Change Windows settings via script - windows

I wanted to setup a computer with a variety of settings which I basicly have to do over and over and over again everytime a new user joins our company or changes the computer and I wanted to know if there was a possible way to configure those with a script like I already did with an information colletor script (batch file) and which now works perfectly fine thanks to this webside.
So since I know that here are some really awesome IT Guys with way more experience then me I would love to so something automatic as the next step to save loads of time by simply running a script to configure things like setting up the screensaver, InternetOptions, removing Apps/Softwarelinks in the Start Menu or perhaps even adding links to the bookmark list in firefox or chrome so the user can just start to work and I got loads of time for other important things.
For now it would already be a help to setup a script for Windows 7 but I think we will move more and more to windows 10 so would it be possible to write something to use on both systems without any big changes?

... configure things like setting up the screensaver, InternetOptions,
removing Apps/Softwarelinks in the Start Menu or perhaps even adding
links to the bookmark list in firefox or chrome so the user can just
start to work and I got loads of time for other important things.
Everything you ask about can be configured in a centralized fashion via Active Directory Group Policy. Check the Group Policy Survival Guide page to get started designing the policy for your organization and users.
Group Policy can be defined using PowerShell and via Group Policy Management Console which is GUI-based.
Note that the above will only work if you are in Active Directory domain. If you are not, you still can use Local Group Policy, but you will have to run a script on every user's computer. I am not sure whether there are native PowerShell cmdlets to manage Local Group Policy, but AFAIK you can do that via Windows Registry or using special tools.

Related

Sysprep Windows 10 LTSC 2021

We are building system controlled by computer running windows 10 ltsc 2021. It is kind of a kiosk system. There is an account, lets call it user1 with local admin rights that will autologon with no password. It also requires quite a few user account customizations.
In the previous version of windows 10 ltsc, i used a baseline windows installation, created the account to be used in kiosk mode and performed all customizations. I used sysprep with unattended file that had CopyProfile set to TRUE, then boot WinPE and use dism to capture image for distribution to new systems.
It worked well until the file associations were reset after imaging, I could work around this issue by deleting certain registry elements before running sysprep (it could be also done offline on captured image).
Then we started building systems based on win 10 ltsc 2021. Immediately started to have different issue. After applying image, all items in Windows security area were not clickable. I could not click for example on Virus and threat protection to setup some virus scans. Recreating user account would fix that (have to create secondary account, delete user1 and create new user1). However the recreated user account would not have all customizations we need.
I started experimenting with CopyProfile set to false. I go to audit mode right before creating user in original windows installation. I install updates, some extra apps we need and also make some non user account specific customizations. The idea is to create final kiosk user account by unattended file passed to sysprep. And here is where I have number of challenges. I create user account user1 in oobeSystem pass. I setup autologon. So far this will work. On first boot it will autologon and go thru the whole first user creation experience. What I need it to do is to have customized user account settings.
Is there a way to provide that via some unattended process? I also need to run one time powershell script on first boot, that performs additional system setups and customizations. Quick test to create FirstLogonCommand in oobeSystem with that should create new folder and simple text file shows that it fails to run. Maybe it runs the command before the user account/session is fully functional, I do not know. The goal is to be able to run specialized powershell script once in context of the user1 account.
Any thoughts?
There's currently a bug with sysprep and Windows 10 LTSC 2021.
After running sysprep, Windows security breaks for all existing users at the time sysprep was run. It works correctly for new users, including the one created on the OOEB account screen. Only the UI becomes inaccessible for existing users, while features seem to work correctly.
To fix it, you can run the following command in PowerShell as admin:
Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage
-DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}
It might show some errors, but it will work. This resets the security app which will fix the UI not showing.
Unfortunately, I don't know how to stop this from happening in the first place.

UIPath Automation: Is it possible to perform click and UI interactions in cloud server in UI Path?

