I tend to set many of my SCCM packages to run when no user is logged on.  For example, I don’t want to be trying to update a piece of software if a user might already have the old version open.

Sometimes though, such a package takes some time to run and there’s a chance the user might log in mid-way.  This might not necessarily be a problem – but could be if your package ends by triggering a reboot.  I recently blogged about installing IE11.  There, eight pre-requisite updates had to be installed followed by a reboot before IE11 itself was installed.  That’s quite a time window where a user might log in.  One way around this is to schedule the package for out-of-hours but then if the user doesn’t leave it logged off overnight for a while, any subsequently-advertised packages are held up, waiting for the scheduled one to be run first.

What would be nice, is to be able to display a message to the user to tell them not to log in whilst the install is in progress.  It is possible to change the logon/lock screen background but if this is done via a script while no one is logged in, it won’t visibly take effect until after a reboot.


To do this, make a suitably-sized image no more than 256KB in size and save it as c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg (making any missing folders as required).  Then to make this take effect you need to set a registry value called OEMBackground with a value of 1 within key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background

For my IE11 installer, the first package to run merely sets the above background and then reboots.  With the background now changed, part two then installs the 8 pre-requisites and reboots.  Part three then does the IEAK-derived install and reboots.  Finally, part four does the RunOnce stuff, applies a cumulative update, removes the above wallpaper and reboots once more!  Total runtime of 15 mins with the warning on-screen throughout.  Anyone who logs in during that time despite the warnings is deserving of any subsequent pain!

Here’s the simple code inside the first package to set the background:

reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 1 /f >nul
if not exist c:\Windows\System32\oobe\info\backgrounds mkdir c:\Windows\System32\oobe\info\backgrounds
if exist c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg ren c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg backgroundDefault.bak
copy /Y backgroundDefault.jpg c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg >nul

and here’s the code in the last one to remove it again:

reg.exe add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background /v OEMBackground /t REG_DWORD /d 0 /f >nul
del /F c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg >nul
if exist c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.bak ren c:\Windows\System32\oobe\info\backgrounds\backgroundDefault.bak backgroundDefault.jpg

I leave it to SCCM to handle all the rebooting.  You’ll see I’ve coded it to preserve any file already in there, though as far as the registry is concerned, I’m assuming a custom screen isn’t being used.  Also, this hasn’t been written for use with a 64-bit OS where I’d have to work around a 32-bit SCCM 2007 Client process needing access to 64-bit System32 etc.

After initial testing, I found that even users within the IT Department were logging in despite the on-screen message!  They either didn’t read it fully, or just plain ignored it.  I’ve now switched to an ugly in-your-face vivid red screen with a big white font.  Now we’ll probably have people think they’re infected with malware instead…