From 1809c2673c4306367f519e59d920b31575f6466f Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 5 Mar 2019 07:36:36 -0800 Subject: [PATCH 01/26] start Shell Launcher v2 --- windows/configuration/kiosk-shelllauncher.md | 25 ++++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index e928698268..cf1c8ccb1a 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -1,6 +1,6 @@ --- title: Use Shell Launcher to create a Windows 10 kiosk (Windows 10) -description: A single-use device such as a digital sign is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). +description: Shell Launcher lets you change the default shell that launches when a user signs in to a device. ms.assetid: 428680AE-A05F-43ED-BD59-088024D1BFCC keywords: ["assigned access", "kiosk", "lockdown", "digital sign", "digital signage"] ms.prod: w10 @@ -15,14 +15,12 @@ ms.date: 10/01/2018 **Applies to** ->App type: Windows desktop application -> ->OS edition: Windows 10 Ent, Edu -> ->Account type: Local standard user or administrator, Active Directory, Azure AD +>**App type**: Windows desktop application; Universal Windows Platform (UWP) app (requires Shell Launcher v2) +>**OS edition**: Windows 10 Ent, Edu +>**Account type**: Local standard user or administrator, Active Directory, Azure AD -Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. +Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In Shell Launcher v1, available in Windows 10, version 1809 and earlier, you could only specify a Windows desktop application as the replacement shell. In Shell Launcher v2, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. >[!NOTE] >Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. @@ -34,9 +32,16 @@ Using Shell Launcher, you can configure a kiosk device that runs a Windows deskt > >You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard). - +## Requirements and instructions for Shell Launcher v2 -## Requirements +### Requirements + + +### Configure Shell Launcher v2 + +## Requirements and instructions for Shell Launcher v1 + +### Requirements >[!WARNING] >- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image. @@ -50,7 +55,7 @@ Using Shell Launcher, you can configure a kiosk device that runs a Windows deskt [See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603) -## Configure Shell Launcher +### Configure Shell Launcher v1 To set a Windows desktop application as the shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell. From 34830edd12c4c57b761b9012cdbdb37ea376c980 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 5 Mar 2019 08:28:18 -0800 Subject: [PATCH 02/26] sync --- windows/configuration/kiosk-shelllauncher.md | 32 +++++++++++++++++--- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index cf1c8ccb1a..eda882b940 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -15,12 +15,9 @@ ms.date: 10/01/2018 **Applies to** ->**App type**: Windows desktop application; Universal Windows Platform (UWP) app (requires Shell Launcher v2) ->**OS edition**: Windows 10 Ent, Edu ->**Account type**: Local standard user or administrator, Active Directory, Azure AD +- Windows 10 Ent, Edu - -Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In Shell Launcher v1, available in Windows 10, version 1809 and earlier, you could only specify a Windows desktop application as the replacement shell. In Shell Launcher v2, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. +Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you could only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. >[!NOTE] >Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. @@ -32,8 +29,33 @@ Using Shell Launcher, you can configure a kiosk device that runs an application > >You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard). +## Differences between Shell Launcher v1 and Shell Launcher v2 + +Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` which can launch a Windows desktop application. + +Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app. + +If you are experienced using XML to configure Shell Launcher, you will use a different schema reference and app type in `Shell`, as shown in the following v2 example. + +``` + + + + + + + + + + + +``` + ## Requirements and instructions for Shell Launcher v2 + + ### Requirements From 4b31a7537add1dcc44d65c2ee1f0cb4d996d30cc Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 5 Mar 2019 08:33:29 -0800 Subject: [PATCH 03/26] sync --- windows/configuration/kiosk-shelllauncher.md | 34 +++++++++----------- 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index eda882b940..e6bf62b7cf 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -51,19 +51,7 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ``` - -## Requirements and instructions for Shell Launcher v2 - - - -### Requirements - - -### Configure Shell Launcher v2 - -## Requirements and instructions for Shell Launcher v1 - -### Requirements +## Requirements >[!WARNING] >- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image. @@ -74,12 +62,11 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - A Windows desktop application that is installed for that account. The app can be your own company application or a common app like Internet Explorer. -[See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603) +[See the technical reference for the shell launcher component.](https://docs.microsoft.com/windows-hardware/customize/enterprise/shell-launcher) +## Enable Shell Launcher feature -### Configure Shell Launcher v1 - -To set a Windows desktop application as the shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell. +To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell. **To turn on Shell Launcher in Windows features** @@ -100,7 +87,18 @@ Alternatively, you can turn on Shell Launcher using Windows Configuration Design Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher ``` -**To set your custom shell** + +## Instructions for Shell Launcher v2 + + + + + + +## Instructions for Shell Launcher v1 + + +**To set your custom shell using PowerShell** Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. From 2660351023095a69b271fe9f5af6b90cb9148293 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 06:52:10 -0800 Subject: [PATCH 04/26] add mdm --- windows/configuration/kiosk-shelllauncher.