So I have created an xaml flow which clicks browser buttons downloads files and then does some basic operations. I setup a windows server and connected remotely to it and when I debug my process automation while staying on the screen it works smoothly, problem is that I can't keep my pc on forever so when I just minimize the file even though my system remains up and running:
The UI Path process kills as the button press times out. I was just curious to know if it's compulsory to keep screen up for the ui based process automation to run through or is there a way to initiate the process and then close the screen and let the system do its job?
This is the eror I get which is like first UI interaction:
Here are the steps I have performed:
Created an unattended robot with machine as the remote instance name.
Created an environment and connected with the robot created in step 1.
Setup UIPath Assistant using machine key and URL.
Published the files and then created the process in cloud console.
Ran it from cloud console.
The process faults at its first UI interaction. Even though it was running in unattended robot form.
Thanks in advance.
AFAIK this is intended by the licensing model of UiPath. So to solve the issue you need a license for the VM of your RDP connection that allows the unattended usage.
Another idea could be to start the process in the PIP (picture-in-picture) mode. But I have never tested that, so this might also not work.
But maybe you already have a license like that and could test that out.
These are our types:
Solution for UiPath Studio 20.4 or higher
For my Use Case Picture in Picture mode worked correctly. Thanks #kwoxer for the suggestions, though his answer was enough but I am adding it up here for those who may need future reference.
So If you're facing issues with automating user interactions in dynamic JavaScript Website over a cloud server that loads on demand (When you minimize or close your remote session, the process times out as it's not able to find the UI component), here are the simple steps to follow:
Goto Debug options on top and select picture in picture as shown below:
This basically lets the bot start the system from another node. Now when you run the system and even close the remote connection, the automation process including all sorts of UI interaction will work like charm. Please let me know in case someone faces the issues with the same. Would love to help!

Manually update an windows app in kiosk mode doesn´t work

Manually triggering update of an app when running windows in assigned access (Kiosk mode) doesn´t work.
I have read others facing the same issue and it feels like there is a bug in windows Kiosk mode. But maybe there is some reason for this behaviour?
I have an app that I sideload using an appinstaller file (my app consist of both a uwp part and a consol part linked with a bridge connection). The app works well in Kiosk mode besides the update part. If I enable automatic updates and link to a specific folder on my computer the automatic updates will work and update my app from the specific folder. However this way to update requires two restarts before it is automatically updated. I want to be able to manually trigger the update from within the app itself somehow and have it updated instantly.
I have tried to update using packagemanager using the function below. This works well in desktop but will always freeze in bluscreen with progressring if I run it in an account in Kiosk mode (assigned access).
PackageManager pm = new PackageManager();
pm.AddPackageByAppInstallerFileAsync(new Uri("C:\\myLocalPath"), AddPackageByAppInstallerOptions.ForceTargetAppShutdown, pm.FindPackageVolume("C:\\"));
I have also tried to restart the app using the command below in order to trigger the automatic update without the need to restart the entire computer. This also works well in desktop but will freeze in bluscreen if I am in a Kiosk account.
AppRestartFailureReason result = await CoreApplication.RequestRestartAsync("Restart");
Restarting the entire computer two times and enabling automatic updates will update the app without problems. Why is it not possible to use one of the methods above? Is this a bug in windows kiosk mode or is this really intended??
The same issue is also reported here:
problem-when-restart-app-on-kiosk-mode-windows-10
and here:
intune-kiosk-blue-screen-spinner-after-uwp-app-res
See my answer to how I made this work here:
The same problem described on microsoft docs
I don´t feel very confident with the whole assigned access and package installation concept. It works at the moment for me but my feeling is that it is not very stable. Many different ways of creating almost the same thing. The problem is that there are differences between the results depending on how you get there. For instance two assigne access accounts don´t behave the same if you created them differently. Also adding and removing both apps and accounts leaves trash that you don´t see but can cause problems.At least this is my feeling.

Running a "rundll32.exe" process at Win7 Logon, Lock, & Switch User screens?

