How To Configure Legal Notices On Domain Computers Using Group Policy

How To Configure Legal Notices On Domain Computers Using Group Policy – Few years ago when i was working on Windows Server 2008 R2, I was told by my manager to configure a logon banner. What came to my mind was to write a script for it and run the script at logon. There are 2 ways to configure legal notices on domain computers, you can configure it by writing a script and executing it at the logon or configuring legal notice using a group policy. I believe the second method is very easy. You can configure Windows Server to display a message to users when they log on. You can use the message display functionality to personalize the logon process, provide news or information, and for other similar purposes. The message appears after the user presses CTRL+ALT+DEL and disappears after the user clicks OK.

In this post we will see on how to configure legal notices on domain computers using group policy. We will create a group policy, modify the policy settings and link it to the domain. I am configuring this policy on a domain controller running Windows server 2008 R2 SP1 edition.

Login to the domain controller machine with the administrator account. Click on Start, Click on Administrative Tools, Click on Group Policy Management. Under Domains, right click your domain and click on Create a GPO in this domain, and link it here.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 1

 

We will create a policy named Logon_Banner. Click on OK.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 2

 

Right the policy Logon_Banner and click on Edit. On Group Policy Management Editor, click on Computer Configuration, expand Policies, expand Windows Setttings, expand Security Settings, expand Local Policies, click on Security Options.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 3

On the right pane look for the policy Interactive Logon : Message text for users attempting to log on. This security setting specifies a text message that is displayed to users when they log on. You can paste the Logon text that is to be displayed to the users before they log in. Click on Apply and OK.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 4

On the right pane look for the policy Interactive Logon : Message title for users attempting to log on. This security setting allows the title to appear in the title bar of the window that contains the Interactive logon.Type the title text and click on Apply and OK.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 5

On the client computer open the command prompt and run the command gpupdate.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 6

Log off from the client computer. Hold CTRL+ALT and press DEL. You must find the logon banner. Click on OK to login to the computer.

How To Configure Legal Notices On Domain Computers Using Group Policy Snap 7

48
Leave a Reply

avatar
29 Comment threads
19 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
newest oldest most voted
clement
Guest
clement

In Interactive logon Group Policy Management is is it possible to prevent users from clicking OK b4 they click OK lets 3 mins

Joel S
Guest
Joel S

We have a very mixed environment. 85% of the users logon using a thin-client running Windows 7 embedded connecting to a terminal server running Windows 2012 R2. All of the production servers run Windows 2012 R2 and all Fat Clients are Windows 7 PRO SP1 or Windows 10 Pro.
Does your process work on WIndows 7 Pro SP1, Windows 10 Pro, Windows Server 2012 R2?

Excellent article by the way.

mohammedfariz.k
Guest
mohammedfariz.k

Can u pls tell me how to add a line space to seperate a paragraph.

Marty
Guest
Marty

Prajwal Desai very good article and thank you for sharing I would like to know if there is a way to make it so that users get the legal notification with the acceptable computer use policy the first time when they login, when logoncount is 0. Second, if there is a way to audit which users have clicked on the OK. It is obvious that if the logoncount is still 0, the user has not clicked OK and proceed to login but it is good to provide a list that proves who did click on the OK button. This is… Read more »

Vishal B.
Guest
Vishal B.

I am facing one below mentioned issue, Pls suggest
Under Win 2012 R2 , I want to change the legal notice color from blue to red or i am ok if i set the legal notice message after windows login front screen.
Pls suggest if there is any option under GPO or any other way ?

Pls suggest?

vishal
Guest
vishal

I am facing one below mentioned issue, Pls suggest

Under Win 2012 R2 , I want to change the legal notice color from blue to red or i am ok if i set the legal notice message after windows login front screen.

Pls suggest?

shane
Guest
shane

many thanks for the right up, found very usefull
one question though, is it possible to add a tick box on the screen as well.

many thanks

nitin makwana
Guest
nitin makwana

Love you Prajwal.

Aamir Karim
Guest
Aamir Karim

Very nice and very easy way it is defined. Thank you sir.

daniel
Guest
daniel

hey great article. how to do create carriage returns?

