In this article, we will be discussing how to display interactive logon messages for Windows PCs via GPO. We will be discussing two specific policies and implementing them via the Group Policy Object (GPO) and Windows Registry. They are “The Interactive logon: Message text for users attempting to log on and Interactive logon: Message title for users attempting to log on policy settings” and are closely related. These settings are part of the GPO Security options. Please see The different Windows Logon Types, The logon attempt failed for the remote desktop connection, and What are the merits and demerits of Local System Account and Service Logon Account.
The Security Options contain security policy settings that allow you to configure the behaviour of the local PCs. Please see display logon banners for Windows PCs via Windows Registry.
These policies can also be included in a Group Policy Object and distributed over your organization.
Why Enable Interactive logon Messages for Windows Computers
Enabling “Interactive Logon Messages for Windows PCs” involves displaying a legal notice or warning message to users before they log on to a Windows computer.
These messages are often used to communicate vital information, legal or security policies to users.
There are several reasons why organizations choose to enable interactive logon messages for Windows and Network devices. But our focus of discussion today is the Windows PC.
- Legal and Compliance Requirements: In some industries, there are legal and compliance requirements that mandate informing users about specific policies, agreements, or legal terms before they log on. Displaying a logon message helps fulfil these requirements and ensures that users are aware of their responsibilities and obligations.
- Security Awareness: Organizations use logon messages to raise security awareness among their employees. This reminds them not to engage in risky online behaviour.
- Announcements and Updates: Important announcements, updates, maintenance schedules, or system changes can be communicated through logon messages. This ensures that users are informed of any upcoming changes or disruptions.
- Unauthorized Access Deterrence: Displaying a warning message can act as a deterrent against unauthorized access attempts. Potential intruders may be discouraged from attempting to log on if they are presented with a clear message indicating that unauthorized access is prohibited.
- Disclaimers and Liability Notices: Organizations often include disclaimers and liability notices in logon messages to protect themselves from legal liability.
These fields can be used to communicate “Emergency Contact Information“, Education and training, Acceptable Use Policies etc.
How to Display interactive logon messages for Windows
I will be showing you these steps locally. To do this, launch the Local Group Policy Editor by typing
gpedit.msc from the search or “Run” wizard. This will launch the Local Group Policy Editor as shown below.
Please see how to fox “Error 1385: The user has not been granted the requested logon type at this time“, and The sign-in method you are trying to use is not allowed: For more information, contact your network administrator.
When you edit the policy settings locally on a device, it will only affect the settings on that device locally.
Navigate through Local Computer Policy->ComputerConfiguration->Windows Settings->Local Policies->Security Options.
In the right pane of the window, you will find the two policies that we will be suing. They are “The Interactive logon: Message text for users attempting to log on and Interactive logon: Message title for users attempting to log on policy settings.
First, for the “Interactive logon: Message title for users attempting to log “. Type your warning message in the wizard below.
If you wish to learn more about the policy setting. Click on the Explain button to learn more about what it does.
Note: You will also have to do the same for the “The Interactive logon: Message text for users attempting to log on”.
Apply the GPO Policies immediately
gpupdate /force commands in Command Prompt and restarting the machine will apply the group policy successfully. You may want to learn about the various “Group Policy GPUpdate Commands“.
Policies applied successfully.
Below are the message title and text configured. Yes, they are not descriptive enough as this is just to show you the steps to implement yours in your own environment.
Click on Ok.
You will be prompted with the traditional window to enter your login information.
Undo the changes
These steps are very simple. Navigate through the Local Computer Policy->ComputerConfiguration->Windows Settings->Local Policies->Security Options
Double-click on each policy and depopulate the entries you made previously. Do not forget to click on Ok or Apply as the case may be.
I hope you found this blog post helpful on how to display interactive logon messages for Windows PCs via GPO. Please let me know in the comment section if you have any questions.