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 51429814b3..38b69e986f 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -18,7 +18,7 @@ ms.topic: article **Applies to** - Windows 10 Ent, Edu -Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you could only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. +Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. >[!NOTE] >Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. @@ -27,8 +27,9 @@ Using Shell Launcher, you can configure a kiosk device that runs an application >- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools >- [AppLocker](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - Application control policies >- [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm) - Enterprise management of device security policies -> ->You can also configure a kiosk device that runs a Windows desktop application by using the [Provision kiosk devices wizard](#wizard). + +You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). In Windows 10, version 1803 and later, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher. + ## Differences between Shell Launcher v1 and Shell Launcher v2 @@ -36,7 +37,7 @@ Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app. -If you are experienced using XML to configure Shell Launcher, you will use a different schema reference and app type in `Shell`, as shown in the following v2 example. +If you use XML to configure Shell Launcher, you will use a different schema reference and a different app type for `Shell`, as shown in the following v2 example. ``` @@ -89,17 +90,14 @@ Alternatively, you can turn on Shell Launcher using Windows Configuration Design ``` -## Instructions for Shell Launcher v2 +## Configure a custom shell in MDM -## Instructions for Shell Launcher v1 - - -**To set your custom shell using PowerShell** +## Configure a custom shell using PowerShell Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. From a4f8a9be46e1a8102c62ebfc09e66bb659a16339 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 06:57:32 -0800 Subject: [PATCH 05/26] sync --- windows/configuration/kiosk-shelllauncher.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 38b69e986f..aef387e7f2 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -18,10 +18,10 @@ ms.topic: article **Applies to** - Windows 10 Ent, Edu -Using Shell Launcher, you can configure a kiosk device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. +Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. >[!NOTE] ->Using the Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. +>Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. > >Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to: >- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools From 16a564ae3a432246ff6df6a9178a2efaae807bfb Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 07:13:04 -0800 Subject: [PATCH 06/26] add prerelease language --- windows/configuration/kiosk-shelllauncher.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index aef387e7f2..1e5d4f8771 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -18,6 +18,9 @@ ms.topic: article **Applies to** - Windows 10 Ent, Edu +>[!WARNING] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows 10, version 1809 and earlier, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in the next feature update to Windows 10, you can also specify a UWP app as the replacement shell. >[!NOTE] From ff1abfa3c897113aadd4c9b557e08747f2228f56 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 07:40:47 -0800 Subject: [PATCH 07/26] custom oma-uri --- windows/configuration/kiosk-shelllauncher.md | 36 ++++++++++++-------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 1e5d4f8771..e0789e445e 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -40,22 +40,7 @@ Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app. -If you use XML to configure Shell Launcher, you will use a different schema reference and a different app type for `Shell`, as shown in the following v2 example. -``` - - - - - - - - - - - -``` ## Requirements >[!WARNING] @@ -95,9 +80,30 @@ Alternatively, you can turn on Shell Launcher using Windows Configuration Design ## Configure a custom shell in MDM +You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to configure Shell Launcher in MDM. +### XML for Shell Launcher configuration +For Shell Launcher v2, you will use a different schema reference and a different app type for `Shell`, as shown in the following example. +``` + + + + + + + + + + + +``` + +### Custom OMA-URI setting + +[custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) ## Configure a custom shell using PowerShell From c4674be64c06f85367317165c4b8408285f6ba5d Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 08:05:23 -0800 Subject: [PATCH 08/26] sync --- windows/configuration/kiosk-shelllauncher.