deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 21:07:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update links and titles for Assigned Access documentation

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-03-07 09:13:35 -05:00
parent 7aecde1b75
commit 152efd4a9c
6 changed files with 29 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/configure/powershell-wmi-bridge-2.md
View File

@ -6,4 +6,4 @@ ms.topic: include
ms.prod: windows-client
---
For more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
For more information, see [Use PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).

2
windows/configuration/assigned-access/includes/quickstart-restricted-experience-ps.md
View File

@ -136,4 +136,4 @@ $obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfigur
Set-CimInstance -CimInstance $obj
```
::: zone-end
::: zone-end

12
windows/configuration/assigned-access/index.md
View File

@ -1,11 +1,11 @@
---
title: Configure kiosks and restricted user experiences
title: Windows kiosks and restricted user experiences
description: Learn about the options available in Windows to configure kiosks and restricted user experiences.
ms.topic: overview
ms.date: 03/04/2024
---
# Configure kiosks and restricted user experiences
# Windows kiosks and restricted user experiences
Organizations are constantly seeking ways to streamline operations, improve customer service, and enhance productivity. One effective solution is the deployment of kiosk devices. These specialized devices offer a range of benefits that can significantly impact an organization's efficiency and success. For example:
@ -14,7 +14,7 @@ Organizations are constantly seeking ways to streamline operations, improve cust
- Consistent brand experience: kiosks ensure a uniform brand experience across different locations. Whether in retail stores, schools, airports, or healthcare facilities, the interface remains consistent. Brand consistency builds trust and reinforces the organization's image
- Customization and flexibility: kiosks can be tailored to specific needs. From touchscreens to barcode scanners, organizations choose features that align with their goals. Whether it's self-checkout, wayfinding, or interactive product catalogs, kiosks adapt to diverse requirements
Windows offers two different experiences for public or specialized use:
Windows offers two different options for public or specialized use:
:::row:::
:::column span="1":::
@ -25,7 +25,7 @@ Windows offers two different experiences for public or specialized use:
:::column-end:::
:::row-end:::
This experience runs a single application in full screen, and people using the device can only use that app. When the designated kiosk account signs in, the kiosk app launches automatically. This experience is sometimes referred to as *single-app kiosk*.
This option runs a single application in full screen, and people using the device can only use that app. When the designated kiosk account signs in, the kiosk app launches automatically. This option is sometimes referred to as *single-app kiosk*.
Windows offers two different features to configure a kiosk experience:
@ -41,7 +41,7 @@ Windows offers two different features to configure a kiosk experience:
:::column-end:::
:::row-end:::
This experience loads the Windows desktop, but it only allows to run a defined set of applications. When the designated user signs in, the user can only run the apps that are allowed. The Start menu is customized to show only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types. This experience is sometimes referred to as *multi-app kiosk*.
This option loads the Windows desktop, but it only allows to run a defined set of applications. When the designated user signs in, the user can only run the apps that are allowed. The Start menu is customized to show only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types. This option is sometimes referred to as *multi-app kiosk*.
To configure a restricted user experience you use the **Assigned Access** feature.
@ -52,7 +52,7 @@ When you're considering a kiosk or restricted user experience, you need to choos
| | Question |
|--|--|
| **🔲** | *How many apps?* <br>This will determine the experience to build: **kiosk** or **restricted user experience**.|
| **🔲** | *Desktop experience or custom?* <br>If your users require access to the desktop with a custom Start menu, then you can build a **restricted user experience** with **Assigned Access**. If your users require access to multiple applications but with a custom UI, then you can build a **restricted user experience** with **Shell Launcher**.|
| **🔲** | *Desktop experience or custom?* <br>If your users require access to the desktop with a custom Start menu, then you can build a **restricted user experience** with **Assigned Access**. If your users require access to multiple applications but with a custom user interface, then you should use **Shell Launcher**.|
| **🔲** | *In single-app scenario, which type of app will your kiosk run?* <br>If the kiosk requires a Universal Windows Platform (UWP) app or Microsoft Edge, you can build a **kiosk experience** with **Assigned Access**. If the kiosk requires a desktop app, you can build a **kiosk experience** with **Shell Launcher**.|
| **🔲** | *Which edition of Windows client will the kiosk run?"* <br>**Assigned Access** is supported on Windows Pro and Enterprise/Education. **Shell Launcher** is only supported on Windows Enterprise and Education editions.|

28
windows/configuration/assigned-access/overview.md
View File

@ -21,14 +21,14 @@ When you configure a **restricted user experience**, users can only execute a de
- Lab devices
> [!NOTE]
> When you configure a restricted user experience, different policy settings are applied to the device. Some policy settings apply to standard users, and some to administrators. For more information, see [policy-settings](policy-settings.md).
