deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add configuration to assigned access profiles

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-02-28 13:43:37 -05:00
parent 8d8912847e
commit 472e1f45dc
6 changed files with 25 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
windows/configuration/assigned-access/assigned-access-configuration-file.md
View File

@ -20,15 +20,6 @@ Let's start by looking at the basic structure of the XML file. An Assigned Acces
> [!NOTE] > [!NOTE]
> A profile has no effect if it's not associated to a user account. > A profile has no effect if it's not associated to a user account.
```text
Assigned Access
|___ Profiles
| |___ Profile
| |___ KioskApp
| |___ TaskBar
|___ Configs
```
Here's a basic example of an Assigned Access configuration file, with one profile and one config: Here's a basic example of an Assigned Access configuration file, with one profile and one config:
```xml ```xml
@ -36,12 +27,12 @@ Here's a basic example of an Assigned Access configuration file, with one profil
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
<Profiles> <Profiles>
<Profile Id="GUID"> <Profile Id="GUID">
... <!-- Add configuration here as needed -->
</Profile> </Profile>
</Profiles> </Profiles>
<Configs> <Configs>
<Config> <Config>
... <!-- Add configuration here as needed -->
</Config> </Config>
</Configs> </Configs>
</AssignedAccessConfiguration> </AssignedAccessConfiguration>
@ -54,7 +45,7 @@ A configuration file can contain one or more profiles. Each profile is identifie
```xml ```xml
<Profiles> <Profiles>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}"> <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
... <!-- Add configuration here as needed -->
</Profile> </Profile>
</Profiles> </Profiles>
``` ```
@ -106,13 +97,13 @@ Restricted user experience example:
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example"> <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example">
<AllAppsList> <AllAppsList>
<AllowedApps> <AllowedApps>
[...] <!-- Add configuration here as needed -->
</AllowedApps> </AllowedApps>
</AllAppsList> </AllAppsList>
<StartPins> <StartPins>
</StartPins> </StartPins>
<TaskbarLayout> <TaskbarLayout>
[...] <!-- Add configuration here as needed -->
</TaskbarLayout> </TaskbarLayout>
</Profile> </Profile>
</Profiles> </Profiles>
@ -129,11 +120,11 @@ Restricted user experience example:
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example"> <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example">
<AllAppsList> <AllAppsList>
<AllowedApps> <AllowedApps>
[...] <!-- Add configuration here as needed -->
</AllowedApps> </AllowedApps>
</AllAppsList> </AllAppsList>
<rs5:FileExplorerNamespaceRestrictions> <rs5:FileExplorerNamespaceRestrictions>
[...] <!-- Add configuration here as needed -->
</rs5:FileExplorerNamespaceRestrictions> </rs5:FileExplorerNamespaceRestrictions>
<StartLayout> <StartLayout>
</StartLayout> </StartLayout>
@ -450,59 +441,38 @@ Microsoft Entra accounts must be specified with the format: `AzureAD\{UPN}`. `Az
Group accounts are specified using `<UserGroup>`. Nested groups aren't supported. For example, if *User A* is member of *Group A*, *Group A* is member of *Group B*, and *Group B* is used in `<Config/>`, *User A* doesn't have the kiosk experience. Group accounts are specified using `<UserGroup>`. Nested groups aren't supported. For example, if *User A* is member of *Group A*, *Group A* is member of *Group B*, and *Group B* is used in `<Config/>`, *User A* doesn't have the kiosk experience.
:::row::: ##### Local group
:::column span="2":::
#### Scenario
:::column-end:::
:::column span="2":::
#### XML snippet
:::column-end:::
:::row-end:::
:::row:::
:::column span="2":::
**Local group**
Specify the group type as `LocalGroup` and add the group name in the `Name` attribute. Specify the group type as `LocalGroup` and add the group name in the `Name` attribute.
:::column-end:::
:::column span="2":::
```xml ```xml
<Config> <Config>
<UserGroup Type="LocalGroup" Name="groupname" /> <UserGroup Type="LocalGroup" Name="groupname" />
<DefaultProfile Id="{GUID}"/> <DefaultProfile Id="{GUID}"/>
</Config> </Config>
``` ```
:::column-end:::
:::row-end::: #### Active Directory group
:::row:::
:::column span="2":::
**Active Directory group**
Both security and distribution groups are supported. Specify the group type as <strong>ActiveDirectoryGroup</strong>. Use the domain name as the prefix in the name attribute. Both security and distribution groups are supported. Specify the group type as <strong>ActiveDirectoryGroup</strong>. Use the domain name as the prefix in the name attribute.