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index e0789e445e..86e3db1569 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -56,7 +56,7 @@ Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new e ## Enable Shell Launcher feature -To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell. +To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell or MDM. **To turn on Shell Launcher in Windows features** @@ -66,7 +66,7 @@ To set a custom shell, you first turn on the Shell Launcher feature, and then yo 2. Select **Shell Launcher** and **OK**. -Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or the Deployment Image Servicing and Management (DISM.exe) tool. +Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or you can use the Deployment Image Servicing and Management (DISM.exe) tool. **To turn on Shell Launcher using DISM** From dd4ba615f1b0f08de489c4078e03824f7ef64b25 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 08:53:19 -0800 Subject: [PATCH 09/26] xml samples --- windows/configuration/kiosk-shelllauncher.md | 25 +++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 86e3db1569..b74f4a828a 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -84,6 +84,24 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi ### XML for Shell Launcher configuration +The following XML sample works for Shell Launcher v1: + +``` + + + + + + + + + + + + + +``` + For Shell Launcher v2, you will use a different schema reference and a different app type for `Shell`, as shown in the following example. ``` @@ -101,10 +119,15 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ``` +[Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2) + ### Custom OMA-URI setting -[custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) +In your MDM service, you can create a [custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The XML that you use for your setting will determine whether you apply Shell Launcher v1 or v2.) +The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`. + +For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)` instead. ## Configure a custom shell using PowerShell From 24388d8df8fc00b9fb9987b8b280e4d1a117f51d Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 7 Mar 2019 13:29:51 -0800 Subject: [PATCH 10/26] tweak --- windows/configuration/kiosk-shelllauncher.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index b74f4a828a..95dc8e3528 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -48,9 +48,9 @@ Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new e > >- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell. -- A domain or local user account. +- A domain, Azure Active Directory, or local user account. -- A Windows desktop application that is installed for that account. The app can be your own company application or a common app like Internet Explorer. +- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer. [See the technical reference for the shell launcher component.](https://docs.microsoft.com/windows-hardware/customize/enterprise/shell-launcher) From a8616882b4e3baf00e0396428d78782867620f79 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 11 Mar 2019 17:28:36 -0700 Subject: [PATCH 11/26] added new script --- .../microsoft-recommended-block-rules.md | 47 +++++++++++++++++-- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 8522325f19..425b3dca9e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -76,7 +76,13 @@ These modules cannot be blocked by name or version, and therefore must be blocke For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules. -Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet: +Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet. Beginning with the March 2019 quality update, each Windows release requires blocking diffferent version of the following files: + +- msxml3.dll +- msxml6.dll +- jscript9.dll + +In the comments of the following script, find the Windows release that you plan to use the policy for and remove the other file versions. ```xml @@ -137,7 +143,35 @@ Microsoft recommends that you block the following Microsoft-signed applications - + + + + + + + + --> + + + + --> + + + + --> + + + + --> + + + + --> @@ -842,8 +876,11 @@ Microsoft recommends that you block the following Microsoft-signed applications - - + + + + + @@ -1457,7 +1494,7 @@ Microsoft recommends that you block the following Microsoft-signed applications 0 - + ```
From 6cda37d6231575e7ddacafdb853ff0ce8e90ec8b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 11 Mar 2019 17:29:23 -0700 Subject: [PATCH 12/26] edit --- .../microsoft-recommended-block-rules.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 425b3dca9e..c8104d4079 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: jsuther1974 -ms.date: 08/31/2018 +ms.date: 03/11/2019 --- # Microsoft recommended block rules @@ -1494,7 +1494,7 @@ In the comments of the following script, find the Windows release that you plan 0 - + ```
From 606fd49a8e4954684fe79f9bc6d5116227d282a6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 15 Mar 2019 11:49:12 -0700 Subject: [PATCH 13/26] revised block list --- .../microsoft-recommended-block-rules.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index c8104d4079..fcffa122d4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: jsuther1974 -ms.date: 03/11/2019 +ms.date: 03/15/2019 --- # Microsoft recommended block rules @@ -76,13 +76,13 @@ These modules cannot be blocked by name or version, and therefore must be blocke For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules. -Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet. Beginning with the March 2019 quality update, each Windows release requires blocking diffferent version of the following files: +Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet. Beginning with the March 2019 quality update, each version of Windows requires blocking a specific version of the following files: - msxml3.dll - msxml6.dll - jscript9.dll -In the comments of the following script, find the Windows release that you plan to use the policy for and remove the other file versions. +Pick the correct version of each .dll for the Windows release you plan to support, and remove the other versions. ```xml From 825c99d40871ecbf2225d945658c9ba86a4af0e8 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 19 Mar 2019 09:53:13 -0700 Subject: [PATCH 14/26] Chandler feedback --- windows/configuration/kiosk-shelllauncher.