Replace Imageres.dll across the domain to customize logon screen.

I've tried to utilize group policy to replace the following file C:\windows\system32\imageres.dll with the one we have customized for our organization. Which works when we manually place the new file in the listed location. However, it is not my intentions to touch ever machine on our network. It seems I'm running into issues because this file is a protected file and cannot be changed through GPO. Does anyone know how I can get around this or a utility I can use to push this change to all computers in a S2K3 domain?
Dan-HanleyAsked:
Who is Participating?
 
Dan-HanleyConnect With a Mentor Author Commented:
Okay, so I've solved my own problem... I still went with creating a MSI package, but this time I gave my package a .manifest file which elevated the install to require admin rights, but this alone did not make my package work correctly. I had to figure out what registry key did file name modifications and drop the file i wanted to changed into the system32 folder. The MSI package deletes the original file, places the custom imageres.dll and adds a registry key to rename the custom file to imageres.dll after this is done it requires a reboot and the changes should appear upon reboot.

Create a multi-string value in the following location.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations"

Value
\??\C:\Windows\System32\Customimageres.dll
!\??\C:\Windows\System32\imageres.dll

The MSI packager I used was  a freeware: EMCO
0
 
johnb6767Commented:
You can try a script to copy it to the remote systems, but before it is copied, delete the copy from c:\windows\system32\dllcache.....

Or even better, copy it there first, and then make the copy.....  

Sometimes you can trick Windows File Protection.......

The DLLCache folder is where WFP stores the good copies of the Protected files. So if you delete/replace that one, then you wont have it revert back to the original one.....
0
 
Dan-HanleyAuthor Commented:
John,

         That's true and had we been on XP probably would work, but we are currently running Vista Enterprise and I believe that the DLL Cache folder does not exist. I believe that vista uses a set of ACL's that prevent files not to be written unless they are ran by the "TrustedInstaller" account. However, I am stumped and don't know how else to get around this. I've gone as far as to create my own MSI package to replace the file and leave me a log file to let me know it has ran, but still no luck. I guess even letting the system rights run the package wasn't enough. Well thanks for the reply hopefully you have some idea's because im just about out of them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.