0.log
  [+3.95s] DEBUG: Writing X server authority to /run/lightdm/root/:0
  [+3.95s] DEBUG: Launching X Server
  [+3.95s] DEBUG: Launching process 534: /usr/bin/X :0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
  [+3.96s] DEBUG: Waiting for ready signal from X server :0
  [+3.97s] DEBUG: Acquired bus name org.freedesktop.DisplayManager
  [+3.97s] DEBUG: Registering seat with bus path /org/freedesktop/DisplayManager/Seat0
  [+5.56s] DEBUG: Got signal 10 from process 534
  [+5.56s] DEBUG: Got signal from X server :0
  [+5.56s] DEBUG: Connecting to XServer :0
  [+5.58s] DEBUG: Starting greeter
  [+5.58s] DEBUG: Started session 558 with service 'lightdm-greeter', username 'lightdm'
  [+6.15s] DEBUG: Session 558 authentication complete with return value 0: Success
  [+6.15s] DEBUG: Greeter authorized
  [+6.15s] DEBUG: Logging to /var/log/lightdm/x-0-greeter.log
  [+6.18s] DEBUG: Session 558 running command /usr/sbin/lightdm-gtk-greeter
  [+7.77s] DEBUG: Greeter connected version=1.4.0
  [+7.77s] DEBUG: Greeter connected, display is ready
  [+7.77s] DEBUG: New display ready, switching to it
  [+7.77s] DEBUG: Activating VT 7
  [+16.32s] DEBUG: Greeter start authentication for shohart
  [+16.32s] DEBUG: Started session 649 with service 'lightdm', username 'shohart'
  [+16.49s] DEBUG: Session 649 got 1 message(s) from PAM
  [+16.49s] DEBUG: Prompt greeter with 1 message(s)
  [+24.87s] DEBUG: Continue authentication
  [+25.00s] DEBUG: Session 649 authentication complete with return value 0: Success
  [+25.00s] DEBUG: Authenticate result for user shohart: Success
  [+25.01s] DEBUG: User shohart authorized
  [+25.01s] DEBUG: Greeter sets language ru_RU.utf8
  [+25.02s] DEBUG: Greeter requests session mate
  [+25.02s] DEBUG: Using session mate
  [+25.02s] DEBUG: Stopping greeter
  [+25.02s] DEBUG: Session 558: Sending SIGTERM
  [+25.03s] DEBUG: Greeter closed communication channel
  [+25.03s] DEBUG: Session 558 exited with return value 0
  [+25.03s] DEBUG: Greeter quit
  [+25.18s] DEBUG: Dropping privileges to uid 1000
  [+25.18s] DEBUG: Calling setresgid
  [+25.18s] DEBUG: Calling setresuid
  [+25.24s] DEBUG: Restoring privileges
  [+25.24s] DEBUG: Calling setresuid
  [+25.24s] DEBUG: Calling setresgid
  [+25.24s] DEBUG: Dropping privileges to uid 1000
  [+25.24s] DEBUG: Calling setresgid
  [+25.24s] DEBUG: Calling setresuid
  [+25.24s] DEBUG: Writing /home/shohart/.dmrc
  [+25.33s] DEBUG: Restoring privileges
  [+25.33s] DEBUG: Calling setresuid
  [+25.33s] DEBUG: Calling setresgid
  [+25.46s] DEBUG: Starting session mate as user shohart
  [+25.46s] DEBUG: Session 649 running command /etc/lightdm/xsession mate-session
  [+25.51s] DEBUG: Registering session with bus path /org/freedesktop/DisplayManager/Session0
  [+590.03s] DEBUG: Session 649 exited with return value 0
  [+590.03s] DEBUG: User session quit
  [+590.03s] DEBUG: Stopping display
  [+590.03s] DEBUG: Sending signal 15 to process 534
  [+590.89s] DEBUG: Process 534 exited with return value 0
  [+590.89s] DEBUG: X server stopped
  [+590.89s] DEBUG: Removing X server authority /run/lightdm/root/:0
  [+590.89s] DEBUG: Releasing VT 7
  [+590.89s] DEBUG: Display server stopped
