Worklet: Legal Acknowledgement at Login

This Worklet will let you set a title and message for your users when they login. This can be used as a required legal acceptance of your AUP, or for a critical notification that all users need to see. To remove the security message, edit your script to check for a blank caption and set them both to blank strings.

To deploy this endpoint hardening worklet, do the following:

  1. Log in to your Automox Console.
  2. Browse to the System Management page and click Create Policy .
  3. Choose Windows under Worklet.

  1. Insert the Evaluation and Remediation Code scripts. The evaluation code keeps you apprised of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.

• Under Evaluation Code:

# Define Registry Key and sub-value to evaluate
#############################################
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
$regPropertyText = "LegalNoticeText"
$regPropertyCaption = "LegalNoticeCaption"
$desiredCaptionValue = 'PutYourCaptionHere'
$desiredTextValue = 'PutYourTextHere'
#############################################
 
# Retrieve current value for comparison
$currentValue = (Get-ItemProperty -Path $regPath -Name $regPropertyCaption).$regPropertyCaption
 
# Compare current with desired and exit accordingly.
# 0 for Compliant, 1 for Non-Compliant
if ($currentValue -eq $desiredCaptionValue) {
   Exit 0
} else { Exit 1 }

• Under Remediation Code:

# Define Registry Key and sub-value to modify
#############################################
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
$regPropertyText = "LegalNoticeText"
$regPropertyCaption = "LegalNoticeCaption"
$desiredCaptionValue = 'PutYourCaptionHere'
$desiredTextValue = 'PutYourTextHere'
#############################################
 
try {
   Set-ItemProperty -Path $regPath -Name $regPropertyCaption -Value $desiredCaptionValue
   Set-ItemProperty -Path $regPath -Name $regPropertyText -Value $desiredTextValue
   Exit 0
} catch {
   Write-Output "Unable to update $regProperty"
   Exit 1
}
1 Like