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 95dc8e3528..13b934beb1 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -40,6 +40,12 @@ Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app. +In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements: +- You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**. +- From a custom UWP shell, you can launch secondary views and run on multiple monitors. +- The custom shell app runs in full screen, and and can run other apps in full screen on user’s demand. + +For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2). ## Requirements @@ -84,7 +90,7 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi ### XML for Shell Launcher configuration -The following XML sample works for Shell Launcher v1: +The following XML sample works for **Shell Launcher v1**: ``` @@ -102,7 +108,7 @@ The following XML sample works for Shell Launcher v1: ``` -For Shell Launcher v2, you will use a different schema reference and a different app type for `Shell`, as shown in the following example. +For **Shell Launcher v2**, you will use a different schema reference and a different app type for `Shell`, as shown in the following example. ``` @@ -123,7 +129,7 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ### Custom OMA-URI setting -In your MDM service, you can create a [custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The XML that you use for your setting will determine whether you apply Shell Launcher v1 or v2.) +In your MDM service, you can create a [custom OMA-URI setting](https://docs.microsoft.com/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting will determine whether you apply Shell Launcher v1 or v2.) The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`. @@ -131,7 +137,9 @@ For the value, you can select data type `String` and paste the desired configura ## Configure a custom shell using PowerShell -Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. +For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md). + +For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. ``` # Check if shell launcher license is enabled From 5f0e55f678678fa182c6c1c6f65fa8e45c6576f8 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 19 Mar 2019 10:04:31 -0700 Subject: [PATCH 15/26] art plus xml attribute --- windows/configuration/images/slv2-oma-uri.png | Bin 0 -> 19784 bytes windows/configuration/kiosk-shelllauncher.md | 9 ++++++++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 windows/configuration/images/slv2-oma-uri.png diff --git a/windows/configuration/images/slv2-oma-uri.png b/windows/configuration/images/slv2-oma-uri.png new file mode 100644 index 0000000000000000000000000000000000000000..98ee252b6390251ac559ecb2a71d7a061d9a6ca0 GIT binary patch literal 19784 zcmce;by!sGyEaTo4&5O!bO}gFNvAXnARtIL$e@Iz(nAj2okL3~QqqHzNF&V%s7Oo4 zyLg^we|zuu-M{1eecvDNalio#Yu0_QYhCwwo!5EZYoc|vRSEIw@X^rF2-Ve;^wH2T zG||w|VYnE;E1s6o1;7t82RSZS_`e(YF-90Y_H;Xo!{xb^>-{>ub z254+PBC)y3fL|v0FTkf6cfTmZkd#Bhz`rEB>EGXMiFcfCP)XRt3f)J=nceh(9b$#b zvfDj}2bY`v$eN*Ig$78_n% zdm1zpjt-nY)`S4=zg-wne|TKl!wMOJ?P2Q~XIGI>fBSl{;Ks^BL-a`G*%vuVx{z#a z*X5E%&!u_L`S-yDCIL!bK~i{(X%k^Mecl%un-QM1Fo7BTSP%`y!;?+%uJioc^ZX~R zZ^2`0_&5gCt^T{MTcUM-qqh)w0RjSoQtNvWE;JzGifD!k%d1k?SRwnbnh;b0hZBuQ z;4d?mcjAdZV2iC@TQ?}38x&{oAtzJir@0olZ<)dl8n6BcdU<*tybr#7Pug=A4cxEP zo%`X{`mC7FBFgTkyGy=~73=ej4!0*Bw8I`HD|YI$ovfUBmEA#|c}|DToRK?l^qLXygB-oF== z(Yi8+#_mhng5kL41Bs>oM7QSZ+AU49Bsy)f_YsLsF5z} zYAcuQYwmY*b&kX6E9c`RBsx8lCoblXivNuoN{$kGpGRijr^AG_d-KoTYnGMPYZx7b z8c?*32j3i(Oegn-fXBvzP8t^#)b-W}w722*X*n$DTF&`HzgN0$@3M05dU;Rg_UcGa zYF}I1(r^}2e>wJYuj>}ZTPrvBAsS_L`0-cmWe;`dr{^?DbaXbccx61$kFToKO|?#p ztWCj@d@S0YlT_OS+q1#fvpV^YuSbN(+kZXV18-JYUL%}cEM4enzm#x57cp*b_HG~N zee>wLFJtyYxYeigD7QgBic2O4#mY2cS?~ovyfOhRU{Dli9|Og2Sj9MpBzFJOH;mvBvUad40jeB}^);;?d*cWRqTN2^=R0S&3X z3+Q5)kUZPZgq!UIT)EqgI$m{cfvC)NQD_v9jT{L=?I+E3%C{5%kZ^=X#Fd1_52f*& zMFd=_OwZJqJ+T7DY`u#fis3Bvq0GQygUukYF30j@Vm`eP2;WK%`jP&@W+RP2%Fx+X zF0Ks8Vko{6Agt~FgQPXx;6Ye!@Ewe9ezk@J=sNk74|<2OG0I~!Hku9%e}O08U%;8${};&q2XJ!378}POUk(Oe z4R)C|IE*t&bRDMF?JP9&-fox}uBF7~FT7c4eH?UkW_kO^a+o952sL<)6TFY}Q$c-y z(Q8}=pWN0!u4W~bd2=({gF}a#9st0nW$aL{FXccAC*o76fx|EY50mpjve^BJ>{xhj z@Pvj*By>?zRP=JT>ohtHY}%)PZ~pqpT5QYCPn@o3|8US@AaX)w6H<`_a= z1L61;^LeaB zxtJ~rjHWAv0JrW+RT15thqa6gdLMf<+4e4d#!XNIXl|3aIUY+u8R4k^m-#{!lOr^c zG4@XLuIy$!Sd+R-y8oV1{~Yq~=b@(f`EhpFHq-5ygG%scJ83*VXj!)Ai6k&dS|DXr zY~aH7DnJSg(*c7Ee-4ORBoJsn?mW$H+w0UfUk4y8Tij#0&Bueg>+thLv8vDB@-zGa zKC8R8{pdvIcKn&y5_kPFo(UB0{So2PBC=MuZ!K;MO?Ym}4h!JZ{a)ggmy=o@__6){ z{rXlj;=rKxDXkxplgFkhh}fW)r+X`{UggpTl&#_6_lCZm;LigE!=X~_7tP&-G)|R? zto#p__8#BP*$7yA5jq>UQ+Y}>&Az0b~^9)1TS>)iCUp((!N(lat!VhJEwjW-e-CSR?Lm5OQTMs?zdX;PaPSaWsKl8?v z{drvu)Ccb!6Yk^J#+HGv@E-n3WtqkEknCDbPMmCzBZo(bJI7rThlWz_WQ!IbNPe0w;;d zct&X~fp=E6w~oBy()IE~xfQ3Ht6{io3x0FM0V2>4GyN0axPQ;m`p5XigMw-1jumY85(wXb0J-0TEO>- zQ{z)N;~bgWbz+N)vC-3x6Jej*?dYveBSdHHlrU8uG( zwcw0GPYQuIYk2<_=PBfg{gS$mn{z;5VBp&0E~%6AXkzC5S8iM@pO~O#Qu_OqgJ}b(XrZ~s;nqKnRq;w_ zQw{maCBh2*eii>cge!aOHzkmalVJ^8JvVet#PC~)H3%Zsea@svA_1DRNz-&bVvcJy z%;|b@65p?dq?fgnyyER|V*pliF>qqFj*INaGG)8G(@=PCqV9KO1^%j`iG)x zsn-11LdkhR-H3WK{d!2O4)(@A;}d3SeL!MjRqRunAm82aZ;V%&FdNxYGe7buPD9$5X|0lG;l*ckAfQBYh4>%xp05~!hKv8=UbIu!p znb;qfn-3%d?+5DSKh^vHGt}PoQ~%DJCbe!nY(_@(A8e>UhYK&+zMG8}vL6M?!rvJD zpA-Ek0CgD4nQw733)ZBZ^VL}TIoIa1H*xj0rH#Zsqz1naygVsZO+Z8~ zyDqn%1CY(5P5ioKMIDbv`f9&deCee@9fpmkXMgjD96pnNAO{B>fKh zsc+W>Zq`q}c?f(rw(tWQul;?