From e8f9eaac08510c54b31af7e69758eb876900d9ee Mon Sep 17 00:00:00 2001 From: sydbruck <91146756+sydbruck@users.noreply.github.com> Date: Thu, 14 Dec 2023 17:19:54 -0500 Subject: [PATCH 1/5] Remove note saying Multi-app isn't supported in win11 (it is now supported) --- windows/configuration/kiosk-methods.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 7dc2ae5f02..30eca6b168 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -32,9 +32,6 @@ Some desktop devices in an enterprise serve a special purpose. For example, a PC - **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. - > [!NOTE] - > [!INCLUDE [Multi-app kiosk mode not supported on Windows 11](./includes/multi-app-kiosk-support-windows11.md)] - A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png) From ede923251b60b1186d70341142ed94927affa156 Mon Sep 17 00:00:00 2001 From: Jason E <31452365+jasonepperly@users.noreply.github.com> Date: Tue, 9 Jan 2024 09:20:54 -0500 Subject: [PATCH 2/5] Learn Editor: Update start-secondary-tiles.md --- windows/configuration/start-secondary-tiles.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md index 7600808ed5..e9b63e1772 100644 --- a/windows/configuration/start-secondary-tiles.md +++ b/windows/configuration/start-secondary-tiles.md @@ -41,9 +41,10 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE **Example of secondary tiles in XML generated by Export-StartLayout** + ```xml ``` - - ## Export Start layout and assets 1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer. @@ -130,6 +129,7 @@ In Microsoft Intune, you create a device restrictions policy to apply to device The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters. + 1. Copy the contents of layout.xml into an online tool that escapes characters. 2. Copy the contents of assets.xml into an online tool that escapes characters. @@ -139,6 +139,7 @@ The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce #### Create a provisioning package that contains a customized Start layout + Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md) >[!IMPORTANT] From 270351d0a717c8865636e4b34a0c9d9187a15470 Mon Sep 17 00:00:00 2001 From: Herbert Mauerer <41573578+HerbertMauerer@users.noreply.github.com> Date: Wed, 24 Jan 2024 13:29:56 +0100 Subject: [PATCH 3/5] Update event-4624.md add note that not all fields will be populated always. Hair-splitter customers will complain about empty fields --- windows/security/threat-protection/auditing/event-4624.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index e49f286567..07fdf70e44 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -250,6 +250,9 @@ This event generates when a logon session is created (on destination machine). I - **Source Port** [Type = UnicodeString]: source port which was used for logon attempt from remote machine. - 0 for interactive logons. + + > [!NOTE] + The fields for IP address/port and workstation name are populated depending on the authentication context and protocol used. LSASS will audit the information the authenticating service shares with LSASS. For example, network logons with Kerberos likely have no workstation information, and NTLM logons have no TCP/IP details. **Detailed Authentication Information:** From 21ac91f8e566ddcc3c9fbd62541b9b5536d2131f Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:43:38 -0600 Subject: [PATCH 4/5] Update kiosk-methods.md --- windows/configuration/kiosk-methods.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 30eca6b168..17b0b7375d 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -32,7 +32,7 @@ Some desktop devices in an enterprise serve a special purpose. For example, a PC - **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. - A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that will affect **all** non-administrator users on the device. + A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device. ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png) From 37ce65caec018d3d7be5c4e1f61cc4d8f44ca6aa Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Wed, 24 Jan 2024 14:48:05 -0600 Subject: [PATCH 5/5] Update kiosk-methods.md --- windows/configuration/kiosk-methods.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 17b0b7375d..d722a89cf2 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -24,7 +24,7 @@ ms.date: 12/31/2017 Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use: -- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app will launch automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. +- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.