How can an admin stop the wallpaper being changed?

By Elliot B.
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

Elliot B.

Posted
Posted (edited)

Windows 7 Professional.

  • Right-clicking on the desktop and choosing Personalize shows:

    "This program is blocked by group policy. For more information, contact your system administrator."
     
  • Right-clicking on any image and choosing 'Set as desktop background' does nothing.

 

I'm basically curious:

  • How is this being accomplished?
  • Can it be gotten around if you had, for example, Registry Editor access?
Link to comment
Share on other sites
Grand Master

Seahorsepip Veteran

Posted
  • Veteran
Posted

It's probably a registry key but it can't be changed with registry access by a non admin user since the system has only set admin access to that specific registry key. That's what makes the registry so awesome, registry keys have the same sort of security as files.

Link to comment
Share on other sites
Grand Master

Elliot B.

Posted
  • Author
Posted (edited)

I got around it.

 

The Wallpaper key in the following path in the Registry Editor linked to a directory on the hard drive:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

 

I replaced the image with my own.

 

When I restarted, the original (wrong) wallpaper came back.

 

So I replaced the image a second time but set the file to Read Only.

 

Works :p

 

eb_hackerman1.thumb.jpg.5781e86e04d964fa8076023a66b36937.jpg

Edited by Elliot B.
Link to comment
Share on other sites
Grand Master

Dick Montage

Posted
Posted
13 minutes ago, Elliot B. said:

I got around it.

 

The Wallpaper key in the following path in the Registry Editor linked to a directory on the hard drive:

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

 

I replaced the image with my own.

 

When I restarted, the original (wrong) wallpaper came back.

 

So I replaced the image a second time but set the file to Read Only.

 

Works :p

So you have negated your school or workplace's restrictions? ;)

Link to comment
Share on other sites
Grand Master

Elliot B.

Posted
  • Author
Posted
3 minutes ago, Nefarious Trigger said:

So you have negated your school or workplace's restrictions? ;)

Never.

Link to comment
Share on other sites
  • 3 weeks later...
Grand Master

Mando

Posted
Posted
On 7/3/2017 at 0:53 PM, Elliot B. said:

Never.

if this is a domain pc and not your personal machine, then you have just edited/circumvented the GPO applied on a domain level by the enterprise admin, therefore nefarious triggers question is spot on buddy. Youve just overridden their Group Policy Object for the domain membership of said device, i dont understand why a workgroup computer would have that restriction, its not enabled by default.

Link to comment
Share on other sites
Grand Master

Elliot B.

Posted
  • Author
Posted
7 minutes ago, Mando said:

if this is a domain pc and not your personal machine, then you have just edited/circumvented the GPO applied on a domain level by the enterprise admin, therefore nefarious triggers question is spot on buddy. Youve just overridden their Group Policy Object for the domain membership of said device, i dont understand why a workgroup computer would have that restriction, its not enabled by default.

Some may say, like a boss :blush:

Link to comment
Share on other sites
Grand Master

Mando

Posted
Posted (edited)
41 minutes ago, Elliot B. said:

Some may say, like a boss :blush:

if a non IT staff member tried that on my enterprise, they would be looking for a new job mate, just be careful you dont breach your IT policy if it is a work/school machine mate. Im also gobsmacked the dom admin allows non-adms to access Regedit, the it dept are obviously inept ;) unless of course they allow local Adm to end users, then they are lazy AND inept ;) LAPs FTW!

 

and btw its easily overwritten, your fix, with an dom admin typing Gpupdate /force to your endpoint, their domain policy overrides any local changes to LGP, by design. Hence the "Group policy" name.

Link to comment
Share on other sites
Grand Master

Dick Montage

Posted
Posted

I was being glib, but... Hey it's  your career and we've no idea how strict or lenient your IT department are.  However, I do know people who have received verbal (and then written for doing it again) warnings for doing this.  Obviously it's not (fully) about the imagery, but rather the bypassing of work applied process and rules.

  • Circaflex and Mando
  • Like 2
Link to comment
Share on other sites
Grand Master

Mando

Posted
Posted (edited)
4 minutes ago, Nefarious Trigger said:

I was being glib, but... Hey it's  your career and we've no idea how strict or lenient your IT department are.  However, I do know people who have received verbal (and then written for doing it again) warnings for doing this.  Obviously it's not (fully) about the imagery, but rather the bypassing of work applied process and rules.

yep, im my field and enterprise corp its a sackable offence to circumvent any policy or restriction put in place to the domain, regardless of reason. Then again we are a heavily regulated industry with very tight network security, endpoint protection and GPOs, for mitigation of risk to the enterprise, we hold and use very sensitive patient data worldwide.

Link to comment
Share on other sites
Grand Master

Elliot B.

Posted
  • Author
Posted
Just now, Circaflex said:

Not really, seeing as you had to post here asking how to get around it. 

But then I completely figured out a solution on my own.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.