~&y%QMmbVwGvKJG->bh=PzPS(EWH7%JDjgZn%xN7nMb;M_*J0~wxf16{3JDB zd>W`0^5TI4p-wA09{h;)6XPMpQ>V$QEF7eMqZmkzRJ|&@H4AAqDa|GfhVVMHg#M3! zoXG*;)Y7&bSN97Da}q~sy<|kykCL;)^e$<)`=a(5BgM!<5nT02CXxcPDn6(6q^QMI zV~eLi{g4X0I0jg(M&WGR#m}lIiGQ6*-E<~9QE2yfZP(33LeOz>{#hR(@D|TJNSPs6uE-Cu8sKh$1 z7$-y{>@|{$WD!=2X~LmL)v+|lk2?p$)UV{=F*$Re=P4v&5xwXMyb!a-(5nycIG{o1 ztzw`qZ8j(Ud$g~^xV|Ua?`!Zw9+e6?^Cr?xBh<|34iP**$Z20d4Z`Dax}5EFtLhiI zX(^bj3MP2?BEq_Pn?Hw=CuD&b>V+D6%%d3aryS+P3Je0=>j!MdW7{*QPW=LEn3$UDAKFQf-@m-$$PDU)f=p~%B@UPhk z4-eOOD;r7tg_SFZSt65^2sBo*w(4}4Q5uun3bz^(PBdyZ3OV~>x%4W@g1E(0Qjy^; z-29A=MBM&|&to$s_@Ly^36+SbsHv~*_Mh}8{$i`TS3uY>GzDVAS%Zh* zS*Nfd-sv7_ph+A&d4!(eT+ClLYn)#iUXRX*VOS+N&&C-I3sJQKLGo{hJVr*W;Mr&{ ztk6xehbYO)zM_hIYHDmYNbL2(!4T3=UsMsZg;f$2J6yF=VVr^izeM^c7n@dagF=9a zUOCo_banC^!|<2iJ!h~B*r+6g+W_RF9ks1XR)52+j)C(wL%kt3)8P&Y?eD|Pf4f&> z2f6nL;Mm9Bp=9;AR4d299C^edidIP-F@e(mgb8QVJa{}bH z-Dl5&vj1->AuYF$T;&C~II|xLYXKoqS2|2cAEn0+x5|DM4qQEL=_T0bWX3FirCwgv z;X&6`kMMX33}1=;CA$mF$MBB8OYa=SJtfECG=6*%06;i6{GAg6*x|{A+LXfPD8`_( zwQTo~mBw!xK726Y89BZq-o*gD%z0T``63D*BiT-KVW0|xBnvP3J>RIhj@4J79!bnp z>ttnLg0%CGLh|$RsV#34*sl0(<(4jJ(*8@1T=)RpG(3z!=CvXCeems#?)@A?JGf$U zeQ|V-s0z&7y)y}UUjnLxzy`Fk;KL!#Cxx^AD7dNy05-qtl6@8Zf-j8~`T*rU`1|2ln&OR z=-Xt3^varfAA(5LAUto& zFT{#-5MJA&qVphu|CH<7#)}M$f z7(l5biSBvd#V(b_+rlk4xV% z9g`!r``clgtI;eFZbPR(R`QL%7Yc?B5$joToHK>3O1e^BM&KUX>f;BRVG9acse!6N z8xffFyFpjIrP5pAL9^knTV9;Yv02@9ISZN%RlYS%)%9PGDx#?MK&+BI_R^TjyPtXM z__Ahx&D=C}bNTxkh+Xbm63Er#oU(GWudihbGU#p_pIhD9 z=M`jew4sXJ7$K?TK=0p7@iKACYA#ZFi|)HG9E4p~IPmCu!hx>YcdlQ=G>0e%-6O^d zQO+7FVX8tgBn`bTgx84M@)?dDL05t5O#YR~#8kn&0K}OqG~Rg+!%72#PTC4C=!!5A zA=Eec^psw#l1uEAK0?~LqQ1RO1?aKHsjJot%Wpv8mpzJmkAl}+Jx5!SKXRkqYk44+ zwfV*C=CJyT3^Ba?xjl@b-@}VD&~-(+2+UB}S?sl^uw+Z8Dn}e}9eHd+RC* zq3c-6k|GIgh%NnL4incvs|wtB=ccm3{27#7*WLmWYq~C~6{THh6c%OMlqDr5VQ27U z@AFVqPP?-O+-;R-2s?ILS^GPwk~8`fzjO9F&^%@{cxnbcR0#Eo)uI^V6^>Ae8j{zW zMyNXo_B~NmX0tnNG-JArN*KCchjIBOjfFc8tp|5(9#NU@mPt>vl{Y90{T1pFe7;C* zD1ESqncsP->fX6Gm>+!Ze;5VOu5Jb6S!1RSMUp*UvAz7DC-*vN{U&jxc>~L|0){%T ze1sBf-ly?I`N$;yXN_Jk=iI?r?wrFs=Z~o9f9kCmp0nWEFxk}oVW=usYJsQpdlK8! zMVzZp2#d_jx=nBdc|uZD(7^Grg*FKK6B>muErG$PDJqL7LDCj3T8C=TWLIHO?jFRj zLrv2QvQcEfKi@N><^8l7Kd!J<19LDr7kq(_G}1TLeG=fvKLtyiWntzEqGnN#)fG!2 z;%V9;g#n8qbW{axhPh&m)+?KkgDF& zO=?NUV+}ZFIQdpzG`S*COu>wRuJnslv^tpUNybsw{SF7tyhWqRA~7jD)zsKcubbyl zG*OEsRH5AsX1Q_UQ6-jPakWnRyhP^HCNk5A)SXQMTEQ2o*zugsl%VObG=7Ci))z@^ zlCX6RmwS-1AcVBSe1U{LSW`tvz?dohJnOGIFaK%uXCI};`LTt{(8u2nT&zEU5cYlH) zB7~nyH*cQV2=#v&Wv=+_1}Sl~zzK?sa-DJp(O^ZAx6KPEWq|Bcs0qPVB9SHz&gjKi zuQS_RYn&gw;b`FPDVt>Z_Ktl^Ag9B|ll*XCJe}xPrbzKa#w}qV~Jh zsHk{0(yD=@_1j!mJLiyBzZu1nEo~@zd9RIeB zJlF*X;*COQ3kN(!(XRItg)OR%r|W`JjqNx(TVFOHKsqi_*t0kLVGFK`Y|-KkEgJ3j zFb8`>yu9LA%9!T&hcTySFr53_iAc!NM==D!96Lx%I(5S#q~bm647j@vsTe{;{w-w) zx^I+WkL%VOcn+A>7Xq2X;>C8h`hC9EO6~5y@9@}X|IfjiIpJT8v|sLv)}Kfdn+K3C zbezD)E9L0rj9c90FSvD5ZYtYfs?>RveIybd{qJ2d&?;xV!gyDxT2|`%G3sw3_Yv#8 z`?Vrs{p&JLw&?$B@BAY7?7vd3JEij9mm&Y%-uS->o|@v7*QbVmwddRawC5j(Z0pEv zMzZeoN0B=zk>V~Sf77T)WXFEb6Tq8jz1-#PXV=b?ZuL9bym`Uvy}S67C-!Olza(%P zD8NM;sDec?^b0$TRhVq7c89tdCT@Ov?;-p8*pXW&{?3Cd%Xa?>dCvFXK^ner;9n|( zmnSD@ZWTAfloC;*P+v7gnwOKZyOovvp$arHa4Xj*%~{y)uLGB;CBlC90}kbtO+rV& zsA$Er10xaT2Pv+5%N^HFu5 z2`R=>vgWWC(-31ytzUnL?n}Ph>o`qQsJoNMCT)?glEhU)?p7q$`DNGbr9*yT3q@LJ z{(`>abGSbQbzBc`#M6;>ie=@CeRFr(Ilz`{vEZ&{gRU_k|7BOKSWCVvAG9&F$81(~ z@v8K8{~Q3`_IKznahTR48-j0xt`QVwQ9Poy1mB<8#-4wPe0)6fzO%W~%Xi@y)B zR2fzBLel+_`8qlUqlDr(_6)WtyqFS)LFkMdO7Zo{ob!{B{c-5w#^)^Lx##xVw=IA$$G1b~Em7r2*AdDsR<(SkS-!w47Ok!;`L(j>2+e+X~!=OdyCf!u6FYh7w zu&+^c-XG2`tKQAg>_6N3;Pg-zF~aGRO8EZ_A%HtolTjxt4G*yr$%m+<#=Zfk=VHo! z{q{czYCzyz`U9dFF2XblAqUlDsq2ijvbTivZ2pQ$4{&;c&XJPD{M9t%u3b}%Bw7NT zioe@6Ajs8}N9@of-lYL6R#UV0?y0){9ZN6Z^k+Dk-Tz{-1J$P4x>JdWq@LfbWgiyj z&H^Rlr+5&PBTd@kG|6G1C#9r4_69YWDhfZ^&;X+6zp0H*}L^5TR}+W((K@6OO;p=up!{P1C0Ae7!_ zxM0Z9nPBu1oFw~Ekp8& z!-qTjdW5~q(HK~stQk8^ch?zF^lU@dG`{Cf2;U?#2yX;Tja$CsAj z8oLDj4w9{9fXOBc4`lpNoT!~S6K*9n&q4lPY;BZ%Pe^~VyJTj*Ay*aS@_~#~CvWlN zt6zY1_{5Jg(H7YJ0_d5WyGsB0g!-V#dfNubaL#1a#;U9;1X2Qzit>Zy>KL*&~XwXoR;Yemlo0yJOvM zhWb!eiRNhG5HTcrdVYQA3D0J3X0;d;iG&)wuSlxhPASJbDJ5&w&%N*~Db|=_a4a=`7aSN0;nU8g{c6s)`A@q^G zS<}xmgZpo#cNtfwPSl|iiQQfALm1ROWd{rE6k)5^m#4zlquJuJ*T<6-4Xlc3I7r$M zP|oY0Oqx`%UskH#kH@NlNMjlF0^XfV8BsnTy5d)nXzM+qHy#S?`V#cRy?p%?s7Z$#^5yWq_tEFVt*NUYh6Y^{6ZkGjbvd*ZrnHtuGRz zm~d$i<@pZrK_Fac%?y61F(IYGhUcaqVUD&p8K2b0PmbDY#9HmG?gT);lanY8QmI<}o{AC9LPI!K_3CkX^^sUg zVHK+`M37I}xM%!60l896zFBh;T?i>8%gi1g`^AB+%_&u^4l0nCHz?OWfYop`u_x?^ zi3~==lf$&A^+&%vt9%HF^?P34HU|_smVK^?63Fh4#A$-M~(Ao9TqiucXoH}^_ zs}InBH|Murs_ICeHYa&TOHj7X-VV0KG(XI-)(rDPq~OT^c2CnG;9zbq~6nE~gpr5(G~m(bn}-zGQhv~TO}8K0Tk2uD4w zQEa^IBfrQu3_WpUbC7dS21e+W+f0xC>|Kxl&n@H2yP2F!ZhnF_YI5r31WInM`;Ky& zK1LUsVq*$MhltGX{rPMeGc@Q^U^v05zCIhgzTs*2dvOpu>v*M*9XoHz`gsJh&M<31 zE^4vKiM+1VoV1FxMhmyfGy~6hs?jsYvZjWa9fw&1n8*Hu>l~=Ke1ZEnl%)uvam(zfiAwZ22%C;lcV@nP2T^85PJPAu3|t zeO!aKsBZJ6v!H+=4kAHZj6*G`eXT$G8@zvjQTzd{5>L1f(tS z0U}y<`C_~;m;6)**lGCG0e~{COW^=*u>*++XGE7f#G#nBOEPBiGEMKA&>t&avrD;>nF{Gg4WUnNbyIXRz3V17(pw;yT}N z@(Iqq-`oJH%=soFQz+Ng9DcdCa$#Beoomw&^}u?8;o_k5`3`_uHers04%aa`$5NX; zA;e6N`Pv9InksbJrSDPrSZ5@vd$pAvBnkjip2Cp+_@$=tKx%c}ZgkEd}I5`RiL z4mYBcWnA%UZiXds*?SXJZI~6aZyV#_1uJ2{0dbR^vYYnyYq6>5V4|?gTRGdaqb@|h z3rNZpgn?Vk!dUvXD=#&fJVKSX(&&(!Il);y++g%_3E);T8?YSNWcqI8y>+zvz8X+` zVJYY0jPdnH@9b7nd_&?lZw_RSwI5`K!E;|%R7BW*S&Q#F5u!v7TSLEo!X!bjO?UWN z4Xnv1N*t9CoS$r3+T$3{vXvk~RxId@mpocU#rciqGiz5A`{yCQ{sF~Q=Qq2y2E3&s z+BPE>gJ5y1<$!DJ2JFH{D3Wwu*0O5h#?