deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2025-02-27 07:36:15 -05:00
parent 4d1b2a34ac
commit 0fe89edd2b
5 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
windows/configuration/shell-launcher/kiosk-mode.md
View File

@ -1,61 +0,0 @@
---
title: Kiosk Mode
ms.date: 01/18/2024
ms.topic: overview
description: Learn about Kiosk Mode in Windows IoT Enterprise.
---
# Kiosk mode
Windows IoT Enterprise allows you to build fixed purpose devices such as ATM machines, point-of-sale terminals, medical devices, digital signs, or kiosks. Kiosk mode helps you create a dedicated and locked down user experience on these fixed purpose devices. Windows IoT Enterprise offers a set of different locked-down experiences for public or specialized use: [assigned access single-app kiosks](single-app-kiosk.md), [assigned access multi-app kiosks](multi-app-kiosk.md), or [shell launcher](index.md).
Kiosk configurations are based upon either [assigned access](../assigned-access/overview.md) or [shell launcher](index.md). There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
> [!NOTE]
>
> A benefit of using an assigned access kiosk mode is [these policies](/windows/configuration/kiosk-policies) are automatically applied to the device to optimize the lock-down experience.
## Which type of app will your kiosk run?
Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](/windows/configuration/setup-digital-signage), select a digital sign player as your kiosk app. Check out the [Guidelines for Kiosk Apps](/windows/configuration/guidelines-for-assigned-access-app).
## Which type of kiosk do you need?
If you want your kiosk to run a single app for anyone to see or use, consider an [assigned-access single-app kiosk](/windows/configuration/shell-launcher/single-app-kiosk) that runs either a [Universal Windows Platform (UWP) app](/windows/configuration/kiosk-methods#uwp) or a [Windows desktop application](/windows/configuration/kiosk-methods#classic).
For a kiosk that people can sign in to with their accounts or that runs more than one app, consider an [assigned access multi-app kiosk](/windows/configuration/kiosk-methods#desktop).
## Which type of user account will be the kiosk account?
The kiosk account can be a local standard user account, a domain account, or an Azure Active Directory (Azure AD) account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use an assigned access multi-app kiosk configuration. The assigned access single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
## Kiosk capabilities for Windows 10 IoT Enterprise
| Mode | Features | Description | Customer Usage |
|------|----------|------------ |-----------------|
| Assigned access | Single-app kiosk (UWP) | Auto launches a UWP app in full screen and prevents access to other system functions, while monitoring the lifecycle of the kiosk app. Only supports one single-app kiosk profile under one account per device. | Digital signs & single function devices
| Assigned access | Single-app kiosk (Microsoft Edge) | Auto launches Microsoft Edge and prevents access to other system functions, while monitoring the lifecycle of browser. Only supports one single-app kiosk profile under one account per device. | Public browsing kiosks & digital signs |
| Assigned access | Multi-app kiosk (Restricted User Experience) | Windows 10: Always auto launches a restricted Start menu in full screen with the list of allowed app tiles. <br/> Windows 11: Presents the familiar Windows desktop experience with a restricted set of apps. | Frontline Worker shared devices |
| Shell launcher | Shell launcher | Auto launches an app that the customer specifies and monitors the lifecycle of this app. App can be used as a "shell" if desired. No default lockdown policies like hotkey blocking are enforced in Shell Launcher. | Fixed purpose devices with a custom shell experience |
## How to configure your device for kiosk mode?
Visit the following documentation to set up a kiosk according to your scenario:
* [Configure kiosks and digital signs](/windows/configuration/kiosk-methods)
* [Set up a single-app kiosk](/windows/configuration/kiosk-single-app)
* [Set up a multi-app kiosk](/windows/configuration/lock-down-windows-10-to-specific-apps)
* [Configure Microsoft Edge kiosk mode](/deployedge/microsoft-edge-configure-kiosk-mode)
## Additional Resources
* [Find the Application User Model ID of an installed app](/windows/configuration/find-the-application-user-model-id-of-an-installed-app)
* [Validate your kiosk configuration](/windows/configuration/kiosk-validate)
* [Guidelines for choosing an app for assigned access (kiosk mode)](/windows/configuration/guidelines-for-assigned-access-app)
* [Policies enforced on kiosk devices](/windows/configuration/kiosk-policies)
* [Assigned access XML reference](/windows/configuration/kiosk-xml)
* [Use AppLocker to create a Windows 10 kiosk](/windows/configuration/lock-down-windows-10-applocker)
* [Use Shell Launcher to create a Windows 10 kiosk](/windows/configuration/kiosk-shelllauncher)
* [Use MDM Bridge WMI Provider to create a Windows 10 kiosk](/windows/configuration/kiosk-mdm-bridge)
* [Troubleshoot kiosk mode issues](/windows/configuration/kiosk-troubleshoot)
* [Plan your kiosk mode transition to Microsoft Edge](/deployedge/microsoft-edge-kiosk-mode-transition-plan)

