Comments on: Configure Legal Notices On Domain Computers Using Group Policy https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/ SCCM | ConfigMgr | Intune | Windows 11 | Azure Fri, 04 Nov 2022 20:26:18 +0000 hourly 1 https://wordpress.org/?v=6.4.1 By: MB https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-40587 https://www.prajwaldesai.com/?p=2535#comment-40587 We found a “bug” in this GP setting: “Interactive Logon : Message text for users attempting to log on”.
Our legal notice is large with 1871 characters. When I paste the text in GPEdit, in the resulting logon message, about 1/3 of the way through, commas get converted to carriage returns, and apparently some commas got moved to incorrect locations. This wreaks havoc with the meaning of the legal verbiage, and just looks awfully formatted.

Workaround / fix (for this and probably most formatting struggles):
I searched the registry to find where GP writes the “Message Text”, and found this value:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\legalnoticetext
My fix is to not use the “interactive Logon” GP setting at all, but instead write your legal notice right here using GP Computer Configuration \ Preferences \ Windows Settings \ Registry

]]>
By: Burhan https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-27387 https://www.prajwaldesai.com/?p=2535#comment-27387 I cant see Local Policy > Secuirty Options on Server 2019 ?

]]>
By: kyao https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-26151 https://www.prajwaldesai.com/?p=2535#comment-26151 In reply to PG.

You could theoretically do the following
Add the 30 computers you want to receive the interactive login to a security group (eg SG-interactive login)

Go to the GPO and change under the scope settings change the security filtering to reflect the following
* Remove authenticated users
* Add security group with the 30 computers (we want this GP to apply to those computers)

I would defiantly recommend testing this not in a production environment first with a few pcs as I’m not entirely sure of the effects of removing Authenticated Users, My understanding is that this should give you the desired outcome however.

]]>
By: Arik shrestha https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-24314 https://www.prajwaldesai.com/?p=2535#comment-24314 Can we change that “OK” button to “I Agree”.

]]>
By: Marina Cypert https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-23997 https://www.prajwaldesai.com/?p=2535#comment-23997 I agree with you

]]>
By: PG https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-19899 https://www.prajwaldesai.com/?p=2535#comment-19899 Prajwal,
I have a environment where there is Child OU and it has about 80 computers. All the GPO (there are about 15) are linked to this OU and blocked inheritance from the domain.
One of GPOs setting has interactive login message and text configuration named workstation settings. this includes other security settings as well.
Now I would like to skip 50 computers that they do not want to load Legal-disclaimer as they have auto logins. Apparently the Interactive login setting is configured along with other settings in Security options. In other words, Interactive login is loading to the computers along with other security options.
Now I want to exclude those 50 computers not to load the interactive login (Legal disclaimer).
Is there a way we can take an exception for the 50 computers.

]]>
By: ain mawardah https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-15189 https://www.prajwaldesai.com/?p=2535#comment-15189 can’t we insert an attachment? i mean there is something our superior ask us to post but he want it in an attachment form.

]]>
By: Nikhil Vetal https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-13944 https://www.prajwaldesai.com/?p=2535#comment-13944 if a the message text for user attempting to logon has changed somehow on workstations, but without affecting policy, how can audit an event anytime time message is changed and this audit record should be viewed on central server computer. All i have done is configuration till legalnotice. stcuk with auditing part

]]>
By: Bobo https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-13920 https://www.prajwaldesai.com/?p=2535#comment-13920 Can I have multiple logon banner messages within a single login attempt on the domain

]]>
By: Robb Perez https://www.prajwaldesai.com/how-to-configure-legal-notices-on-domain-computers-using-group-policy/#comment-13804 https://www.prajwaldesai.com/?p=2535#comment-13804 Scenario:
One of the company departments would like to implement a legal notice, but would like to change the content periodically, We can use PowerShell to change the “legalnoticetext” with a Get-Content command to pull from a pre-defined text file. The department would update that text file as needed and a scheduled task would update the message periodically. How, though, would I get the PowerShell script to update the domain GPO containing the message?

]]>