Create a lock screen slideshow with more than one picture without GPO (because there’s none) Update: Wallpapers!

Last updated: February 18, 2020 at 20:58 pm

UPDATE February 2020: Updated this article to blocks. Redone code highlights
UPDATE July 2019: I currently need to replicate this with wallpapers on 1903. Since it has been a while since I updated this article: Yes, this still works! It also works for wallpapers.

There, this time I sat down to actually wrote a script that does most of it for you – however this is for wallpapers right now. With the rest of the article below you could also adapt this code to work for lock screen. The script is not yet adjusted to account for WinPE where you’d need to load the Default Users registry hive. SOME preparations have been done and I might correct these at some point.  (^∀^●)ノシ

<#
.SYNOPSIS
SetWallPaper.ps1 - This script sets the background option to "Slideshow" with a predefinied folder without user intervention.
.DESCRIPTION
This script does not use any of the official API and must therefore be considered NOT SUPPORTED.
However, this script mimics all necessary steps, that SystemSettings.exe and Explorer.exe would do, to achieve the same
BONUS:
- Script allows you to freely choose the interval instead of fixed intervals
.PARAMETER Shuffle
Define if you want the wallpapers to be handled in order (by which Microsoft means:  1, 1a, 1b, 3, 4, 10, 22, 100, 111, a1, b2...)
.PARAMETER IntervalMiliseconds
Interval to change pictures, can be any number of miliseconds
!!Attention!! The user will overwrite that value as soon as he so much as clicks the number in the settings
.PARAMETER TargetPIDL
You have to extract that Value from a machine that has been set up correctly. The value can be found here: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers 
.NOTES 
    1.0 22.07.2019 14:51 (GMT+1)
    Initial Version, added parameters and documentation 
    manima.de/2016/09/create-a-lock-screen-slideshow-with-more-than-one-picture-without-gpo-because-theres-none/
#>
# Configure CurrentUser Sourcefolder, Slideshow (BackgroundType = 2) and inform that the directory has been set
param (
[switch]$Shuffle,
[string]$IntervalMiliseconds = "10000",
[string]$TargetPIDL = "eEAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAw7AEDAAAAAAYvTulEEAcVQMxEUB5XMAAARAkAAEAw7+avTb4i9O5WSuAAAAYCtCAAAAoAAAAAAAAAAAAAAAAAAAAwKEeSA3BQYAwGAsBAcAEGAwBQZAIHAAAAGAMJAAAwJA8uvFCAAAEzUQN1td66/Nyx/DFIjECkOjOXLpBAAAQGAAAAAfAAAAwCAAAwdAkGAuBAZA8GA3BwcA4CApBQbA0GAlBgcAMHApBgdAUGAjBwbA4GA0BgcA8GAsBAcAEGAuBQZAwGAfBwYAcHA1AgbAEDAoBgMAQHA4BQeAUGA3BQeAAAAAAAAAAAAAAAGAAAA"
)
#To make the script run in ISE
if ($psISE.CurrentFile.FullPath.Length -ge 1){
    Set-Location $psISE.CurrentFile.FullPath
}
#Set-Location -Path "$Sourcefolder"
#Define vars
$UserProfile = @{"SID" = "";"UserHive" = ""}
try {
    $tsenv = New-Object -ComObject Micrsoft.SMS.TSEnvironment
        if ($tsenv.value("_SMSTSInWinPE") -eq $true){
            $UserProfile.UserHive = "C:\Users\Default\NTUSER.DAT"
            $UserProfile.SID = ".DEFAULT"
        }
}
catch {
    Write-Output "Not in TaskSequence"
    Add-Type -AssemblyName System.DirectoryServices.AccountManagement
    $UserProfile.UserHive = $env:USERPROFILE + "\NTUSER.DAT"
    $UserProfile.SID = ([System.DirectoryServices.AccountManagement.UserPrincipal]::Current).Sid.value
}
if ($Shuffle){
    $ShuffleValue = 1
}
else{
    $ShuffleValue = 0
}
#Create FolderVar
$EncrytpedPath = $TargetPIDL