#_{rPVLFJ%MgAh8a&0-iXyl-I&s)-Cuv} z5B&ag+wnUdO0k#-adN4%0U$P z#y}Yg9i~+6dh1j>7~z@4t1s65`e&5E7hT$(GMBfh{M*EKLyA!My&_6%r7mA2Qvz?c z4N{WA$>!?kGx9#xP$R#xhc6J+%3onE5)yT$>RDU~U^`W}QL%w)uM#umJ{5UXjp}tI zr=ruXw0N)8LcZBWF}5^G^E(L>iCjwV^Jq+Q>qnE6XnoQLedO(*%WAX(OeaXS#{zRG z6b&mz#U!dU>u%PfAIi-sA!2Z2x}z9KF5rW-epxomX4|?YabY9in|-z%zcRm1O*OB- z$tm!gKEjJh#R9Hml7-LNrA5d-SGX1lRM9&Il^Ih;)@giin#SfKRV&`n%+d;1TIS=$ zj($Zon^>oZwaDxDgFv&Wn7Pw5Dt8>K*Ejjk>+((#FaQt4uhS!8b^v$NXI6mn&2BmzNA}g`g#qpJGb*Gof~&-^uj~!zzyNf=lE;3 zD8J8r4&xeDexFG(H*TWIC59Ax+jc*?Ac8SRcCDRDzhIQ9B=<%Vj}Oht3{pyP@vGj! z_q^z>ZZ)JA(jW$=ZWeSem#`YfY_KzNKt9Pzf4$zCi0>M9P#$CZu<` zNgG2m4eUf05yP%tF=VD-pLqi|?T@u4^<@uz$tyr@82XdiZz<=dpQ)x~M@;ii2S+1z zFsUGGmKh3L0kyQ!f+Vzin?KYnoe`m!^dp+VN+i}GM0ymZ6_vl-+DbI^L~=S*=a-J^ zOV#pzvk73}_Z;ix7xs{B&*KQEuZvDXV=UPc)JN@5a_8n!uTT9#)2CS@D1mSxD}9mo zNWw6+U=H!OEChXam0IH*lLFbk>#}jZ_Ok#DKYq?ut4`Z|JHq$YX*sBTlW|(`F!6lv zW_RzfH+5D!41D`GkaCVUF3#vM(O^*Z=(e`F=Jj}Bf3Riw!E+Jg=cp{uc(053 z?@`Z(+{$DHrD#2fzUx2Le&EmnIYlkltkmuYMaV?6BT-u#7V&+;c^>dgenDn4LkW?6C~{;oIECTtl8f!Ln|8; zH^EiIBine>`7^T{rZ`Bkgta-m&3*zbp0YMMvpk&_`cv|!rJCR6Asu~(J<2p`o8$+l zv(|Bjn|CmX`;-!$gc<=0(c)FcfS)5`8c5|7z9R6UhVUB>z5?k(xLgSLAI zbTrDKdm^d?hHJ55a9JNZZ`-K)oMb~#gw>P^yOh+M2s`Dp-2o&kt80`{NCfG#jiD2B zp<3iWU=@5?=pQ4B>rFHJ!u6$_QtaHp+-O{$Pe4m*TwIkkebJz+mtS8Z^aeL%lk#D^ z*g#n%e=`EuhcQUfmztB!l|;I(_Zulnn}nk{sv2*Qi$I*jZ&Opl+EpSP^FoU!Ly87C zj5Nrqw9w{}(f2c1tDTQ|NEzUd?8KGtgLV35AKLUSnT)XOu{aW3zRjM%v$MlSJZd+Hh#(bHg6djM zh~~MDQ~txazW7{w7!%ncj~3@<8swWvy(qoCins3PyG2FN?5y5k@D~zPs{l6@o4i{> zw%PNQ6|YL@U^FSU=5GvgAu({FZ@Q(c6?s}P6Lr&9h3_16{N6b&emNx91MLy0Zf1Rh zGOh$<_muS@1K#ja95RQ+i0{xwwcIbU;@xXfNc?Lu(5I+~Id~=;0`dt^ji>HAHEWPY z3-2t#qoS2GeJMg@<8K_bXCLkhQ}c^5(ppWnoKP8i@${x?CHUnkgRrH>DYBTxgd*l> zj2wwTRF4UwW3tuisIF8QU>Fc$NALf)zP4WE75TcYDOnYOy`QuEGttLYl;zOoLY4y zqH*$JDchWoZk|db!ba6|FKiI(5o@rBm3jh$#9MFdKU6KS0^) zMtor@P5arlJkW_23?0ar{*(%7n-DPo0OB9AbbIpoRA^KyMe~`RbB5-;1+o*5=gwZwmqd+xYR_0g$}U)V1Ut$6mWA0o%@FXIu{G{g zuMWO(!F{y=-B32UdZQl{%&C10C9UA^ofP@g{|FM^CVKT0FX84r7^^f%!Tx_x@bJUPxX%^AR@0ebZ{#0-y^v)w*7^Y}A2 z6OQt>Al|kw4K7@GA`o-$+#V}!zG>&foDJ5mU|pt2Gwyi4x6;K_{Cyy%UPFGS4%ts- z?VUxj(HA;OQNlIXK-3N$6NG0FF#fP6A{XL$n@XN-Tx09+m^Z1NHqBO-i`R(!0Nxr$ zsnjnkJs_t>X-tV7e{x~o%Bx(K~y13?H&AS9+HGr&r%{*Ncv7ZDo#7wR_;m? z7dCu)iHasEj%e7SU;$TQ)x{@o$iYJjP2(~jh?Klx9F>Vs+PgEHY-b~k>Ai*VK=~M` zKZ6yo;;MB-YYY;|Pmg78LJU^*-(4JfjW^-l|&x14?!Mei` zIE58-pek0aLEmGK43-8*=s46e~c$+qwwVI=&4arHJ8dB>QhQi;_XNASWTuBlR zr{Ngy?svcYAxTUY3<6oZips7gDu*6r$lDl5>$11Clr(oIt0v4Enseg~ByuCu44yaQ6nQ`AwGhoPk^FMA zvxRu;;x)p>A>cn}Dk;hqx@>*rS0;C~@GYy6G&))nI1KJQ|I#0<=98-}x0YT4Dj974sKFp8+?ZQn<7 zG(`7qit5`*;cTH3AVdt1Hocpsu;FN9y07i{JBl>T_(a);*ERKF@0900>FM=DmD>>! ze9Qx%a;Bxk8$&)i5}}B^i3qxMXKX8GAWrIu*)&PI&+w} zN3FOqdf&SVUJngx3u-y4LFW7ttyIUD{cX2U%y@>WJ!n#OEZ#wrwE9y6FAb|l@0oSH z5U*?#PjXb5Yt~jK3PI*e5lY444oj$)+6@)sOQ~YCL?G^UlMk^H3mxL#Q{vBaB@QDc z6Wqr)^-y~ci;7d|1{4WklMb3IZi}+(q_fwF52qBzgPXbUTCB6yy!2*T%7ryd)M$NF zOzDe)J2`%(7KhB}pLh2&p9p!;?%lYg4mmev#lCa zZ;$q;*j!KQBb0i!#f|ug1ysnUqyZjPzfh4P;RBCeMTQ!je7X&I&}03!d87ovFVzj_ z+>u7s+u#G+|GnL5Dm1+L3nUI0%&Xk6V;sq_Ni>0tLUN6`4t&OWrgK&xP)zh{w}8W( z9~%vH;LutXfmAeM!};qvXPJc|g$2Kuei-=!*N3I}xGC0++P`)o=XxpA$9Cti4DQmv zLN^dU7|Oz_Z1E??0h`mmsVnOV>ONE7qsII9r(I)Rh3ja{+(5uKa;xYM6;MVbwb|UU z*(K$}$Y~X2`0lZsN?t`cO$qoQOi0k7-R_!?H#XUIbTAcS$W&Tnxt@x@kBpB;O{qE7 zisxGAooT2SSusLv$A0Nd^S@sN)0Z1@e@r$IbDNfq;*o@O`R$Y7H55zK;g=azrQpzd zyOoi2ggwjd)J=6w3ajBpg^{ot^6+O>j4GqfaiS zIaN$Yp;zEl7-fD>(Xw?_$kEVNgdS=LrHMn|I(xBsM;r)Bm*!FeBI;fB1DY$t-$OTL zvDegX!XEc6nt{}xB0BGyMAI>6Jfr03S-~dzxquYA%o|qh8nkPZeSdr|0e@MdE|iB< zBzLv}eJ(J974qoBg?yNMr#M>~;g|OO zuutb@3=Ox-=K1a>On%)b5LTLmTN1lH- z{HO5(LFFb@8@3k_S^>Yy2yxOo$-Mx<@yC(#t$LJ@y*qc$bQVC7?s!Y(IO;H62+p-5 zwvxnR@4vCadiOxxW?Ip+nga(Yt4S%cKV7pC*ev^~idrK0={K55_PY!Li@*K5-QZ9o zXe4+;%LU~k;rSqO?L%`-`Sc>vPxny|ibbD<3Y?CKiUyr+Xv5DM7!&DiMn0AT*F_XK zdq=QhGFm$Sa4+G%Ll#01{kZ4y`8^zpS8WZRoPgO;1x~L@xdL_|jDCA8FQ-;1G%)gC z0@&5{`&+*=p()v|iZgTO51mI#_TlbBGfNqcJWsKzcsQ~Cs6n{w2p7oG+5`tOGK+!W z);>Mn_*`hd=m3o(*GT(=&AN+v`-Ojg17~=Nw&HIdOpAX-)sd8ngyv>2ldq-v+=kHFt)+Xx;>L zqb?vg(*buHv;Dh&CIfi-fO<*{+;tl`eRuZFuwwti0UEDLZb1ANU^@CA&s)>hrS~^a z1)JBLdnBB%)G~ZFluiEDcHIBS@#e{M(F%6^(%|MQyaQlsPD1dh5~^;dS?3<`!2>0D zm;)7o&&Gihwi zTGsw76197W%$Y-A9L#36j1PAi1cW-T7+}iV@s+6S{@DQb$D@>11Y}Q0Pyh3wq7@Cq=!mO{V>>tId_h0U{a-6l*&$cK_;$-!X@&H${zVhpDJjO|HL3IXshB=uo5S9R%i5i15zJzrnt7!okFWeFXk>10?|sape_vy zhCW3DK6k$!fFpNJ9Qjo*`44$Dg0PRcB8ttTUAV6b@##a=nsD@nz!ct-1!6A=q@s4C zT5;hn99VA;W<`M8V5AQC!X_w{{gzwFwKdP}U$?McqF3lxtZe9Qey7RP$~CylcQ%mH zK(M)LYD&`j2QUsB&io_0Es*a!r20rv>nHX00RULYOMnIFE&KD1{n?g3!*tsgkXP24 zhC-+)L4BAKeF^m}f?t!ORG+b_6>7@SKt!0hp`;)h3QrQj8+qBsugAersVvfd$26;wYO$Px-H(x#J&D4jXIJ{#YYJH;Gz3eCVioFrF zN@1cK2Yu*Gz&@%6&ywCtEYe2DPrwiQzC4Lyz>E^c;2dR5T{i~z^e_({kHw_@O0;qw zX`;}Nz{DXEH1#{?m{A!sBkB5}`Oo}D`BN%u&`@xYhZNRO#=;?@*;?PWmYt1E!zuu& zqW!S$SXF#EHANP9V9Jrz&v=;y3t!XLCcuS&`ZDQ(B_ z^o@(b$dt}1wH5)Vx-mik%n zzjq-<>_h|XfClf zUw&)q-nHLoPCE3bIMT+`OD>ftN)UrgC8I!sdJT|TkR%DSAraR;r3bNk2fh?yWP}35 zij^5rhpN*WG7)-GAIrG#H@50{^esSLy^5SKUpajduPfQ+R$UsrmT3_wk{Xr3%rn%AZp1R;zGp#1V zA~)GThZD|*G{6VN$bYL~mqnrA<<2r_qv1w#B6_?Mb}=S|Z|)PYTR-Rh!$@1?rfEJ_ z&q^uQSJFiEP{il^$N_0tgzGcxV(=nhEWPtGiH)@OLSg34*(3gAF&-<$$3*_{YDhhV zzP#SXh~edT-L6|Alf(e?4bB!w-SZOt$@hu2rS>XB8l*@a5YI$FHxQgk;-EUG_!< zW>$!Mf7OK@sFn5JY#BLWFZ2Ie+i#vQX8ymAR+?TEljHP9(?>s= zEg}!)#VswAeEy>_@K%jd%UZ40&J|qB$JQ`({V+W!5gIpPLvhi~vys5@(VE$!CeoKc z=lxWqwtO;4-jKbrBVEF9>!Y<7I1GzcpE$WBL|Y{0^!#qF3kQ3(GJH8!l&&?n$sBk% zYW1F57E>c#7kDtRt=|$fbq;g&@>TT$Dp}4!5jVW_7I`^4U7Tq*uOd6k*6FOUWYevR z3n%KPIj&{1N}c^OaEo@}l-$lov5%PJHv?yBHeHV6T&Eo?7qhyM_wm90gV`3T#j4M( z*#r|UW-=1A#YX=A*~@O$1JtzSno?A9GQ=e%_1r{vX&O6_L@w&&bj^khrw!L7DM^BOaN z^AFP{O?k&!BaM-iCGL)+V`pJF)Dz z!HMRD?^v9bB>X{%HB{NywW~~b`HN`hhc1x$z534wcXw@7dy%wy%j2u(&wrXKZ?>L` zId)^G|nJKGG$BwfP@URPXE0S$`#2qSCkFN5-KENg-d9 z)Z3~;RNS_CN-!