mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 18:33:43 +00:00
Update Shell Launcher configuration file names
This commit is contained in:
Paolo Matarazzo
@ -17,7 +17,7 @@ Let's start by looking at the basic structure of the XML file.
|
||||
- A configuration xml can have multiple `configs`. Each config associates a non-admin user account to a default profile Id
|
||||
- A profile has no effect if it's not associated to a user account
|
||||
|
||||
You can start your file by pasting the following XML code into a text editor, and saving the file as `filename.xml`.
|
||||
You can start your file by pasting the following XML code into a text editor, and saving the file with an xml extension. For example, `kiosk.xml`.
|
||||
|
||||
::: zone pivot="windows-11"
|
||||
|
||||
@ -56,7 +56,7 @@ You can start your file by pasting the following XML code into a text editor, an
|
||||
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
|
||||
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
|
||||
xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
|
||||
xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"
|
||||
xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">
|
||||
<Profiles>
|
||||
<Profile Id="">
|
||||
<AllAppsList>
|
||||
@ -79,35 +79,71 @@ You can start your file by pasting the following XML code into a text editor, an
|
||||
|
||||
## Profiles node
|
||||
|
||||
An Assigned Access configuration file can contain one or more profiles. Each profile is identified by a unique identified `Profile Id`, for example:
|
||||
|
||||
```xml
|
||||
<Profiles>
|
||||
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
|
||||
...
|
||||
</Profile>
|
||||
</Profiles>
|
||||
```
|
||||
|
||||
There are two types of profiles that you can specify in the XML:
|
||||
|
||||
- **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
|
||||
- **Kiosk profile**: Starting with Windows 10 version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile won't see the desktop, but only the kiosk app running in full-screen mode.
|
||||
- `AllAppList` is used to configure a restricted user experience. Users assigned this profile access the desktop with the specific apps on the Start menu
|
||||
- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile don't access the desktop, but only the UWP application or Microsoft Edge running in full-screen
|
||||
|
||||
A lockdown profile section in the XML has the following entries:
|
||||
### AllAppList profile
|
||||
|
||||
- [**Id**](#id)
|
||||
- [**AllowedApps**](#allowedapps)
|
||||
- [**StartPins**](#startpins)
|
||||
- [**Taskbar**](#taskbar)
|
||||
An `AllAppList` profile has the following properties:
|
||||
|
||||
A kiosk profile in the XML has the following entries:
|
||||
::: zone pivot="windows-11"
|
||||
|
||||
- [**Id**](#id)
|
||||
- [**KioskModeApp**](#kioskmodeapp)
|
||||
- `Id` (required)
|
||||
- `Name` (optional)
|
||||
- `AllowedApps`
|
||||
- `StartPins`
|
||||
- `TaskbarLayout`
|
||||
|
||||
::: zone-end
|
||||
|
||||
::: zone pivot="windows-10"
|
||||
|
||||
- `Id` (required)
|
||||
- `Name` (optional)
|
||||
- `AllowedApps`
|
||||
- `StartLayout`
|
||||
- `Taskbar`
|
||||
- `FileExplorerNamespaceRestrictions`
|
||||
|
||||
::: zone-end
|
||||
|
||||
### KioskModeApp profile
|
||||
|
||||
A `KioskModeApp` profile contains the following properties:
|
||||
|
||||
- `Id` (required)
|
||||
- `Name` (optional)
|
||||
- `KioskModeApp` (required)
|
||||
|
||||
Example:
|
||||
|
||||
```xml
|
||||
<Profiles>
|
||||
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" Name="Microsoft Learn example">
|
||||
<KioskModeApp v4:ClassicAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" v4:ClassicAppArguments="--kiosk https://maps.cltairport.com/ --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2" />
|
||||
<v4:BreakoutSequence Key="Ctrl+A"/>
|
||||
</Profile>
|
||||
</Profiles>
|
||||
```
|
||||
|
||||
In the XML file, you define each profile with a globally unique identifier (GUID), which must be unique within the XML file.
|
||||
|
||||
> [!TIP]
|
||||
> You can generate a GUID with the PowerShell cmdlet `New-Guid`.
|
||||
|
||||
```xml
|
||||
<Profiles>
|
||||
<Profile Id="6954c40a-45dd-4176-a2e3-ecaf5c97f425">
|
||||
...
|
||||
</Profile>
|
||||
</Profiles>
|
||||
```
|
||||
|
||||
|
||||
A *profile node* contains the following properties:
|
||||
|
||||
@ -5,7 +5,7 @@ ms.date: 02/12/2024
|
||||
ms.topic: how-to
|
||||
---
|
||||
|
||||
# Shell Launcher configuration XML examples
|
||||
# Create an Shell Launcher configuration file
|
||||
|
||||
This article provides practical examples of Shell Launcher XML configuration files.
|
||||
|
||||
@ -100,129 +100,6 @@ After you configure the profile containing the custom Shell Launcher setting, se
|
||||
|
||||
## Configure a custom shell using PowerShell
|
||||
|
||||
For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md).
