In my last post I showed my ADFS Sign On page for my it-worxx domain.
Ink on the post wasn’t dry before I had several mails asking to explain how to do that.
I’ll re-use some of the text I used on my other post about Bing Wallpaper automation, which you can find here.
Disclaimer: Doing this might be a legal issue and you need to confirm that you are allowed to do this.
All legal things aside (and I take no responsibility whatsoever), here’s my solution.
I am using a PowerShell script, running on my ADFS 3.0 server, which uses a modified version of the function that colleague Michael Verbeek started, which you can find here.
Since the Bing wallpaper changes once a day, we need to run the script at least once a day to change the ADFS theme reflect Bing’s daily image.
Create a Scheduled task using Task Scheduler (under Administrative Tools) for this.
Run whether user is logged on or not (always run). Run with highest privileges (we need to be able to write the downloaded wallpaper, and set it in the ADFS theme). In this example I run the task in the Domain Administrator context. Remember this is not best practice. Instead create a user for this purpose and assign it just the right amount of rights to run this task.
Whichever user you use, make sure this user has a profile in which Internet Explorer was started (or make sure you have a policy that disables the first-run experience for every user), and modify the execution policy for PowerShell scripts for this user (or make sure you have a policy that does this for you).
To make things easy, just sign on once with the user that is going to run the task, start Internet Explorer and go through the first-run experience, and start PowerShell. Run the command “set-executionpolicy unrestricted -force”, then logout again and create the task with an administrative account.
Of course we want a program to run. Type “powershell” in the Program/script box and in the Add arguments box type the full path to the script (which you can download using the link at the end of this post).
In my case the argument is “C:\adfstheme\Set-AdfsThemeIllustration.ps1” since that is where I have my script.
And that’s it.
You can download the script here.
When you download it edit the first two lines to reflect your settings.
If you need to find out the current theme name for your ADFS 3.0 installation, log on to the ADFS server, open a PowerShell prompt and type the following command: Get-AdfsWebConfig
This will show you the active theme name:
All pre-requisites for this to work:
Windows Server 2012R2 ADFS 3.0 (untested on ADFS 2.0, might work though)
The account that is defined in the scheduled task must have rights to modify the ADFS theme
The account that is defined in the scheduled task must be able to write the downloaded wallpaper
The account that is defined in the scheduled task must not be presented with Internet Explorer first-run experience
The account that is defined in the scheduled task must be able to run PowerShell scripts
The script as is must be run on the ADFS server
The ADFS server must be able to access bing.com using http (port 80)
Until next time,