_p-T0c}qVhqLOuzWbEi)#}=2(^G*X#8pQNTH+M_~587lPK`y`7F8 zK2T?R;&+odNu3tY;(Ss77YM`QL z*WUr><$$Tl4A@JJs@ap4qR!b zGofyVy}jP97mK>}&LwR;>u>p8{oonkK1pDUTo0s@(xW?o?Gd8(lapc7`Yw<&FZ-J1 c{P@qv5%{>pKk9)F@bohVPgg&ebxsLQ05?Jeh5!Hn literal 0 HcmV?d00001 diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index 13b934beb1..abe3e1996e 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -116,7 +116,7 @@ For **Shell Launcher v2**, you will use a different schema reference and a diffe xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - + @@ -125,6 +125,9 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> ``` +>[!TIP] +>In the XML for Shell Launcher v2, note the **AllAppsFullScreen** attribute. When set to **True**, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to **False** or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode. + [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2) ### Custom OMA-URI setting @@ -135,6 +138,10 @@ The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`. For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)` instead. +![Screenshot of custom OMA-URI settings](images/slv2-oma-uri.png) + +After you configure the profile containing the custom Shell Launcher setting, select **All Devices** or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups. + ## Configure a custom shell using PowerShell For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md). From 45ce7fc456fdb86a0e3f32fdaa83aa90cd111984 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Sat, 23 Mar 2019 23:15:20 +0200 Subject: [PATCH 16/26] added update install location https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2182 --- .../hello-for-business/hello-hybrid-cert-whfb-provision.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 461d86ca82..5350a7e35a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -59,7 +59,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization. > [!NOTE] -> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. +> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. The update needs to be installed on the federation servers. After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows send the certificate request to the AD FS server for certificate enrollment. From a3b70875568e8f0ff27b931202212fe9b7732972 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 1 Apr 2019 10:19:36 -0700 Subject: [PATCH 17/26] remove ms.date --- .../change-history-for-configure-windows-10.md | 7 ++++++- windows/configuration/kiosk-shelllauncher.md | 1 - 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 52fa2a92d0..954454df28 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -10,13 +10,18 @@ ms.localizationpriority: medium author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 11/07/2018 --- # Change history for Configure Windows 10 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. +## April 2019 + +New or changed topic | Description +--- | --- +[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Added information for Shell Launcher v2, coming in the next feature update to Windows 10. + ## February 2019 New or changed topic | Description diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md index abe3e1996e..308da89102 100644 --- a/windows/configuration/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk-shelllauncher.md @@ -8,7 +8,6 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: medium -ms.date: 10/01/2018 ms.topic: article --- From 41ced48b7509232f0a1a7010ff963bfc62a3e3f3 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 2 Apr 2019 07:56:58 -0700 Subject: [PATCH 18/26] add shell launcher in kiosk methods --- windows/configuration/kiosk-methods.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 888cbc3049..8e1d43a044 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -43,6 +43,7 @@ You can use this method | For this edition | For this kiosk account type [Assigned access cmdlets](kiosk-single-app.md#powershell) | Pro, Ent, Edu | Local standard user [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Azure AD [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD +[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Azure AD ## Methods for a single-app kiosk running a Windows desktop application @@ -50,8 +51,8 @@ You can use this method | For this edition | For this kiosk account type You can use this method | For this edition | For this kiosk account type --- | --- | --- [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Azure AD -[Shell Launcher](kiosk-shelllauncher.md) | Ent, Edu | Local standard user, Active Directory, Azure AD [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Azure AD +[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Azure AD ## Methods for a multi-app kiosk From bfedcc723526c304476be8a163674277a2ad0841 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 2 Apr 2019 08:02:02 -0700 Subject: [PATCH 19/26] add prerelease to kiosk-methods --- windows/configuration/kiosk-methods.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md index 8e1d43a044..82aa4dc94f 100644 --- a/windows/configuration/kiosk-methods.md +++ b/windows/configuration/kiosk-methods.md @@ -12,6 +12,9 @@ ms.topic: article # Configure kiosks and digital signs on Windows desktop editions +>[!WARNING] +>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + Some desktop devices in an enterprise serve a special purpose, such as a PC in the lobby that customers can use to view your product catalog or a PC displaying visual content as a digital sign. Windows 10 offers two different locked-down experiences for public or specialized use: | | | From 8502293acac41d65fb1fd23cb5a172a08948a07d Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 2 Apr 2019 08:03:33 -0700 Subject: [PATCH 20/26] -desktop --- windows/configuration/kiosk-additional-reference.