Keyboard layout changes unexpectedly on the Windows lock screen

In this article I present a simple solution to prevent that the keyboard layout changes unexpectedly on the Windows lock screen. This information is intended for Windows Server 2016 and RDP and ICA sessions. It may apply to other operating systems as well.

The issue

The situation is as follows:

  • You start an RDP or ICA session as an administrator or user.
  • The keyboard language in the active session is correct (for example German):
    Keyboard layout changes unexpectedly on the Windows lock screen - System tray language set to German
  • However, as soon as the screen is locked, the keyboard language changes to another language (for example English).Keyboard layout changes unexpectedly on the Windows lock screen - Lock screen changed to English

The cause

The exact cause for this issue is unknown to me. What is sure though is that it can only happen when multiple languages and/or language packs are in play. Also, the lock screen runs in the context of the Local System account (as opposed to the active session that runs in the user's own context). In the solution below we modify settings that belong to the Local System account to solve this issue.

This issue is reported on the Internet here and there. I even opened a case with Microsoft concerning this issue, but so far it did not lead to any solution. All I have is a workaround which seems to do the trick.

The solution (or workaround to be more precise)

The workaround to solve this issue is to remove the following two registry keys:

  • HKU\.DEFAULT\Control Panel\International\User Profile
  • HKU\.DEFAULT\Control Panel\International\User Profile System Backup
Important!
This method is NOT supported by Microsoft. Although I am not aware of any negative impact, removing these registry keys is at your own risk. I also strongly suggest that you test this solution before implementing it in production.

You can remove these keys using a Microsoft Group Policy Preference (or you can use Workspace Environment Manager or another product).

Keyboard layout changes unexpectedly on the Windows lock screen - Delete registry keys to prevent keyboard changing on lock screen

As you can see in the screenshot, the keys are removed in the User Configuration section instead of Computer Configuration. The reason for this is that these keys are recreated at each logon. This applies to both standard users as well as administrators. Therefore, this Group Policy should be applied to all logons.

The easiest way to make sure that the Group Policy is applied to both users and administrators is to set the scope to Authenticated Users. In case you have separate Group Policies for administrators and users you will have to include the removal of the aforementioned registry keys in multiple Group Policies.

Now, you may wonder how it is possible that standard users are able to delete registry keys that are located in the HKEY_Users hive. More importantly, the path is HKU\.Default, which contains the registry settings for the Local System account (the lock screen runs under the Local System account).

Note:
The registry key HKU\.DEFAULT belongs to the Local System account (SID S-1-5-18) and points to the registry key HKU\S-1-5-18. The keys HKU\.DEFAULT and HKU\S-1-5-18 are the same.
Keyboard layout changes unexpectedly on the Windows lock screen - DEFAULT is Local System
You can easily confirm this: simply create a new value in one key and you will also see it in the other.

The reason why a standard user can remove keys from the HKU hive is because User Group Policies are not applied using the security context of the current user. Instead, Group Policies are executed in the local system security context.

This behavior was changed with Microsoft Security Update MS16-072 in June 2016. Before June 2016, User Group Policies were executed in the current user's security context. Since June 2016, User Group Policies which scope is not set to Authenticated Users still need to grant either the group Authenticated Users or Domain Computers read access to the Group Policy.
This change is also the reason why the option Run in logged-on user's security context exists in the Common tab of a Group Policy Preference. This option can be used to force a Group Policy Preference to be applied in the security context of the current user instead of the local system.

Keyboard layout changes unexpectedly on the Windows lock screen - GPP run in user security context

In case anyone has a better way how to prevent the keyboard layout from changing on the Windows lock screen and wants to share it with the rest of us than please contact me so I can add it to this article.

Share this post:
Dennis Span on EmailDennis Span on LinkedinDennis Span on Twitter
Dennis Span
Dennis Span
Dennis Span works as a Senior Citrix Architect for a large insurance company in Vienna, Austria. He holds multiple certifications such as CCE-V, CCIA and CCEA. In 2017, Dennis became a Citrix Technology Advocate (CTA). In 2019, he became a Citrix Technology Professional (CTP). Besides his interest in virtualization technologies and blogging, he loves spending time with his family as well as snowboarding, playing basketball and rowing. He is fluent in Dutch, English, German and Slovak and speaks some Spanish.

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.