In my last post I showed my ADFS Sign On page for my it-worxx domain.
Ink on the post wasn’t dry before I had several mails asking to explain how to do that.
I’ll re-use some of the text I used on my other post about Bing Wallpaper automation, which you can find here.
Disclaimer: Doing this might be a legal issue and you need to confirm that you are allowed to do this.
All legal things aside (and I take no responsibility whatsoever), here’s my solution.
I am using a PowerShell script, running on my ADFS 3.0 server, which uses a modified version of the function that colleague Michael Verbeek started, which you can find here.
Since the Bing wallpaper changes once a day, we need to run the script at least once a day to change the ADFS theme reflect Bing’s daily image.
Create a Scheduled task using Task Scheduler (under Administrative Tools) for this.
Run whether user is logged on or not (always run). Run with highest privileges (we need to be able to write the downloaded wallpaper, and set it in the ADFS theme). In this example I run the task in the Domain Administrator context. Remember this is not best practice. Instead create a user for this purpose and assign it just the right amount of rights to run this task.
Whichever user you use, make sure this user has a profile in which Internet Explorer was started (or make sure you have a policy that disables the first-run experience for every user), and modify the execution policy for PowerShell scripts for this user (or make sure you have a policy that does this for you).
To make things easy, just sign on once with the user that is going to run the task, start Internet Explorer and go through the first-run experience, and start PowerShell. Run the command “set-executionpolicy unrestricted -force”, then logout again and create the task with an administrative account.
Add a schedule to the task:
I choose to run it all day, each hour, since I have no clue when the Bing Wallpaper is updated. Create a schedule that fits your needs.
Of course we want a program to run. Type “powershell” in the Program/script box and in the Add arguments box type the full path to the script (which you can download using the link at the end of this post).
In my case the argument is “C:\adfstheme\Set-AdfsThemeIllustration.ps1” since that is where I have my script.
If you want to be able to run the script manually don’t forget to check this:
And that’s it.
And running the Scheduled Task has the desired results:
November 29th image.
You can download the script here.
When you download it edit the first two lines to reflect your settings.
Mine are:
Without editing those lines the script won’t work for you (they are empty in the downloaded version).
If you need to find out the current theme name for your ADFS 3.0 installation, log on to the ADFS server, open a PowerShell prompt and type the following command: Get-AdfsWebConfig
This will show you the active theme name:
All pre-requisites for this to work:
Windows Server 2012R2 ADFS 3.0 (untested on ADFS 2.0, might work though)
The account that is defined in the scheduled task must have rights to modify the ADFS theme
The account that is defined in the scheduled task must be able to write the downloaded wallpaper
The account that is defined in the scheduled task must not be presented with Internet Explorer first-run experience
The account that is defined in the scheduled task must be able to run PowerShell scripts
The script as is must be run on the ADFS server
The ADFS server must be able to access bing.com using http (port 80)