Last week I received a request from one of my customers that wanted to publish the same screensaver on all the Windows 7 user machines in their environment.
A powerpoint presentation was sent over containing two images that should be displayed on the screensaver and I was asked to test and implement it asap(ofcourse). So I got started immediately, first looking for software that could convert .pptx or image files to a .scr file. Stumbling upon Ace Pro ScreenSaver Creator, I downloaded it, installed it with 3 or 4 clicks and managed to create a custom .scr in just a few seconds.It was a beautiful screensaver, with custom transition effects and you could even add background music to it so I was happy thinking that the customer will surely be impressed.;
I tested it on my machine, where I created it in the first place, and it worked beautifully.So I copied it over to the customer's environment and created a new GPO.Under User Configuration > Administrative Templates > Control Panel > Personalization I used the following settings:
On the same GPO you will the need to apply the following settings in User Configuration > Administrative Templates > Control Panel > Personalization:
If you found better/easier ways to do this please drop a comment.I'm going out for a well deserved pint after I've been struggling to finish this article all week!
A powerpoint presentation was sent over containing two images that should be displayed on the screensaver and I was asked to test and implement it asap(ofcourse). So I got started immediately, first looking for software that could convert .pptx or image files to a .scr file. Stumbling upon Ace Pro ScreenSaver Creator, I downloaded it, installed it with 3 or 4 clicks and managed to create a custom .scr in just a few seconds.It was a beautiful screensaver, with custom transition effects and you could even add background music to it so I was happy thinking that the customer will surely be impressed.;
I tested it on my machine, where I created it in the first place, and it worked beautifully.So I copied it over to the customer's environment and created a new GPO.Under User Configuration > Administrative Templates > Control Panel > Personalization I used the following settings:
Policy | Setting | Option |
Enable Screen Saver | Enabled | |
Force Specific Screen Saver | Enabled | moneyscreen.scr |
Password Protect Screen Saver | Enabled | |
Screen Saver timeout | Enabled | Time set in seconds (120) |
That should do it, right? Well, it didn't work. When I asked one of the users to test she could only see this:
Some more research revealed that custom screensaver creators are actually crap when it comes to creating screensavers for a corporate environment and the only thing that can be used safely is Windows 7's default Photoscreensaver.scr.By default Photoscreensaver.scr uses C:\Users\Public\Pictures\Sample Pictures for it's slideshow.This is done through the EncryptedPIDL key inside HKEY_CURRENT_USER\Software\Microsoft\Windows Photo Viewer\Slideshow\Screensaver which looks like this:
That string, which specifies the path to the pictures folder C:\Users\Public\Pictures\Sample Pictures is encoded in Base64, without headers.You can modify the screensaver settings on a Windows 7 machine and export the key once you've set the proper path to the pictures folder.But that's too easy and boring.
There is a Windows API that encrypt binary arrays (the PIDL) to Base64 - CryptBinarytoString
There is a Windows API that encrypt binary arrays (the PIDL) to Base64 - CryptBinarytoString
Our problem is the inverse for which we can use the CryptStringToBinary API.I found this nice powershell script that does that.We just need to export the Screensaver key and replace the EncryptedPIDL Data with the value returned by the script.In the below example I've set the path value to the following: $MyPath = "\\w2008dc\screen\slides" which is where I've stored my files.
All you need to do next is push out the modified EncryptedPIDL through GPO.For this to happen the best way is to create a new policy and apply it to the users OU.You can filter it out to apply to only a certain group of users and the copy it to other GPOs, modify the pictures path in the screensaver registry settings in case you want to display certain screensavers to certain usergroups.
Edit the newly created policy by going to User Configuration -> Preferences -> Windows Settings -> Registry and adding the key as follows:
Key path is going to be Software\Microsoft\Windows Photo Viewer\Slideshow\Screensaver under the HKCU hive:
All you need to do next is push out the modified EncryptedPIDL through GPO.For this to happen the best way is to create a new policy and apply it to the users OU.You can filter it out to apply to only a certain group of users and the copy it to other GPOs, modify the pictures path in the screensaver registry settings in case you want to display certain screensavers to certain usergroups.
Edit the newly created policy by going to User Configuration -> Preferences -> Windows Settings -> Registry and adding the key as follows:
Key path is going to be Software\Microsoft\Windows Photo Viewer\Slideshow\Screensaver under the HKCU hive:
On the same GPO you will the need to apply the following settings in User Configuration > Administrative Templates > Control Panel > Personalization:
Policy | Setting | Option |
Enable Screen Saver | Enabled | |
Force Specific Screen Saver | Enabled | Photoscreensaver.scr |
Password Protect Screen Saver | Enabled | |
Screen Saver timeout | Enabled | Time set in seconds (any time you choose) |
If you found better/easier ways to do this please drop a comment.I'm going out for a well deserved pint after I've been struggling to finish this article all week!