Jump to content
Tixx

Blanking out all displays except Primary

Recommended Posts

Tixx

Hi,

Bit of  a background:

Im trying to push a policy acceptance window to all users when they log in to windows which they have to accept before proceeding to use the machine.

Initially i wanted to kill the explorer process, rename it via reg so that everything blanks out and only the policy window is open.

RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "killed")

ProcessClose("explorer.exe")

Then once accepted, restart the explorer process like so

RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "REG_SZ", "explorer.exe")

ProcessClose("explorer.exe")

ProcessWaitClose("explorer.exe")

Run("explorer.exe")

However this doesnt work unless it runs in elevated admin mode with windows 10 UAC which i cant do as the script runs in user context upon login.


The alternative solution is to blank out all monitors except the primary and show the policy window on there with the GUICreate $WS_EX_TOPMOST function.

Ive found a few scripts to blank out monitors online but they seem buggy and most will turn off all monitors, not specific ones.

 

Any help on how i can achieve this would be great. (and if you can suggest an alternative on the original solution, would be awesome too!)


Thanks

 

 

Share this post


Link to post
Share on other sites
Subz

Create an ActiveSetup Script, that prompts the user to accept the policy, this will only happen once for that user account prior to them getting to the desktop.  If you want it to run everytime a user logs in, then delete the ActiveSetup Guid with the script in the HKCU hive afterwards, using Run.

For Example:
Save your script to:
C:\Program Files (x86)\YourScript\YourScript.exe
Or
\\Domain.com\SYSVOL\Domain.com\Scripts\YourScript.exe

Create a Registry Key
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{Your Unique Guid Here} ;~ You can get this from here: https://www.guidgenerator.com/online-guid-generator.aspx I normally append a suffix to make it unique example: {6048702b-1b1e-45b2-8d26-792e02f694cc}_Au3
StubPath="<Path to your Script.exe>"
Version="18,2,22,0"

Now when a user logs on the script should run prior to them reaching the desktop, when they click OK (assuming MsgBox) it will add the version to:

HKCU\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Your Unique Guid Here}
Version="18,2,22,0"

If you update the HKLM Version it will re-run, however you can also just delete the HKCU version and it will re-run.

Anyway I hope that made sense.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×