:::column-end:::
:::column span="2":::
```xml ```xml
<Config> <Config>
<UserGroup Type="ActiveDirectoryGroup" Name="contoso\groupname" /> <UserGroup Type="ActiveDirectoryGroup" Name="contoso\groupname" />
<DefaultProfile Id="{GUID}"/> <DefaultProfile Id="{GUID}"/>
</Config> </Config>
``` ```
:::column-end:::
:::row-end::: #### Microsoft Entra group
:::row:::
:::column span="2":::
**Microsoft Entra group**
Use the object ID of the Microsoft Entra group. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as `AzureActiveDirectoryGroup`. The kiosk device must have internet connectivity when users that belong to the group sign-in. Use the object ID of the Microsoft Entra group. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as `AzureActiveDirectoryGroup`. The kiosk device must have internet connectivity when users that belong to the group sign-in.
:::column-end:::
:::column span="2":::
```xml ```xml
<Config> <Config>
<UserGroup Type="AzureActiveDirectoryGroup" Name="Group_GUID" /> <UserGroup Type="AzureActiveDirectoryGroup" Name="Group_GUID" />
<DefaultProfile Id="{GUID}"/> <DefaultProfile Id="{GUID}"/>
</Config> </Config>
``` ```
:::column-end:::
:::row-end:::
### Global profile ### Global profile

4
windows/configuration/assigned-access/includes/assigned-access-example-file-explorer-restrictions.md
View File

@ -14,12 +14,12 @@ ms.topic: include
xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"> xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config">
<Profiles> <Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"> <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
... <!-- Add configuration here -->
<rs5:FileExplorerNamespaceRestrictions> <rs5:FileExplorerNamespaceRestrictions>
<rs5:AllowedNamespace Name="Downloads"/> <rs5:AllowedNamespace Name="Downloads"/>
<v3:AllowRemovableDrives/> <v3:AllowRemovableDrives/>
</rs5:FileExplorerNamespaceRestrictions> </rs5:FileExplorerNamespaceRestrictions>
... <!-- Add configuration here -->
</Profile> </Profile>
</Profiles> </Profiles>
<Configs> <Configs>

2
windows/configuration/assigned-access/includes/assigned-access-example-global-profile.md
View File

@ -14,7 +14,7 @@ ms.topic: include
xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">
<Profiles> <Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"> <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
... <!-- Add configuration here -->
</Profile> </Profile>
</Profiles> </Profiles>
<Configs> <Configs>

4
windows/configuration/assigned-access/includes/assigned-access-example-two-profiles.md
View File

@ -18,10 +18,10 @@ ms.topic: include
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"> <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
<AllAppsList> <AllAppsList>
<AllowedApps> <AllowedApps>
... <!-- Add configuration here as needed -->
</AllowedApps> </AllowedApps>
</AllAppsList> </AllAppsList>
... <!-- Add configuration here as needed -->
</Profile> </Profile>
</Profiles> </Profiles>
<Configs> <Configs>

2
windows/configuration/assigned-access/includes/assigned-access-example-usergroup.md
View File

@ -13,7 +13,7 @@ ms.topic: include
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"> xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config">
<Profiles> <Profiles>
... <!-- Add configuration here as needed -->
</Profiles> </Profiles>
<Configs> <Configs>

8
windows/configuration/assigned-access/shell-launcher-configuration-file.md
View File

@ -28,10 +28,10 @@ You can start your file by pasting the following XML code into a text editor, an
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration" xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles> <Profiles>
... <!-- Add configuration here as needed -->
</Profiles> </Profiles>
<Configs> <Configs>
... <!-- Add configuration here as needed -->
</Configs> </Configs>
</ShellLauncherConfiguration> </ShellLauncherConfiguration>
``` ```
@ -43,7 +43,7 @@ If you want to define a default profile, you can use the `DefaultProfile` elemen
```xml ```xml
<Profiles> <Profiles>
<DefaultProfile> <DefaultProfile>
... <!-- Add configuration here as needed -->
</DefaultProfile> </DefaultProfile>
</Profiles> </Profiles>
``` ```
@ -53,7 +53,7 @@ Each profile is identified by a unique identifier `Profile Id`, for example:
```xml ```xml
<Profiles> <Profiles>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}"> <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
... <!-- Add configuration here as needed -->
</Profile> </Profile>
</Profiles> </Profiles>
``` ```