How do I use Powershell to Set My Account Picture?

windows-10

There are 2 parts to be done to set account picture: in AD and locally.

Set the picture in AD

The right way to do this is to locate a folder with user pictures on AD Domain controller:

enter image description here

There is a simple Set-ADUser cmdlet that can be used to import user photos to Active Directory. It saves an image file in the thumbnailPhoto Active Directory attribute. Just remember to provide an exact path to the image file and the user’s name, for example:

$ADphoto = [byte[]](Get-Content C:\AD_Photos\ad-brian-johnson -Encoding byte)
Set-ADUser BrianJ -Replace @{thumbnailPhoto=$ADphoto}

To have this done for multiple users you may rename each photo file as username and create a Powershell script to iterate that. Since SuperUser is not a script-wrting service by it's rules I don't provide such.

Local configuration

Second part is to copy photo locally and configure registry setting to you it. Pictures are stored locally in hidden folders that correspond SID of each user on the PC. You can get SID from AD or from the current Windows Session by PowerShell:

$user_sid = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value

The location of photos is C:\Users\Public\AccountPictures\SID\, where SID is real SID of the user. This folder will contain 7 hidden pictures in jpg format, each corresponding to one of resolutions: 32, 40, 48, 96, 192, 200, 240, 448 px.

So, you need to place photos there with the specific naming convention.

Registry configuration

In Windows 10 you can set the user account profile picture through the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users. However, non-admin users don’t have the necessary permissions to add values to this registry key. To allow users without administrator privileges to change the profile picture, you must grant them write permissions to this registry key.

You can apply the permissions centrally with GPO.

  1. To do this, run the Group Policy Management console (gpmc.msc), create a new policy and link it to the OU with users’ computers;
  2. Then in the GPO editor go to the following section Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Registry and add a new registry key (Add key) with the path MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users\AccountPicture registry key via GPO
  3. Then, in the Security tab, check the Full Control permissions for all domain users ([YourDomainName]\Users) and click OK;
  4. In the next window, select the option Replace existing permission on all sub keys with inheritable permissions, otherwise users won’t have any privileges for the nested registry subkeys.

This is how the registry with the keys pointing to photos location should look like (for my user): Registry keys for photo location

Bind Photos to a Profile Using script

Now, to propagate these Active Directory photos as Windows 10 account pictures, you can make use of Group Policy logon/logoff scripts (GPO that runs a script at logoff). Other option is to set scheduled script in Task Manager - this is up to you.

As mentioned you may set the registry keys and put the photos manually just for test purpose but for all users this can be done with Powershell script that runs at logon or logoff triggered locally or by GPO.

If you want to have GPO to run the script in the previously created policy in the section User Configuration -> Policies -> Windows Settings -> Scripts (Logon/Logoff) create a new PowerShell logon script:

The script name: %windir%\System32\WindowsPowerShell\v1.0\powershell.exe

The script parameters: -Noninteractive -ExecutionPolicy Bypass -Noprofile -File %logonserver%\netlogon\script\SetADPicture.ps1

Accordingly, the script itself must be located on ADC at %logonserver%\netlogon\script.

Note: this is a user policy, while the previous one is computer policy. This one should apply to user objects, while the previous - to computers.

And, finally, the script itself. There are some ready-to-use scripts which are quite big and complecated, so I don't paste them here. But the one which is recommended is located at: http://www.classicshell.net/forum/viewtopic.php?f=12&t=7921

The script basicly write a file for each resolution in C:\Users\Public\AccountPictures and creates the appropiate records in registry in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users

Related

Multiple internet connections being used.
Need to fix Windows MBR without using a CD
How do I tell mdadm to start using a missing disk in my RAID5 array again?
ssh port forwarding from remote location to computers on server's network
How to retrieve files to local machine when logged in to SSH?
Windows 10 Eating up Disk Space
Lost Mac DVD, how can I get a new copy of the disk?
How can I merge two unallocated spaces?
Where to download the lastest Windows ISO (legally)? [duplicate]
sync local and remote directories using rsync?
Insert a newline in a perl -e statement?
How to Overclock a Dell Inspiron 531?