Windows - Enterprise Branding - Set Login Screen Legal Notice Text

What the login screen legal notice Worklet does

This Automox Worklet™ deploys custom legal notice text and caption messages that appear on the Windows login screen before users enter credentials. The Worklet modifies two registry properties in HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: LegalNoticeCaption (displays as a larger header) and LegalNoticeText (displays below the caption).

Every time a user logs into an endpoint, they see your configured legal notice before entering their username and password. The Worklet maintains consistent messaging across all Windows 8.1, Windows 10, Windows 11, and Windows Server endpoints in your environment.

Why display legal notices at login

Organizations often need to display legal disclaimers, security policies, or compliance notices to users before they access company systems. NIST 800-53 controls and many industry compliance frameworks require organizations to display security notices before user access. Manual configuration on hundreds or thousands of endpoints is time-consuming and inconsistent.

Automating legal notice deployment keeps every endpoint displays identical messaging and simplifies compliance audits. Corporate branding teams can standardize login screen messaging across departments and remote locations without visiting each machine. The Worklet solves the problem of managing diverse login screen messages across heterogeneous endpoint environments.

How legal notice deployment works

1. Evaluation phase: The Worklet checks whether the registry key exists and verifies both the LegalNoticeCaption and LegalNoticeText properties match the configured values. If the registry path does not exist, or if either property is missing or does not match the expected message, the Worklet reports non-compliance.

2. Remediation phase: The Worklet creates the registry key if it does not exist, then sets or updates both the LegalNoticeCaption and LegalNoticeText properties using New-ItemProperty with the Force flag to verify any existing values are overwritten. The endpoint is then compliant and will display the legal notice on the next user login.

Legal notice configuration requirements

• Windows 8.1, Windows 10, Windows 11, or Windows Server 2012 R2 and later

• Local administrator or SYSTEM permissions to modify the registry key HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

• PowerShell execution policy must allow script execution (RemoteSigned or Unrestricted)

• Modify the LegalNoticeText and LegalNoticeCaptionText variables in the Worklet script before deployment to set your custom message and caption

Expected state after legal notice deployment

After successful remediation, all future logins on the endpoint will display your custom legal notice message. You can verify this change by checking the specific setting this Worklet modifies. Users see the caption text as a larger header on the login screen, with the legal notice message displayed below it. The registry entries HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption and LegalNoticeText will contain the exact strings you configured in the Worklet parameters.

To verify successful deployment, review the Automox console activity log for the endpoint, or logoff and logon to the endpoint to see the legal notice appear on the login screen. The Worklet will continue to report compliant status as long as the registry values match the configured message and caption text.

How to validate set login screen legal notice text changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for set login screen legal notice text.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as Write-Verbose, Test-Path, Write-Output.

4. Validate remediation effects from script operations such as Write-Verbose, Test-Path, New-Item, then rerun evaluation for compliance.