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md index 72377d11f6..81a9ba0ecf 100644 --- a/windows/configuration/kiosk-additional-reference.md +++ b/windows/configuration/kiosk-additional-reference.md @@ -8,7 +8,6 @@ ms.mktglfcycl: manage ms.sitesec: library author: jdeckerms ms.localizationpriority: medium -ms.date: 09/13/2018 ms.topic: reference --- @@ -30,7 +29,7 @@ Topic | Description [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. [Use AppLocker to create a Windows 10 kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps. -[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows desktop application as the user interface. +[Use Shell Launcher to create a Windows 10 kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. [Use MDM Bridge WMI Provider to create a Windows 10 kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. [Troubleshoot kiosk mode issues](kiosk-troubleshoot.md) | Tips for troubleshooting multi-app kiosk configuration. From 646d20dcac63cf0b11daa6c1dd39b99c524bcd92 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 6 Apr 2019 22:54:52 +0500 Subject: [PATCH 21/26] NT SERVICE\WdiServiceHost was missing in Doc The default value for this policy is Administrators and NT SERVICE\WdiServiceHost where as NT SERVICE\WdiServiceHost was missing in the doc. I have updated the doc accordingly. --- .../security-policy-settings/profile-system-performance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index a7425d8dc2..f8330aeb84 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -44,7 +44,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use ### Default values -By default this setting is Administrators on domain controllers and on stand-alone servers. +By default this setting is Administrators and NT SERVICE\WdiServiceHost on domain controllers and on stand-alone servers. The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page. From 0793ec9a83c5af3601078a39555c954bbd44bf69 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 8 Apr 2019 15:11:47 +0500 Subject: [PATCH 22/26] Comma was missing The comma was missing as suggested by copy editor team. --- .../security-policy-settings/profile-system-performance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index f8330aeb84..06d22fc8d2 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -44,7 +44,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use ### Default values -By default this setting is Administrators and NT SERVICE\WdiServiceHost on domain controllers and on stand-alone servers. +By default, this setting is Administrators and NT SERVICE\WdiServiceHost on domain controllers and on stand-alone servers. The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page. From 19f040fc02122a96f108ac7e58cb1402f756dd93 Mon Sep 17 00:00:00 2001 From: TokyoScarab Date: Mon, 8 Apr 2019 15:51:45 -0400 Subject: [PATCH 23/26] Adding CSP Reference Link These changes will clear up confusion about the support of this CSP in Windows 10 as it wasn't added for all versions of Windows. --- windows/client-management/mdm/windowssecurityauditing-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index c7ebdf2171..74aa8f8b40 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -13,7 +13,7 @@ ms.date: 06/26/2017 # WindowsSecurityAuditing CSP -The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511. +The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference) to see if this CSP and others are supported on your Windows installation. The following diagram shows the WindowsSecurityAuditing configuration service provider in tree format. From 023352a0281372e0c3f7d2d0fcf336180f81578b Mon Sep 17 00:00:00 2001 From: Adolfo Jayme-Barrientos Date: Mon, 8 Apr 2019 18:18:18 -0500 Subject: [PATCH 24/26] =?UTF-8?q?Fix=20typo:=20SkreenSketch=20=E2=86=92=20?= =?UTF-8?q?ScreenSketch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Snip & Sketch’s package name is correctly spelled with a C. --- windows/application-management/apps-in-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 8eed696dd9..637e02d729 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -61,7 +61,7 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an | Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.SkreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | | Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | | Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.VP9VideoExtensions | | | | | x | No | @@ -181,4 +181,4 @@ Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, a | | Microsoft.VCLibs.140.00 | x | x | x | Yes | | | Microsoft.VCLibs.120.00.Universal | x | | | Yes | | | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes | ---- \ No newline at end of file +--- From 4038fd10d5f29897737631aac1ecf86b8db69d2e Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 9 Apr 2019 10:28:04 +0500 Subject: [PATCH 25/26] Grammar Issue There was a grammar issue that has been fixed. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/774 Previous PR:https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3147/files --- windows/deployment/upgrade/log-files.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 289b0b5793..a966f7ad8e 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -55,7 +55,7 @@ Event logs: Generic rollbacks (0xC1900101) or unexpected reboots. ## Log entry structure -A setupact.log or setuperr.log (files are located at C:\Windows) entry includes the following elements: +A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
  1. The date and time - 2016-09-08 09:20:05. From f24b38f38b8c590379bd013300e753b595369685 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 9 Apr 2019 12:01:27 -0700 Subject: [PATCH 26/26] date --- .../microsoft-recommended-block-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index fcffa122d4..8b6d1d2ef7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: jsuther1974 -ms.date: 03/15/2019 +ms.date: 04/09/2019 --- # Microsoft recommended block rules