> When you configure a restricted user experience, different policy settings are applied to the device. Some policy settings apply to standard users, and some to administrators. For more information, see [Assigned Access policy settings](policy-settings.md).
## Requirements
Here are the requirements for Assigned Access:
- [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable a kiosk experience
- The kiosk experience isn't supported over a remote desktop connection. The kiosk users must sign in on the console that is set up as a kiosk
- To use a kiosk experience, [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be enabled
- You can only use a kiosk experience when signing in from the console. The kiosk experience isn't supported over a remote desktop connection
[!INCLUDE [assigned-access](../../../includes/licensing/assigned-access.md)]
@ -36,10 +36,10 @@ Here are the requirements for Assigned Access:
There are several options to configure a kiosk experience. If you need to configure a single device with a local account, you can use:
- PowerShell: you can use the `Set-AssignedAccess` PowerShell cmdlet to configure a kiosk experience using a local standard account
- Settings: use this option when you need a simple method to configure a single device with a local standard user account
- PowerShell: you can use Windows PowerShell cmdlets to set up a single-app kiosk with a local standard account. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account
For advanced customizations, you can use the Assigned Access CSP to configure the kiosk experience. The CSP allows you to configure the kiosk app, the user account, and the kiosk app's behavior. When you use the CSP, you must create an XML configuration file that specifies the kiosk app and the user account. The XML file is applied to the device via the [Assigned Access CSP](/windows/client-management/mdm/assignedaccess-csp#shelllauncher), using one of the following options:
For advanced customizations, you can use the [Assigned Access CSP](/windows/client-management/mdm/assignedaccess-csp) to configure the kiosk experience. The CSP allows you to configure the kiosk app, the user account, and the kiosk app's behavior. When you use the CSP, you must create an XML configuration file that specifies the kiosk app and the user account. The XML file is applied to the device using one of the following options:
- A Mobile Device Management (MDM) solution, like Microsoft Intune
- Provisioning packages
@ -70,7 +70,7 @@ Assign the policy to a group that contains as members the devices that you want
#### [:::image type="icon" source="../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
To configure a device using the Windows PowerShell cmdlet:
To configure a device using Windows PowerShell:
1. Sign in as administrator
1. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access
@ -95,7 +95,7 @@ To configure a device using the Windows PowerShell cmdlet:
> [!NOTE]
> To set up Assigned Access using `-AppName`, the user account that you enter for Assigned Access must have signed in at least once.
For more innformation:
For more information:
- [Find the Application User Model ID of an installed app](../store/find-aumid.md)
- [Set-AssignedAccess](/powershell/module/assignedaccess/set-assignedaccess)
@ -106,9 +106,16 @@ To remove assigned access, using PowerShell, run the following cmdlet:
Clear-AssignedAccess
```
For advanced customizations that use the XML configuration file, use the MDM Bridge WMI Provider.
For advanced customizations that use the XML configuration file, you can use PowerShell scripts via the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal).
[!INCLUDE [powershell-wmi-bridge-1](../../../includes/configure/powershell-wmi-bridge-1.md)]
> [!IMPORTANT]
> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account.
To test the PowerShell script, you can:
1. [Download the psexec tool](/sysinternals/downloads/psexec)
1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
1. Run the script in the PowerShell session
```PowerShell
$shellLauncherConfiguration = @"
@ -297,10 +304,11 @@ Deleting the restricted user experience removes the policy settings associated w
## Next steps
> [!div class="nextstepaction"]
> Review the recommendations before you deploy Assigned Access
> Review the recommendations before you deploy Assigned Access:
>
> [Assigned Access recommendations](recommendations.md)
<!--links-->
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
[WIN-3]: /windows/client-management/mdm/assignedaccess-csp

2
windows/configuration/assigned-access/shell-launcher/index.md
View File

@ -23,7 +23,7 @@ With Shell Launcher you can use features and methods to control access to other
- Group policy (GPO)
- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)
Shell Launcher is part of the [Assigned Access](../overview.md) feature, which allows you to configure kiosks or a restricted user experiences. To learn about the differences between Shell Launcher and the other options offered by Assigned Access, see [Configure kiosks and restricted user experiences](../index.md).
Shell Launcher is part of the [Assigned Access](../overview.md) feature, which allows you to configure kiosks or restricted user experiences. To learn about the differences between Shell Launcher and the other options offered by Assigned Access, see [Windows kiosks and restricted user experiences](../index.md).
[!INCLUDE [shell-launcher](../../../../includes/licensing/shell-launcher.md)]

4
windows/configuration/assigned-access/toc.yml
View File

@ -11,10 +11,10 @@ items:
href: quickstart-kiosk.md
- name: Configure a restricted user experience with Assigned Access
href: quickstart-restricted-user-experience.md
- name: Create an Assigned Access configuration file
href: configuration-file.md
- name: Recommendations
href: recommendations.md
- name: Create an Assigned Access configuration file
href: configuration-file.md
- name: Reference
items:
- name: Assigned Access XSD