Cyber Security

PowerShell: Creating Login Banners (Logon Screen)

By on ( 4 Comments )

One of the first things you learn in cisco lessons is how to create login banners. A banner is a message shown to a user who is using the device. In this article I am going to configure login banners for Windows Server and Client Systems by using Windows PowerShell.

Introduction

Login Banners can be configured in two ways: Graphical Interface and Command-Line. In graphical user interface the configuration can be found in gpedit.msc, Computer Configuration – Windows Settings – Security Options.

Unbenannt.JPG

If you want to configure login banners with group policies, open gpmc.msc and configure these two settings. Then link the GPO to an OU/Site/Domain. In this article we configure Login Banners without GPOs.

Configuring Interactive Login Messages with PowerShell (localhost)

We have to configure the message title and the message text. If we leave one of them unconfigured, Login Messages will not be displayed.

Run the following One-Liner to set the title of the message (Welcome!)

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticecaption" -Value "Welcome!"

Unbenannt.JPG

Next, configure the message text. (*** Authorized Access Only ***)

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticetext" -Value "*** Authorized Access Only ***"

Unbenannt.JPG

Log off and log on. And here it is:

Unbenannt.JPG

Configuring Interactive Login Messages with PowerShell (Remote Computers)

To configure logon banners on all server systems, we must first retreive a list of the server computer names. To catch and save all computer names (Active Directory) in a file run

(Get-ADComputer -Filter 'operatingsystem -like "*server*"').Name | Out-File C:\Temp\Servers.txt

Unbenannt.PNG

Next, modify the registry settings for welcome messages of each server by executing

Get-Content C:\Temp\Servers.txt | ForEach-Object {Invoke-Command -ComputerName $_ {Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticecaption" -Value "Welcome!";  Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticetext" -Value "*** Authorized Access Only ***"}}

Unbenannt.JPG

Another option is using Group Policies.

See also

More about bulk operations see my articles

PowerShell: Enable Remote Desktop on multiple Servers remotely (Bulk)

PowerShell: Changing Active Directory user logon names (Bulk)

 

Categories: Cyber Security, Windows 10, Windows Server

Tagged as: , , , , ,

Published by Patrick Gruenauer

Microsoft MVP on PowerShell [2018-2023], IT-Trainer, IT-Consultant, MCSE: Cloud Platform and Infrastructure, Cisco Certified Academy Instructor.

4 replies »

  2. Pingback: Newsletter: 5 November, 2017 | Notes from MWhite

    • Hallo Roland, Danke für den Tipp: Ja, das wäre durchaus auch auf diesen Weg eine gute Idee. Ich dache eigentlich an Windows Server, welche immer erreichbar sind und an eine saubere Datenbank 😉

      Like

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.