6
windows/configuration/shell-launcher/toc.yml
View File

@ -2,7 +2,11 @@ items:
- name: Overview
href: index.md
- name: 🔴 Overview
href: index_old
href: index_old.md
- name: 🔴 Multi-app kiosk
href: multi-app-kiosk.md
- name: 🔴 Single-app kiosk
href: single-app-kiosk.md
- name: Configure a kiosk
href: configure.md
- name: "Quickstart: Configure a kiosk"

133
windows/configuration/shell-launcher/wedl-assignedaccess.md
View File

@ -1,133 +0,0 @@
---
title: WEDL_AssignedAccess
description: WEDL_AssignedAccess
ms.date: 02/25/2025
ms.topic: reference
---
# WEDL_AssignedAccess
This Windows Management Instrumentation (WMI) provider class configures settings for assigned access.
[!INCLUDE [shell-launcher](../../../includes/licensing/assigned-access.md)]
## Syntax
```powershell
class WEDL_AssignedAccess {
[Key] string UserSID;
[Read, Write] string AppUserModelId;
[Read] sint32 Status;
};
```
## Members
The following tables list any methods and properties that belong to this class.
### Methods
This class contains no methods.
### Properties
| Property | Data&nbsp;type | Qualifiers | Description |
|----------|----------------|------------|-------------|
| **UserSID** | string | [key] | The security identifier (SID) for the user account that you want to use as the assigned access account. |
| **AppUserModelId** | string | [read, write] | The Application User Model ID (AUMID) of the Windows app to launch for the assigned access account. |
| **Status** | Boolean | none | Indicates the current status of the assigned access configuration |
| Value | Description |
|:-----:|-------------|
| 0 | A valid account is configured, but no Windows app is specified. Assigned access is not enabled. |
| 1 | Assigned access is enabled. |
| 0x100 | UserSID error: cannot find the account. |
| 0x103 | UserSID error: the account profile does not exist. |
| 0x200 | AppUserModelID error: cannot find the Windows app. |
| 0x201 | Task Scheduler error: Could not schedule task. Make sure that the Task Scheduler service is running. |
| 0xffffffff | Unspecified error.|
### Remarks
Changes to assigned access do not affect any sessions that are currently signed in; you must sign out and sign back in.
## Example
The following Windows PowerShell script demonstrates how to use this class to set up an assigned access account.
```powershell
#
#---Define variables---
#
$COMPUTER = "localhost"
$NAMESPACE = "root\standardcimv2\embedded"
# Define the assigned access account.
# To use a different account, change $AssignedAccessAccount to a user account that is present on your device.
$AssignedAccessAccount = "KioskAccount"
# Define the Windows app to launch, in this example, use the Application Model User ID (AUMID) for Windows Calculator.
# To use a different Windows app, change $AppAUMID to the AUMID of the Windows app to launch.
# The Windows app must be installed for the account.
$AppAUMID = "Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"
#
#---Define helper functions---
#
function Get-UsernameSID($AccountName) {
# This function retrieves the SID for a user account on a machine.
# This function does not check to verify that the user account actually exists.
$NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
$NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
return $NTUserSID.Value
}
#
#---Set up the new assigned access account---
#
# Get the SID for the assigned access account.
$AssignedAccessUserSID = Get-UsernameSID($AssignedAccessAccount)
# Check to see if an assigned access account is already set up, and if so, clear it.
$AssignedAccessConfig = get-WMIObject -namespace $NAMESPACE -computer $COMPUTER -class WEDL_AssignedAccess
if ($AssignedAccessConfig) {
# Configuration already exists. Delete it so that we can create a new one, since only one assigned access account can be set up at a time.
$AssignedAccessConfig.delete();
}
# Configure assigned access to launch the specified Windows app for the specified account.
Set-WmiInstance -class WEDL_AssignedAccess -ComputerName $COMPUTER -Namespace $NAMESPACE -Arguments @{
UserSID = $AssignedAccessUserSID;
AppUserModelId = $AppAUMID
} | Out-Null;
# Confirm that the settings were created properly.
$AssignedAccessConfig = get-WMIObject -namespace $NAMESPACE -computer $COMPUTER -class WEDL_AssignedAccess
if ($AssignedAccessConfig) {
"Set up assigned access for the " + $AssignedAccessAccount + " account."
" UserSID = " + $AssignedAccessConfig.UserSid
" AppModelId = " + $AssignedAccessConfig.AppUserModelId
} else {
"Could not set up assigned access account."
}
```