  [+590.89s] DEBUG: Display stopped
  [+590.89s] DEBUG: Active display stopped, switching to greeter
  [+590.89s] DEBUG: Switching to greeter
  [+590.89s] DEBUG: Starting new display for greeter
  [+590.89s] DEBUG: Starting local X display
  [+590.89s] DEBUG: Using VT 7
  [+590.89s] DEBUG: Logging to /var/log/lightdm/x-0.log
  [+590.89s] DEBUG: Writing X server authority to /run/lightdm/root/:0
  [+590.89s] DEBUG: Launching X Server
  [+590.89s] DEBUG: Launching process 2172: /usr/bin/X :0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
  [+590.89s] DEBUG: Waiting for ready signal from X server :0
  [+591.33s] DEBUG: Got signal 10 from process 2172
  [+591.33s] DEBUG: Got signal from X server :0
  [+591.33s] DEBUG: Connecting to XServer :0
  [+591.33s] DEBUG: Starting greeter
  [+591.33s] DEBUG: Started session 2177 with service 'lightdm-greeter', username 'lightdm'
  [+591.35s] DEBUG: Session 2177 authentication complete with return value 0: Success
  [+591.35s] DEBUG: Greeter authorized
  [+591.35s] DEBUG: Logging to /var/log/lightdm/x-0-greeter.log
  [+591.35s] DEBUG: Session 2177 running command /usr/sbin/lightdm-gtk-greeter
  [+591.41s] DEBUG: Greeter connected version=1.4.0
  [+591.41s] DEBUG: Greeter connected, display is ready
  [+591.41s] DEBUG: New display ready, switching to it
  [+591.41s] DEBUG: Activating VT 7
  [+591.41s] DEBUG: Stopping greeter display being switched from
  [+591.57s] DEBUG: Greeter start authentication for shohart
  [+591.57s] DEBUG: Started session 2197 with service 'lightdm', username 'shohart'
  [+591.58s] DEBUG: Session 2197 got 1 message(s) from PAM
  [+591.58s] DEBUG: Prompt greeter with 1 message(s)
  [+595.21s] DEBUG: Continue authentication
  [+595.26s] DEBUG: Session 2197 authentication complete with return value 0: Success
  [+595.26s] DEBUG: Authenticate result for user shohart: Success
  [+595.26s] DEBUG: User shohart authorized
  [+595.26s] DEBUG: Greeter sets language ru_RU.utf8
  [+595.27s] DEBUG: Greeter requests session mate
  [+595.27s] DEBUG: Using session mate
  [+595.27s] DEBUG: Stopping greeter
  [+595.27s] DEBUG: Session 2177: Sending SIGTERM
  [+595.27s] DEBUG: Greeter closed communication channel
  [+595.27s] DEBUG: Session 2177 exited with return value 0
  [+595.27s] DEBUG: Greeter quit
  [+595.28s] DEBUG: Dropping privileges to uid 1000
  [+595.28s] DEBUG: Calling setresgid
  [+595.28s] DEBUG: Calling setresuid
  [+595.28s] DEBUG: Restoring privileges
  [+595.28s] DEBUG: Calling setresuid
  [+595.28s] DEBUG: Calling setresgid
  [+595.29s] DEBUG: Dropping privileges to uid 1000
  [+595.29s] DEBUG: Calling setresgid
  [+595.29s] DEBUG: Calling setresuid
  [+595.29s] DEBUG: Writing /home/shohart/.dmrc
  [+595.38s] DEBUG: Restoring privileges
  [+595.38s] DEBUG: Calling setresuid
  [+595.38s] DEBUG: Calling setresgid
  [+595.55s] DEBUG: Starting session mate as user shohart
  [+595.55s] DEBUG: Session 2197 running command /etc/lightdm/xsession mate-session
  [+595.57s] DEBUG: Registering session with bus path /org/freedesktop/DisplayManager/Session1
  it seems that lightdm does not even trying to make background.... wierd.
  Last edited by shohart (2012-11-15 08:08:09)

