deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

initial writing

Browse Source
This commit is contained in:
Paolo Matarazzo 2025-03-03 16:41:38 -05:00
parent a1fa8cdbad
commit 2190af7297
7 changed files with 79 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/configuration/assigned-access/configuration-file.md
View File

@ -90,7 +90,7 @@ A configuration file can contain one or more profiles. Each profile is identifie
A profile can be one of two types:
- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile don't access the desktop, but only the Universal Windows Platform (UWP) application or Microsoft Edge running in full-screen above the Lock screen
- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile execute a Universal Windows Platform (UWP) application or Microsoft Edge running in full-screen
- `AllAppList` is used to configure a restricted user experience. Users assigned this profile, access the desktop with the specific apps on the Start menu
> [!IMPORTANT]

4
windows/configuration/assigned-access/index.md
View File

@ -29,8 +29,8 @@ This option runs a single application in full screen, and people using the devic
Windows offers two different features to configure a kiosk experience:
- **Assigned Access**: used to execute a single Universal Windows Platform (UWP) app or Microsoft Edge in full screen above the lock screen. When the kiosk account signs in, the kiosk app launches automatically. If the UWP app is closed, it automatically restarts
- **Shell Launcher**: used to configure a device to execute a Windows desktop application as the user interface. The application that you specify replaces the default Windows shell (`Explorer.exe`) that usually runs when a user signs in. This type of single-app kiosk doesn't run above the lock screen
- **Assigned Access**: used to execute a single Universal Windows Platform (UWP) app or Microsoft Edge in full screen. When the kiosk account signs in, the kiosk app launches automatically. If the UWP app is closed, it automatically restarts
- **Shell Launcher**: used to configure a device to execute a Windows desktop application as the user interface. The specified application replaces the default Windows shell (`Explorer.exe`) that usually runs when a user signs in
:::row:::
:::column span="1":::

4
windows/configuration/assigned-access/overview.md
View File

@ -9,7 +9,7 @@ ms.topic: overview
Assigned Access is a Windows feature that you can use to configure a device as a kiosk or with a restricted user experience.
When you configure a **kiosk experience**, a single Universal Windows Platform (UWP) application or Microsoft Edge is executed in full screen, above the lock screen. Users can only use that application. If the kiosk app is closed, it automatically restarts. Practical examples include:
When you configure a **kiosk experience**, a single Universal Windows Platform (UWP) application or Microsoft Edge is executed in full screen. Users can only use that application and once the kiosk app is closed, it automatically restarts. Practical examples include:
- Public browsing
- Interactive digital signage
@ -170,7 +170,7 @@ Here are the steps to configure a kiosk using the Settings app:
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
1. Choose the application to run when the kiosk account signs in. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in

2
windows/configuration/assigned-access/quickstart-kiosk.md
View File

@ -79,7 +79,7 @@ Here are the steps to configure a kiosk using the Settings app:
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
1. Choose the application to run when the kiosk account signs in. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in

2
windows/configuration/assigned-access/recommendations.md
View File

@ -116,7 +116,7 @@ The following guidelines help you choose an appropriate Windows app for a kiosk
- Windows apps must be provisioned or installed for the Assigned Access account before they can be selected as the Assigned Access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps)
- UWP app updates can sometimes change the Application User Model ID (AUMID) of the app. In such scenario, you must update the Assigned Access settings to execute the updated app, because Assigned Access uses the AUMID to determine the app to launch
- The app must be able to run above the lock screen. If the app can't run above the lock screen, it can't be used as a kiosk app
- The app must be able to run *above* the lock screen. If the app can't run above the lock screen, it can't be used as a kiosk app
- Some apps can launch other apps. Assigned Access in kiosk mode prevents Windows apps from launching other apps. Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality
- Microsoft Edge includes support for kiosk mode. To learn more, see [Microsoft Edge kiosk mode](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
- Don't select Windows apps that might expose information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access

BIN
windows/configuration/settings/images/settings-page-visibility.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

72
windows/configuration/settings/page-visibility.md Normal file
View File

@ -0,0 +1,72 @@
---
title: Configure the Settings Page Visibility in Windows
description: Learn how to configure the pages listed in the Windows Settings app.
ms.topic: how-to
ms.date: 03/03/2025
author: paolomatarazzo
ms.author: paoloma
---
# Configure the Settings Page Visibility in Windows
*Settings* is a Windows application that provides users with a unified interface to manage their system settings. However, in certain scenarios, you may want to restrict access to specific settings pages to ensure a more controlled and secure environment. This is especially beneficial for devices used in specific environments, such as kiosks or student devices, where limiting access to certain settings can prevent unauthorized changes and maintain a consistent user experience.
You can configure the visibility of settings pages using the *page visibility list* policy setting. This policy allows you to block a given set of pages from the Settings app. Blocked pages will not be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Direct navigation to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead.
This policy has two modes:
- Specify a list of settings pages to show. In this case, the policy string must begin with `showonly:`. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page is the published URI for that page, minus the `ms-settings: protocol part
- Specify a list of pages to hide. In this case, the policy string must begin with `hide:`. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any given settings page is the published URI for that page, minus the `ms-settings:` protocol part
## Examples
> [!NOTE]
> The availability of per-user support is documented [here](https://go.microsoft.com/fwlink/?linkid=2102995).
To specify that only the **About** and **Bluetooth** pages should be shown (their respective URIs are `ms-settings:about` and `ms-settings:bluetooth`) and all other pages hidden:
`showonly:about;bluetooth`
To specify that only the Bluetooth page (URI `ms-settings:bluetooth`) should be hidden:
`hide:bluetooth`
## Configuration
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
| Category | Setting name | Value |
|--|--|--|
| **Settings** | - Page Visibility List<br>- Page Visibility List (User)| List of URIs to show or hide, separated by semicolons.|
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
Alternatively, you can configure devices using a [custom policy][INT-1] with the [Policy CSP](/windows/client-management/mdm/policy-csp-settings#pagevisibilitylist).
| Setting |
|--|
|- **OMA-URI:** `./Device/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList`<br>- **Data type:** string<br>- **Value:** List of URIs to show or hide, separated by semicolons.|
|- **OMA-URI:** `./User/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList`<br>- **Data type:** string<br>- **Value:** List of URIs to show or hide, separated by semicolons.|
#### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
[!INCLUDE [gpo-settings-1](../../../includes/configure/gpo-settings-1.md)]
| Group policy path | Group policy setting | Value |
| - | - | - |
| **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility** | Turn off the Store application| **Enabled**|
| **User Configuration** > **Administrative Templates** > **Control Panel** > **Settings Page Visibility** | Turn off the Store application| **Enabled**|
[!INCLUDE [gpo-settings-2](../../../includes/configure/gpo-settings-2.md)]
---
## User Experience
By controlling the visibility of settings pages, you can create a tailored user experience that meets the specific needs of your organization. In the following picture, a device is configured to show only the **System**, **Network**, and **Ease of Access** pages. The policy setting is configured with the value: `showonly:display;quiethours;network-wifi;easeofaccess-display;easeofaccess-closedcaptioning`:
:::image type="content" source="images/settings-page-visibility.png" alt-text="Screenshot of the Settings app configured with a policy setting to limit the categories displayed.":::