New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers -Name SlideshowDirectoryPath1 -PropertyType ExpandString -Value $EncrytpedPath –Force | Out-Null
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers -Name BackgroundType -PropertyType DWord -Value 2 –Force | Out-Null
New-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers -Name SlideshowSourceDirectoriesSet -PropertyType DWord -Value 1 –Force | Out-Null

New-ItemProperty -Path "HKCU:\Control Panel\Personalization\Desktop Slideshow" -Name Shuffle -PropertyType DWord -Value $ShuffleValue –Force | Out-Null
New-ItemProperty -Path "HKCU:\Control Panel\Personalization\Desktop Slideshow" -Name Interval -PropertyType DWord -Value $IntervalMiliseconds –Force | Out-Null

if (Test-Path .\slideshow.ini){
    Remove-Item -Path .\slideshow.ini -Force
}
Set-Content .\slideshow.ini -Value "[Slideshow]"
Add-Content .\slideshow.ini -Value "ImagesRootPIDL=$EncrytpedPath"
Copy-Item .\slideshow.ini -Destination ($env:APPDATA+"\Microsoft\Windows\Themes\") -Force


New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name WallPaper -PropertyType String -Value "%APPDATA%\Microsoft\Windows\Themes\TranscodedWallpaper" –Force | Out-Null
New-ItemProperty -Path "HKCU:\Control Panel\Desktop" -Name Interval -PropertyType DWord -Value "0xffffffff" –Force | Out-Null

Stop-Process -Name explorer -Force
Start-Process explorer.exe

Original Article: I was tinkering with Windows 10 GPOs and had some free time to try and achieve some more than what the customer asked me to do. As we know there actually is a policy that’s controlling the lock screen called “Force a specific default lock screen image” – you can find it in Computer Configuration > Policies > Administrative Templates > Control Panel > Personalization. Sooo, wait. There’s no way to choose what mode I want my lock screen to be?

DISCLAIMER: This is provided as is! Microsoft will (most likely -I didn’t ask them) not support any of the procedures I’m about the explain. In fact I don’t recommend you using this in a productive environment ever

THIS INSTRUCTION IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS INSTRUCTION INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS INSTRUCTION. – You have been warned.

I mean, you have those great options like… um.. yeah right. Slideshow! Imagine showing off multiple pictures from your marketing department before your screen goes into sleep (because I know you have those settings as well). That’d make really good advertisement and gives off a nice vibe of corporate design and in some cases corporate identity as well. Unfortunately you have no option of selecting this easily via GPO, there isn’t one last time I checked.

So, what to do?

EDIT: Please backup your Registry before changing anything described in this post. Even after you’ve backed your Registry, please don’t try this on a productive environment

If you guessed: Digging into the registry you’re… well right. Procmon, Windows 10 ver. 1607 and some experiments later I found the following keys that control the behavior of this window:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowDirectoryPath2 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\RotatingLockScreenOverlayEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\RotatingLockScreenEnabled

So what does each key do?

  • Lock Screen\SlideshowEnabled: Selects the “Slideshow” option from the screenshot (notice: It only selects this)
  • Lock Screen\SlideshowDirectoryPath2: Sets another path the look for pictures besides default “My Pictures” folder
  • ContentDeliveryManager\RotatingLockScreenOverlayEnabled: This one was tricky to find. It controls the “Get fun facts, tips, tricks, and more on your lock screen” option if you select Slideshow as option.
  • ContentDeliveryManager\RotatingLockScreenEnabled: So why do we need this? We could enable Slideshow and be done with it, right? Well while that’s true it looks just stupid if a user ever finds his way into those options (see next screenshot).

So, we’re good right? Setting a few keys with a policy, copy the files over to the local machine (because you don’t want direct UNC paths for pictures like this – trust me) define the folder in SlideshowDirectoryPath2 or SlideshowDirectoryPath1 and bam! Slideshows for everyone. WRONG!

