Windows 10 – Deploy Profile Picture to Logon Screen

In my current deployment I wanted to get our fancy pictures from Active Directory to our Windows 10 Machines where it can be used for the logon screen and other places like start menu:
Windows 10 Logon Screen User Picture

First, I want to let you know, how I add the Picture to my user accounts. Well this is quite simple, I just use those two lines of Powershell:
$userphoto = [byte[]](Get-Content "C:\temp\MYUserPic.jpg" -Encoding byte)
Set-ADUser -Identity MYUserPic -Replace @{thumbnailPhoto=$userphoto}

If this is done, and you have also Azure AD Connect in Place, your picture will be synced to Azure AD as well, and therefore the picture will show up in Office365. Mind that there are different recommendations for specific systems (Exchange, Office365, Skype for Business), but you can also use high-resolution images. See also this Microsoft Knowledgebase article for issues with pictures larger than 100kb: Technet Article Exchange Online Hybrid Image size

Lets start with the requirements of this solution:

  • Allow users to modify specific registry Key
  • Allow users to automatically run a managed PowerShell Script

The first requirement should be easy to accomplished, if you are using Group Policy Preferences, because users are required to be able to create subkeys under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users\
Because the user will create a Key with its own SID.
You will need to give certain permission within the registry for your users, I have done that with authenticated users:
profilepicture01

Afterwards you can take my modified script from Jocha (Script Source Link). I was required to modify it, because the script tries to create a subfolder folder the pictures where the script resides, this will fail in a ConfigMgr environment, because of the script resides within the CCMCache folder, where the user is not allowed to write data. Here you can find the edited Script, I only have changed the variable on Line 47: Set-ProfilePicture.txt (just rename it to ps1).
The script now uses the local temp folder of the user with the variable $env:temp.

Now you can create a Package within Configuration Manager and add a Standard Program, where you execute the PowerShell Script. Command Line in my case (mind to use sysnative on 64-bit clients, otherwise the script will fail cause of 32-bit execution!):
C:\windows\sysnative\windowspowershell\v1.0\powershell.exe -file Set-ProfilePicture.ps1

ConfigMgr ProgramConfigMgr Program2

When this is done, you might want to run this script over and over again, so if the picture may change, you want to have this new picture on the clients as well. Just use the Schedule option “Log on” and make sure to select “Always rerun program”:
ConfigMgr Deployment Option

Happy Users arriving.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s