deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update kiosk configuration and shell launcher documentation

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-02-29 12:57:33 -05:00
parent 4ac2559bd3
commit 262cb9b5e9
3 changed files with 57 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/configuration/assigned-access/quickstart-kiosk.md
View File

@ -77,7 +77,7 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the
- **Path:** `AssignedAccess/MultiAppAssignedAccessSettings` - **Path:** `AssignedAccess/MultiAppAssignedAccessSettings`
- **Value:** - **Value:**
[!INCLUDE [quickstart-kiosk-xmll](includes/quickstart-kiosk-xml.md)] [!INCLUDE [quickstart-kiosk-xml](includes/quickstart-kiosk-xml.md)]
[!INCLUDE [provisioning-package-2](../../../includes/configure/provisioning-package-2.md)] [!INCLUDE [provisioning-package-2](../../../includes/configure/provisioning-package-2.md)]

2
windows/configuration/assigned-access/shell-launcher/configuration-file.md
View File

@ -72,7 +72,7 @@ Each profile defines a `Shell` element, which contains details about the applica
| Property| Description | Details | | Property| Description | Details |
|-|-|-| |-|-|-|
|`Shell`| Application that is used as a Windows shell. |- For Universal Windows Platform (UWP) apps, you must provide the App User Model ID (AUMID). Learn how to [Find the Application User Model ID of an installed app](../store/find-aumid.md).<br>- For desktop apps, specify the full path of the executable, which can contain system environment variables in the form of %variableName%. You can also specify any parameters that the app might require. | |`Shell`| Application that is used as a Windows shell. |- For Universal Windows Platform (UWP) apps, you must provide the App User Model ID (AUMID). Learn how to [Find the Application User Model ID of an installed app](../../store/find-aumid.md).<br>- For desktop apps, specify the full path of the executable, which can contain system environment variables in the form of %variableName%. You can also specify any parameters that the app might require. |
|`V2:AppType`| Defines the type of application. |Allowed values are `Desktop` and `UWP`.| |`V2:AppType`| Defines the type of application. |Allowed values are `Desktop` and `UWP`.|
|`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `True`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `False` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.| |`V2:AllAppsFullScreen` | Boolean value that defines if all applications are executed in full screen. |- When set to `True`, Shell Launcher runs every app in full screen, or maximized for desktop apps.<br>- When set to `False` or not set, only the custom shell app runs in full screen; other apps launched by the user run in windowed mode.|

61
windows/configuration/assigned-access/shell-launcher/index.md
View File

@ -1,17 +1,18 @@
--- ---
title: What is Shell Launcher? title: What is Shell Launcher?
description: Learn how to configure devices with Shell Launcher. description: Learn how to configure devices with Shell Launcher.
ms.date: 05/12/2023 ms.date: 02/29/2024
ms.topic: overview ms.topic: overview
--- ---
# What is Shell Launcher? # What is Shell Launcher?
Shell Launcher is a Windows feature that you can use to replace the default Windows Explorer shell (`explorer.exe`) with the `CustomShellHost.exe` application. CustomShellHost can launch a Windows desktop application or a UWP app. Shell Launcher is a Windows feature that you can use to replace the default Windows Explorer shell (`explorer.exe`) with a Windows desktop application or a Universal Windows Platform (UWP) app.
Practical examples include: Practical examples include:
- Public kiosks - Public browsing
- Interactive digital signage
- ATMs - ATMs
Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components. From a custom shell, you can launch secondary views displayed on multiple monitors, or launch other apps in full screen on user's demand. Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components. From a custom shell, you can launch secondary views displayed on multiple monitors, or launch other apps in full screen on user's demand.
@ -22,17 +23,27 @@ Methods of controlling access to other desktop applications and system component
- Group policy (GPO) - Group policy (GPO)
- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview) - [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)
Shell Launcher is part of the [Assigned Access](../overview.md) feature, which you can use to set up a kiosk device or a restricted user experience. To learn about the differences between Shell Launcher and the other options offered by Assigned Access, see [Configure kiosks and restricted user experiences](../index.md).
[!INCLUDE [shell-launcher](../../../../includes/licensing/shell-launcher.md)] [!INCLUDE [shell-launcher](../../../../includes/licensing/shell-launcher.md)]
## Limitations ## Limitations
Here are some limitations to consider when using Shell Launcher: Here are some limitations to consider when using Shell Launcher:
- Windows doesn't support setting a custom shell prior to out-of-box experience OOBE. If you do, you can't deploy the resulting image - Windows doesn't support setting a custom shell prior to out-of-box experience (OOBE). If you do, you can't deploy the resulting image
- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you can't specify `write.exe` in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. `Write.exe` creates a 32-bit `wordpad.exe` process and exits. Since Shell Launcher is not aware of the newly created `wordpad.exe` process, Shell Launcher will take action based on the exit code of `Write.exe`, such as restarting the custom shell. - Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you can't specify `write.exe` in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. `Write.exe` creates a 32-bit `wordpad.exe` process and exits. Since Shell Launcher is not aware of the newly created `wordpad.exe` process, Shell Launcher will take action based on the exit code of `Write.exe`, such as restarting the custom shell
## Configure a device with Shell Launcher ## Configure a device with Shell Launcher
To configure Shell Launcher, you must use the [Assigned Access CSP](/windows/client-management/mdm/assignedaccess-csp#shelllauncher). The configuration of Shell Launcher is done using an XML file. The XML file is then applied to the device via the Assigned Access CSP, using one of the following options:
- A Mobile Device Management (MDM) solution, like Microsoft Intune
- Provisioning packages
- The MDM Bridge WMI Provider
To learn how to configure the Shell Launcher XML file, see [Create a Shell Launcher configuration file](configuration-file.md).
[!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)] [!INCLUDE [tab-intro](../../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune) #### [:::image type="icon" source="../../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
@ -42,8 +53,46 @@ You can configure devices using a [custom policy][MEM-1] with the [AssignedAcces
- **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher` - **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
- **Value:** content of the XML configuration file - **Value:** content of the XML configuration file
#### [:::image type="icon" source="../../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
[!INCLUDE [provisioning-package-1](../../../../includes/configure/provisioning-package-1.md)]
- **Path:** `SMISettings/ShellLauncher`
- **Value:** depends on specific settings
[!INCLUDE [provisioning-package-2](../../../includes/configure/provisioning-package-2.md)]
#### [:::image type="icon" source="../../images/icons/powershell.svg"::: **PowerShell**](#tab/ps) #### [:::image type="icon" source="../../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
[!INCLUDE [powershell-wmi-bridge-1](../../../../includes/configure/powershell-wmi-bridge-1.md)]
```PowerShell
$shellLauncherConfiguration = @"
# content of the XML configuration file
"@
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.ShellLauncher = [System.Net.WebUtility]::HtmlEncode($shellLauncherConfiguration)
$obj = Set-CimInstance -CimInstance $obj
```
[!INCLUDE [powershell-wmi-bridge-2](../../../../includes/configure/powershell-wmi-bridge-2.md)]
--- ---
Depending on your configuration method, you can have a user to automatically sign in to the device. ## User experience
After the settings are applied, the users that are configured to use Shell Launcher will the custom shell after sign-in.
Depending on your configuration, you can have a user to automatically sign in to the device.
## Next steps
> [!div class="nextstepaction"]
> To learn how to configure the Shell Launcher XML file:
>
> [Create a Shell Launcher configuration file](configuration-file.md)