Microsoft was really clever on this one. I think because a lot of registry entries actually get send to Microsoft with telemetry, diagnostics or error reporting (choose your poison) they actually wanted to protect the privacy of customers here. For our cause one of the registry keys is a little… well difficult to handle: SlideshowDirectoryPath is not only encrypted its also base64, well slightly at least. I found out after google-ing a little that the method used for the encryption – or obfuscation, not really sure – is called “PIDL” or “pointer to an item identifier list”. A key would look like this:

2AAFA8BVlgkHDQ5eD3UsxkuR0yUjVDCAAAgGA4+u+PCAAABAf6KkpuDoA6El8mpEXDVQEAAAAAA which should be “%USERPROFILE%\Pictures”

It was very easy to find a script to encode what I needed here – but I was just lazy t.b.h. So I kept looking and found this and “Henrique HZBR” is the winner here. I can just copy the key from a machine that is configured properly and copy that key if I tell the registry to use REG_EXPAND_SZ instead of REG_SZ.

As an example, this is what C:\temp looks like: QEAFA8BUg/E0gouOpBhoYjAArADMdmBAvMkOcBAAAAAAAAAAAAAAAAAAAAAAAAQ4AEDAAAAAAkYS6nKEAQXZtBHAAoDAJAABA8uvJmU+pmYS6nqLAAAA1zUAAAAAhAAAAAAAAAAAAAAAAAAAAkfQpDAdAUGAtBAcAAAAUAwkAAAAnAw7+WIAAAQMTB1U32pr/3IH/PUgMSIQ6M6ctkGAAAAZAAAAA8BAAAALAAAA3BQaA4GAkBwbAcHAzBgLAkGAtBQbAUGAyBwcAkGA2BQZAMGAvBgbAQHAyBwbAwGAwBQYA4GAlBAbA8FAjBwdAUDAuBQMAgGAyAAdAgHA5BQZAcHA5BAAAAAAAAAAAAAAUAAAAA

TL;DR: So what do I need to do in the end?

  • Copy the pictures with a GPO, SCCM Packet or whatever you have available to the machine into the directory you want to use later. I used C:\temp for testing
  • Set a Windows machine with the desired config (see also BONUS below)
  • Copy the registry values as you need them
  • Add them under User Configuration\Preferences\Registry – don’t forget to choose REG_EXPAND_SZ for the SlideshowDirectoryPath
  • Roll the policy out to your users
  • Profit

I hope you liked what I found and I keep praying to Microsoft that they make this available in the near [as this article is well over 2 years old now…] future as an option I can configure. Not one that I need to hack around to get what I want.

EDIT2: Entries are shifted if more paths are added. So be careful if you have some kind of baseline checking the registry value. The latest entry will always be SlideshowDirectoryPath1. The entry before that will become SlideshowDirectoryPath2 and so on. You can still overwrite SlideshowDirectoryPath1, but that will overwrite the last entry that was added. Fun fact: You can have SlideshowDirectoryPath9 – however two digit numbers are not allowed. So maybe use SlideshowDirectoryPath9 if you love your users and want to give them 8 potential folders to add! Fun fact 2: If a user deletes an entry the other entries will keep the number.

BONUS: The options under “advanced” are controlled as follows:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowIncludeCameraRoll controls “Include Camera Roll folders from this PC and OneDrive”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowOptimizePhotoSelection “Only use pictures that fit my screen”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowAutoLock “When my PC is inactive, show lock screen instead of turning off”
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen\SlideshowDuration “Turn off screen after slideshow has played for” (30 Minutes would be 1800000, but you can set 15 Minutes as well (even though it doesn’t show in the GUI)

BONUS 2: SCCM script to use while deploying (this is just the basic 4 settings without the “advanced” options)

reg ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen" /v "SlideshowDirectoryPath2" /t REG_EXPAND_SZ /d "INSERT_COPIED_PIDL_HERE" /f
reg ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Lock Screen" /v "SlideshowEnabled" /t REG_DWORD /d "00000001" /f
reg ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenOverlayEnabled" /t REG_DWORD /d "00000000" /f
reg ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v "RotatingLockScreenEnabled" /t REG_DWORD /d "00000000" /f