Comments on: Configure Legal Notices On Domain Computers Using Group Policy

By: MB

We found a “bug” in this GP setting: “Interactive Logon : Message text for users attempting to log on”.
Our legal notice is large with 1871 characters. When I paste the text in GPEdit, in the resulting logon message, about 1/3 of the way through, commas get converted to carriage returns, and apparently some commas got moved to incorrect locations. This wreaks havoc with the meaning of the legal verbiage, and just looks awfully formatted.

Workaround / fix (for this and probably most formatting struggles):
I searched the registry to find where GP writes the “Message Text”, and found this value:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext
My fix is to not use the “interactive Logon” GP setting at all, but instead write your legal notice right here using GP Computer Configuration \ Preferences \ Windows Settings \ Registry

By: Burhan

Burhan

I cant see Local Policy > Secuirty Options on Server 2019 ?

By: kyao

kyao

In reply to PG.

You could theoretically do the following
Add the 30 computers you want to receive the interactive login to a security group (eg SG-interactive login)

Go to the GPO and change under the scope settings change the security filtering to reflect the following
* Remove authenticated users
* Add security group with the 30 computers (we want this GP to apply to those computers)

I would defiantly recommend testing this not in a production environment first with a few pcs as I’m not entirely sure of the effects of removing Authenticated Users, My understanding is that this should give you the desired outcome however.

By: Arik shrestha

Arik shrestha

Can we change that “OK” button to “I Agree”.

By: Marina Cypert

Marina Cypert

I agree with you

By: PG

Prajwal,
I have a environment where there is Child OU and it has about 80 computers. All the GPO (there are about 15) are linked to this OU and blocked inheritance from the domain.
One of GPOs setting has interactive login message and text configuration named workstation settings. this includes other security settings as well.
Now I would like to skip 50 computers that they do not want to load Legal-disclaimer as they have auto logins. Apparently the Interactive login setting is configured along with other settings in Security options. In other words, Interactive login is loading to the computers along with other security options.
Now I want to exclude those 50 computers not to load the interactive login (Legal disclaimer).
Is there a way we can take an exception for the 50 computers.

By: ain mawardah

ain mawardah

can’t we insert an attachment? i mean there is something our superior ask us to post but he want it in an attachment form.

By: Nikhil Vetal

Nikhil Vetal

if a the message text for user attempting to logon has changed somehow on workstations, but without affecting policy, how can audit an event anytime time message is changed and this audit record should be viewed on central server computer. All i have done is configuration till legalnotice. stcuk with auditing part

By: Bobo

Bobo

Can I have multiple logon banner messages within a single login attempt on the domain

By: Robb Perez

Robb Perez

Scenario:
One of the company departments would like to implement a legal notice, but would like to change the content periodically, We can use PowerShell to change the “legalnoticetext” with a Get-Content command to pull from a pre-defined text file. The department would update that text file as needed and a scheduled task would update the message periodically. How, though, would I get the PowerShell script to update the domain GPO containing the message?