Windows 8 provides a set of policies to
control the logon process, some of which allow you to configure the way
programs run at logon. This makes them similar to logon scripts in that
you can execute specific tasks at logon. Other policies change the view
in the welcome and logon screens. The main logon and startup policies
that you’ll use are available using Administrative Templates policies
for Computer Configuration and User Configuration under System\Logon and
are summarized in Table 1.
Table 1. Logon and Startup Policies
|
POLICY TYPE |
POLICY NAME |
DESCRIPTION |
|---|
|
Computer |
Always Use Classic Logon |
For Windows 7 and earlier, this policy overrides the default simple
logon screen and uses the logon screen displayed in previous versions of
Windows. |
|
Computer |
Always Use Custom Logon Background |
Allows the use of a custom logon background. |
|
Computer |
Always Wait For The Network At Computer Startup And Logon |
Requires the computer to wait for the network to be fully initialized. At startup, this Group
Policy is fully applied rather than applied through a background
refresh. At logon, this means the user account cannot be authenticated
against cached credentials and must be authenticated against a domain
controller. |
|
Computer |
Do Not Enumerate Connected Users On Domain-Joined Computers |
When a computer is joined to a domain, prevents the Windows Logon user interface from enumerating connected users during logon. |
|
Computer |
Enumerate Local Users On Domain-Joined Computers |
Allows the Windows Logon user interface to enumerate local users during logon. |
|
Computer |
Turn Off App Notification On the Lock Screen |
Prevents app notifications from appearing on the lock screen. |
|
Computer |
Turn On PIN Sign-In |
Allows a domain user to sign in using a PIN. |
|
Computer |
Turn Off Picture Password Sign-in |
Prevents a domain user from creating and using a picture password for sign in. |
|
Computer/User |
Do Not Process The Legacy Run List |
Disables running legacy run-list applications other than those set through the System Policy Editor in Windows NT 4. |
|
Computer/User |
Do Not Process The Run Once List |
Forces the system to ignore customized run-once lists. |
|
Computer/User |
Run These Programs At User Logon |
Sets programs that all users should run at logon. Use the full file path (unless the program is in %SystemRoot%). |
Setting Policy-Based Startup Programs
Although users can configure their startup applications separately,
it usually makes more sense to handle this through Group Policy,
especially in an enterprise in which the same applications should be
started by groups of users. To specify programs that should start at
logon, follow these steps:
-
Access Group Policy for the computer you want to work with. Next,
access the Administrative Templates policies for Computer Configuration
under System\Logon.
-
Double-tap or double-click Run These Programs At User Logon. Select Enabled.
-
Tap or click Show. In the Show Contents dialog box, specify
applications using their full file or UNC path, such as C:\Program Files
(x86)\Internet Explorer\Iexplore.exe or \\DCServ01\Apps\Stats.exe.
-
Close all open dialog boxes.
Disabling Run Lists Through Policy
Using Group Policy, you can disable legacy
run lists as well as run-once lists. Legacy run lists are stored in the
registry in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Run-once lists can be created by administrators to specify programs
that should run the next time the system starts but not on subsequent
restarts. Run-once lists are stored in the registry under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce and
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
To disable run lists, follow these steps:
-
Access Group Policy for the computer you want to work with. Next,
access the Administrative Templates policies for Computer Configuration
under System\Logon or the Administrative Templates policies for User
Configuration under System\Logon.
-
Double-tap or double-click Do Not Process The Run Once List. Select Enabled, and then tap or click OK.
-
Double-tap or double-click Do Not Process The Legacy Run List. Select Enabled, and then tap or click OK.
