Forcing Theme Settings in Windows Vista

  • Article

Recently I was working with a customer to find a way to automate forcing a specific Aero theme in Windows Vista. The idea was to have the Vista clients "colour-coded" according to their use; so whenever a user logs on the window border colour would indicate the type of system (which was actually based on security levels). So, for example, if a user logs onto a public terminal with more relaxed browsing settings, the window borders should be red as a reminder the system is less secure, a more secure system might have blue border.

 

Unfortunately there isn't any public API or scripting interface for this, nor a GPO setting - the only "theme" GPO setting relates to deploying a specific "style" (stored in an 'msstyles' file), which is not the same as the theme (stored in a 'theme' file).

 

After some work we devised the workaround below. This isn't ideal, by any means, but does the job. I thought I'd blog about it in case it's useful to anyone in a similar situation. The usual caveats apply about hacking the registry, etc. While this seems to work for the moment, there's no guarantee that a future update may change the behaviour. 

 

We created these two Aero-based themes:

red 

Red.theme - for non-secure systems

 

blue

Blue.theme - for secure systems

To forcibly apply these at logon we: 

  • Copied the .theme files to a location on the local disk of the target system
  • Changed the "InstallTheme" value in the following registry key to point to the full path of the specifice .theme file:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes

NOTE: A custom ADM file that sets this can be downloaded here. Using this you can set the registry key centrally in the computer policy for the target system(s).

  • Added the following commands to the user's logon script:

reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Themes /v SetupVersion /f
regsvr32 /n /s /I:/UserInstall themeui.dll

When the user logged on, the script forced the custom theme to apply. With all this in place, we were able to manage the themes centrally in Active Directory to easily change between themes without visiting the clients.

I'd be interested to hear of your experience using this or any better method you have for doing the same thing.