David Sankovsky
Guest
David Sankovsky

Is there a way to force the message to be R2L instead of L2R?
my message is in Hebrew and it looks weird when it’s L2R

edward
Guest
edward

what about if i want to enable those GPO only on domain users not on the server it self?

David Sankovsky
Guest
David Sankovsky

I can only assume you mean user’s computers, while not implementing it on servers in the Domain.
This can be achieved by creating a group where you include only the computers, and then changing the scope of the policy.
Keep in mind though, the group won’t be auto updating, so You’ll have to add new computers manually.

Jin Khan
Guest
Jin Khan

There is simple and easy way to do the same trick using registry editor.

Aamir Karim
Guest
Aamir Karim

And what is that trick and where we will implement the said trick, on server or on client nodes ?

nepaconservative
Guest
nepaconservative

Tanx for the walkthrough!

K V Naresh Kumar
Guest
K V Naresh Kumar

hai how to Send a quick popup message to all domain computers/users?

MohamedBilal Pyarejan
Guest
MohamedBilal Pyarejan

pretty clear step keep it up.. prajwal..!

Prajwal Desai
Guest
Prajwal Desai

Thank you.

Shrikrushna BHutekar
Guest
Shrikrushna BHutekar

thank you Sir, this information is very helpful for me. thank you so much.

Prajwal Desai
Guest
Prajwal Desai

Thank you Shrikrushna.

Mohun Chelsea
Guest
Mohun Chelsea

AS a new in IT networking in system administration field,and a having passion for windowd server system administration,recently while searching certain topics , i find u r blog,,later stage i am finding its too useful for new winds systm admns..i really appreciate ur way of doccumentations.its too easy to understand.inf future also luking for great articles.KEEP IT UP.THANKS A LOT

Prajwal Desai
Guest
Prajwal Desai

Thank you Mohun…

rninga
Guest
rninga

Very useful, will definitely try it

Myrtle
Guest
Myrtle

Thank you for sharing this info. I really appreciate your
efforts and I will be waiting for your next write ups
thanks once again.

eowyn36
Guest
eowyn36

I did a poor job explaining myself 🙂 I want to put up a agreement before logon screen.
The only difference with the screenshot above is I want to put a checkbox there. The user will have to check it to click OK. It will say something like “I Agree to this conditions” check!
Can I use this feature with editing it ? or there is no way to edit anything apart form the message and title ? If so can it be done with a custom script ? I’m totally clueless here. 🙂

TSMLRE
Guest
TSMLRE

Perhaps you could add a bit at the beginning saying something like “by pressing OK and continuing the logon process, you are agreeing to the following terms”

Aamir Karim
Guest
Aamir Karim

TSMLRE, I think EOWYN36 is trying to give access to only those users who check the box for “I agree to this conditions”.
The OK button will be disabled until the user check the box. If he/she check that box then only OK button will be enabled.

Peter Vicari
Guest
Peter Vicari

Is there a way to do just that?

eowyn36
Guest
eowyn36

Is there a way to modify the logon notice ? I’m trying to find a way to add a checkbox on that screen, when checked the ok button will be clickable.

Lee
Guest
Lee

Hi, your site have just save me. thanks for much.

amit
Guest
amit

can we set image or animation instead of text????

prasad phase
Guest
prasad phase

Dear Its support on windows 2008 r2 ??

Samiuddin Mohammed
Guest
Samiuddin Mohammed

Excellent Blogs, Keep up the Good Work!

Thanks – Samiuddin

Brian
Guest
Brian

I tried this, and after getting unpleasant results found this: “You can use a maximum of four lines of 512 characters each for a total of 2,048 characters in this policy, please check whether you exceed this limit.” How did you get yours to display so many characters? Thanks. -B

SB
Guest
SB

I found that a semi colon was one cause of failure to display the full text of what we wanted. In another case a double space was the issue and in a 3rd round, we found that a single word written in all caps was a cause. Once corrected our 730 character message displayed correctly.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More