Before I start, another post for something similar to this request for help is located at Running a process at the Windows 7 Welcome Screen, but the responses were not quite what I believe I am looking for, and the post is over a year old so I thought it best to start a new thread for my needs.
In Windows 7 Ultimate, I am trying to create a script or task scheduler event that will run a Windows "rundll32.exe" process with arguments at the logon, lock, and switch user screens (basically any screen that is waiting for user to log into the machine).
I have tried using the startup script controls in group policy editor as well as creating a task scheduler event, but so far I am unable to get the process to display on the logon screens.
The command line I am using does work while logged into any account at any user level via the "Run.." dialog as well as via CMD prompt, and is only creating a popup that already exists in the Windows OEM Environment.
The hardest part is this: My friend just bought a new laptop. The new laptop came with this specific feature already enabled, but I have no idea what is making it happen and do not have access to the computer to check out gpedit.msc and task scheduler for possible solutions.
There are two reasons why I need this info: 1) I want the feature to work on my own laptop, and 2) my friend would like help disabling it on his as he doesn't like it.
I have been all over Google, posted at Microsoft Answers, and also posted on the laptop manufacturer's user forums. I have found very few pages that refer to the same question as I have, but none have answers that work, and since I have seen and know that this is possible, I am compelled to continue looking.
The laptop that this is currently working on was purchased with a fresh install of Win 7 Ultimate and no manufacturer bloatware/additional software added, so we know that the feature was made to happen by whomever it was that installed the OS and configured it for sale. Therefore I am certain it is just a matter of the right task or script in Windows itself before I see the results I need and then know how to direct my friend to disable his via phone.
The specific call is "rundll32.exe van.dll,RunVAN". In task scheduler I have set this to run as "SYSTEM" and set the triggers for startup, workstation lock, and local disconnect. I have tried using full path to rundll32.exe as well as the bare command. In gpedit startup scripts I have tried full path and bare command. Neither of which for either case is making this popup show on the logon screens.
Any and all help and/or advice on this would be greatly appreciated by both myself and my friend.
dynamic display of images for the credential provider

Running GUI application in the Windows service mode

I'm writing a server running as a Windows service that by request invokes Firefox to generate a pdf snapshot of a webpage.
I know it is a bad idea to run a GUI program in service mode, but the server nature of my program restricts from running it in the user mode. Running a user-level 'proxy' also is not an option, since there might be no interactive user logged-in on the machine with the server running.
In my experiments Firefox successfully produced pdf when the service was running under a user account that was already logged-in. Obviously it didn't work in other cases: for Local System and user accounts that weren't logged-in. Under LocalSystem with 'Allow service to interact with desktop' option enabled I could see the Firefox started that reports that it's unable to find a printer.
Since it wouldn't be practical to require an opened user session for the pdf server to run, is there any workaround for this except running the whole thing from a virtual machine?
UPDATE: I figured that the problem wasn't really with account permissions, but with an invisible modal dialog that FF was waiting on while running in the service mode.
However it's still unable to create a pdf when FF is running under the LocalSystem account. FF says it can't find a printer and I'm wondering if this is a permission that could be somehow enabled?
You might want to try a different approach where you'd include some .NET PDF library (PDFsharp is a good, open source, choice) in your project and than use that in conjuction with WebBrowser control you'd also include in your project to render the PDF.
Don't forget to use STAThread attribute if you try this.
I've been through a similar conundrum with the MS Word running unattended. What you need to do is to login as the user you set up to be used to run firefox process and go through the process of setting up printers.
It is possible that just logging in as that user will be enough - there is some stuff performed during the first logon.
I apologize I was not clear enough - I mean you have to logon interactively using that account, configure the default printer, logout, and then run your service
Can you run the program as a Scheduled Task instead? The task can be assigned to a given user account which should work around the service limitations.
A couple of year ago I had a related issue: Shared Network Printer on pseudo-device starting up Ghostscript for PS->PCL translation and printing to real printer. The print-spooler service ran as Local System and the pseudo-device driver hat troubles executing Ghostscript from the service-mode. I was able to solve the problem by copying a couple of registry keys from the HKCU-hive to HKLM.

Resources