Monday 23 March 2009

SBS 2003/8 - Publish BGInfo via Group Policy

BGInfo, or BackGround Information, is a utility that we use both inside our own network, in our lab environments, and anywhere else a quick system configuration glance is required.

For those uses where the utility is to run on all systems, we configure a BGI file using the BGInfo application.

Besides the default information the users will see on the screen, we set the following in the program itself:

  • Set the location for the BMP file to the user’s Temp folder to avoid permissions issues (under the Bitmap menu item).09-03-23 BGInfo - BMP Location
  • Position is set to the top right corner with an 8” limit.
  • Multiple monitor setting is to publish to all monitors.
  • We enable all logon types to receive the background.09-03-23 BGInfo - Desktops Setting
  • The information we have displayed is in the following screenshot.

09-03-23 BGInfo - Info Settings

BGInfo Settings

Now, once we have created and saved the BGI file, we need to publish them.

On SBS 2003, we put a copy of BGInfo.exe and BGInfo.BGI in the Scripts under the domain in SysVol. We then edit the default SBS_Login_script.bat file that is located in the same place with the below UNC based application call and switches.

We do this because the SysVol is Read Only for all users so we do not need to worry about users making changes to the defaults or incorporating scripts in the BGI file. If someone has write abilities on these files, we have other problems that need to be dealt with! ;)

The batch file will read:

Keep in mind that we are using the UNC path for both the application file and the applicable BGI file on the same line. There are a couple of switches in there to disable the default start-up pause and the EULA agreement window.

On SBS 2008, things are a little different. Because we no longer have the default SBS logon script in the SysVol, we place the three files in the User Logon Scripts location specific to the GPO we are using.

Since we always create and link a new GPO to the default SBSUsers OU called Windows SBSUsers Policy on our SBS 2008 installs, we will create a batch file called BGInfo.bat, and place it in the appropriate directory for the GPO also using the appropriate UNC for the .EXE and .BGI command line:

To find the correct location, open the GPO by right clicking on it and Editing it.

After opening the GPO, we find the proper location to place the BGInfo files and batch file under the GPO’s GUID as indicated in the above UNC path.

The GUID shows up when we click the Add button in the Logon Scripts properties window. After clicking the Browse button click on the Address Bar (just to the right of the Left and Right arrow buttons) to show the full SysVol UNC path. Leave this window open so as to pick up the batch file copied into the folder in the steps below.

Now, keep in mind that the location being shown is via the SysVol UNC so will be Read Only and your files will not be there yet! Take note of the GUID and open a Windows Explorer window and navigate to the appropriate location via the %WinDIR%\SysVol\…

  • TIP: Highlight the first part of the GUID and copy it, then paste it into the Search field in your Windows Explorer window after bringing up the Windows directory. The GPO’s GUID folder will show up pretty quick without having to follow the path through to it.

When it comes to the new security structures in Windows Server 2008, the BGInfo batch file and application files need to be at least on the local domain admin’s desktop before attempting to copy them into the User\Scripts\Logon\ folder. A couple of UAC prompts will be required when copying and pasting the files.

09-03-23 BGInfo - SBS 2008 Batch File

BGInfo.bat file in the GPO Scripts Folder

Once the files have been pasted into the correct location, the Logon Properties window that was left open from earlier will now have the three BGInfo files shown in that window. Click on the batch file and the Open button to add it. No parameters are needed since the switches are contained within the batch file itself.

Make sure to annotate the GPO change by right clicking on the GPO name in the editor and clicking on Properties. A comment tab is to be had there. We annotate all changes we make to any GPO within that comment tab as well as comment on the Administrative Templates settings that allow GPO setting comments.

The GPO comment format:

  • 09-03-23: Added the BGInfo batch to Users Logon Scripts. Philip
    • YY-MM-DD
    • Brief description of the change for both add/remove/changes.
    • Who did the change.

Once a GPUpdate /force [Enter] is run on the server, all users will receive the newly configured BGInfo background on their desktops when they logon or on any server an admin logs into.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*All Mac on SBS posts will not be written on a Mac until we replace our now missing iMac! (previous blog post)

Windows Live Writer

5 comments:

Anonymous said...

Good stuff Philip - I was the one who requested this and I appreciate your time in posting this.

Philip Elder Cluster MVP said...

A.,

You are very welcome!

If I missed anything, or you have a question, let me know.

Thanks,

Philip

Sean said...

Good outline; two items of note:
Security and security.

1) The BGInfo.bmp file created in \Windows isn't always able to be created under 2008's security model.

2) The Enhanced Security Configuration will prevent a .BAT from running silently unless you tweak the trusted or intranet zone to include your SYSVOL path.

Jack said...

Hi
Thanks very much.
I have a server 2012 r2 as domain controller and with some other servers and some windows 10pro clients.

I have a GPO which start users in my windows 10 pro machines as a kiosk, and at the same time apply BGinfo information at the background both for the servers and client machines.
GPO setup is: User Configuration->Policies->Windows Settings->Scripts->Logon(apply BGinfo)
User Configuration->Administrative Templates->Systems->Custom User interface(Apply the custom app).

When i try to log in as an admin user in one of the client machines the BGinfo applies as it should, but if i log in as a user the custom applications starts but the background is black...
I tried to running GPRESULT /R from the client machine as a user and i can see that the GPO applies as it should.
Any help please.

Philip Elder Cluster MVP said...

Jack,

Try changing the location where BGInfo drops its file. I suspect a standard user can't write to that location.

You could use GPPrefs to create a folder called BGInfo in the root and give users MOD then set BGInfo up to drop its file in there.