  I have the same problem...  IDK why I have an empty shutdown dialogue.  I also have a bunch of non user users appear through it's menu.
  It appears the problem has to do with most Arch installs not having consolekit anymore...
  https://bbs.archlinux.org/viewtopic.php?id=151799
  Last edited by akspecs (2012-11-17 23:59:40)

• Assign a local logon script using Group Policy

  Is there a way to assign a local logon script using Group Policy? The reason I ask is that I wrote a logon/logoff script that will record the date/time, user, and computer for everyone who logs on to any machine in the domain. Right now it's set on a domain
  GPO, so it works great for domain accounts, but I'd like to extend that functionality to local accounts as well. The only way I know how to do that would be to set my script to run using the local policy. Since I don't want to manually go around to all 400+
  machines in my domain, I would rather find a simpler way of modifying the local policy. Any ideas?

  Martin, thank you for your response. That's exactly the kind of out-of-the-box answer I was looking for, unfortunately, it looks like I can only do that for Logon scripts. I don't see an option for Logoff. (Maybe the took the Logoff functionality out?
  This article says there should be a Logoff item in the GPO, but they're talking about Windows 2000 in that article.)
  Matthias, I started playing around with what you said, and I noticed that the "Scripts" key only seems to show up on my Windows 7 clients. The XP workstations don't have that key. Plus I did some testing, and I think I can do it without having
  to mess with the registry at all.
  So I think I have a workable solution at the moment. I found
  this article that talks about copying Local Polices from one computer to another. I tried manually setting the Logon/Logoff scripts in the Local policy on a fresh machine. From that reference computer I copied the Scripts folder out of the %SYSTEMROOT%\System32\GroupPolicy\User
  directory. It also created a gpt.ini file in the %SYSTEMROOT%\System32\GroupPolicy directory. The gpt.ini file contained an attribute called gPCUserExtensionNames, and one called Version. The gPCUserExtensionNames attribute specified two GUIDs, which
  I assumed to be the GUIDs that identify the Local Policy. I tried manually creating the Local policy on several different machines, with several different Operating Systems, and those GUIDs always seemed to be the same (not sure why). So I copied the gpt.ini
  file off the reference machine as well. When I placed all of the files I copied from the reference machine on to a new machine, everything seemed to work just fine (no registry modification necessary), with one caveat. It seemed to be running the script twice.
  So I went back into the gpt.ini file and deleted one of the GUIDs listed under gPCUserExtensionNames, and now the script runs just once!
  So I think this solution will work ok for me. We don't have any other Local Policies in place, so demolishing all existing Local Policies is perfectly acceptable in my case. I'm just not sure if I'm doing any damage by copying the gpt.ini file from a reference
  machine (if anyone can expand on how that works, I would appreciate the peace of mind that I'm not making things worse by doing this). So all I need now is to write a Startup script, or an SCCM package to deliver the Logon scripts and associated ini files
  to the appropriate location on all the domain PCs. Easy enough to do on my own. If anyone knows of a reason why this method is a bad idea, please post here. I'll be testing it out on a handful of PCs in the mean time.
  Hi Guys,
  Will this solution work for my case? I have a forcereboot batch script that I need to load on the local policy (logoff script through GPEDIT) however I can only load it manually. I need to do it on multiple machines (approx 5000 computers). I am having
  trouble doing it using powershell. Is there any other options to do it? 
  Will I have to use the same GUID's you mentioned on the gpt.ini file? (gPCUserExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}] since it refers to the local script and how about the version on the gpt.ini file?
  Thanks in advance.
  Dash
  https://social.technet.microsoft.com/Forums/en-US/1f636042-bcff-498d-93c0-e1aa89f80961/how-to-load-a-script-on-the-local-group-policy-on-multiple-computers?forum=mdopagpm

• Can I enable "Use default gateway on remote network" on VPN connection using Group Policy?

  Hi,
  First timer here so please bear with me!
  Environment: Domain Windows 2003, Clients: Windows 7 and Windows XP (with Client Side Extensions pushed out)
  When creating a VPN connection on a client machine manually with default settings the "Use default gateway on remote network" found in [Connection Properties - Networking - IPv4 - Advanced] is enabled, which is good as we don't allow split-tunneling.
  I have a test GPO that creates a new VPN Connection [Computer Config - Preferences - Control Panel - Network Options], but the above setting is unticked.
  Am I missing something on the options for the GP preference to set this automtically?
  I can write a script to directly change the C:\Users\All Users\Microsoft\Network\Connections\Pbk\rasphone.pbk file but would prefer if I could sort it all out using Group Policy.
  Any help would be greatly appreciated!
  Thanks a lot!
  David

  Shane,
  There is actually a way to set the "Use default gateway on remote network" through Group Policy Preferences. And this may even be a better way to do it, because you may change this flag without touching any other settings, or other VPN connections.
  (All VPN connections are stored in the same .pbk file.)
  Here's the trick: Opening the .pbk file in notepad, I realized that this is actually an oldstyle ini-structured file. And Group Policy Preferences can update ini files! In the .pbk file the section names are the VPN connections names, like [My VPN],
  and the property IpPrioritizeRemote is the flag "Use default gateway on remote network".
  So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
  Create a new object with Action = Update, and File Path =
  C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
  (If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
  Section Name should be the display name of your VPN connection, without the brackets.
  Property Name = IpPrioritizeRemote
  Property Value = 1
  Peter, www.skov.com, Denmark
  Peter :-)
  This is great, but just one question. I also want to append a list of DNS Sufixes in order (when viewing a VPN properties, this is buried in
  "Networking --> IPv4/6 --> Advanced --> DNS --> Append these DNS Suffixes (in order)". However, for the VPNs I have manually created with this list populated, I can't see any entries in the rasphone.pbk. Does anyone know
  where these are stored?
  Cheers.