|
||||
|
||||
For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you'll want to change the script for your purposes. Save your script with the extension.ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
|
||||
|
||||
```powershell
|
||||
# Check if shell launcher license is enabled
|
||||
function Check-ShellLauncherLicenseEnabled
|
||||
{
|
||||
[string]$source = @"
|
||||
using System;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
static class CheckShellLauncherLicense
|
||||
{
|
||||
const int S_OK = 0;
|
||||
public static bool IsShellLauncherLicenseEnabled()
|
||||
{
|
||||
int enabled = 0;
|
||||
if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
|
||||
enabled = 0;
|
||||
}
|
||||
return (enabled != 0);
|
||||
}
|
||||
static class NativeMethods
|
||||
{
|
||||
[DllImport("Slc.dll")]
|
||||
internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
|
||||
}
|
||||
}
|
||||
"@
|
||||
$type = Add-Type -TypeDefinition $source -PassThru
|
||||
return $type[0]::IsShellLauncherLicenseEnabled()
|
||||
}
|
||||
|
||||
[bool]$result = $false
|
||||
|
||||
$result = Check-ShellLauncherLicenseEnabled
|
||||
"`nShell Launcher license enabled is set to " + $result
|
||||
if (-not($result))
|
||||
{
|
||||
"`nThis device doesn't have required license to use Shell Launcher"
|
||||
exit
|
||||
}
|
||||
|
||||
$COMPUTER = "localhost"
|
||||
$NAMESPACE = "root\standardcimv2\embedded"
|
||||
|
||||
# Create a handle to the class instance so we can call the static methods.
|
||||
try {
|
||||
$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
|
||||
} catch [Exception] {
|
||||
write-host $_.Exception.Message;
|
||||
|
||||
write-host "Make sure Shell Launcher feature is enabled"
|
||||
exit
|
||||
}
|
||||
|
||||
# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
|
||||
|
||||
$Admins_SID = "S-1-5-32-544"
|
||||
|
||||
# Create a function to retrieve the SID for a user account on a machine.
|
||||
|
||||
function Get-UsernameSID($AccountName) {
|
||||
|
||||
$NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
|
||||
$NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
|
||||
|
||||
return $NTUserSID.Value
|
||||
|
||||
}
|
||||
|
||||
# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
|
||||
|
||||
$Cashier_SID = Get-UsernameSID("Cashier")
|
||||
|
||||
# Define actions to take when the shell program exits.
|
||||
|
||||
$restart_shell = 0
|
||||
$restart_device = 1
|
||||
$shutdown_device = 2
|
||||
|
||||
# Examples. You can change these examples to use the program that you want to use as the shell.
|
||||
# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
|
||||
|
||||
$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
|
||||
|
||||
# Display the default shell to verify that it was added correctly.
|
||||
|
||||
$DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
|
||||
|
||||
"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction
|
||||
|
||||
# Set Internet Explorer as the shell for "Cashier", and restart the machine if Internet Explorer is closed.
|
||||
|
||||
$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell)
|
||||
|
||||
# Set Explorer as the shell for administrators.
|
||||
|
||||
$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")
|
||||
|
||||
# View all the custom shells defined.
|
||||
|
||||
"`nCurrent settings for custom shells:"
|
||||
Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
|
||||
|
||||
# Enable Shell Launcher
|
||||
|
||||
$ShellLauncherClass.SetEnabled($TRUE)
|
||||
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
|
||||
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
|
||||
|
||||
# Remove the new custom shells.
|
||||
|
||||
$ShellLauncherClass.RemoveCustomShell($Admins_SID)
|
||||
$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
|
||||
|
||||
# Disable Shell Launcher
|
||||
|
||||
$ShellLauncherClass.SetEnabled($FALSE)
|
||||
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
|
||||
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
|
||||
```
|
||||
|
||||
## default action, custom action, exit code
|
||||
|
||||
@ -247,5 +124,4 @@ To configure these actions with Shell Launcher CSP, use below syntax in the shel
|
||||
<ReturnCodeAction ReturnCode="1" Action="DoNothing"/>
|
||||
</ReturnCodeActions>
|
||||
<DefaultAction Action="RestartDevice"/>
|
||||
|
||||
```
|
||||
|
||||
@ -63,7 +63,7 @@ After the settings are applied, reboot the device. A local user account named `A
|
||||
> [!div class="nextstepaction"]
|
||||
> Learn more how to create a Shell Launcher configuration file:
|
||||
>
|
||||
> [Create a shell launcher configuration file](create-shell-launcher-configuration.md)
|
||||
> [Create a Shell Launcher configuration file](create-shell-launcher-configuration.md)
|
||||
|
||||
<!--links-->
|
||||
|
||||
|
||||
@ -20,11 +20,11 @@ items:
|
||||
- name: Configure devices with Assigned Access
|
||||
href: assigned-access-configure.md
|
||||
- name: Create an Assigned Access configuration file
|
||||
href: create-assigned-access-configuration.md
|
||||
href: assigned-access-configuration-file.md
|
||||
- name: Configure devices with Shell Launcher
|
||||
href: shell-launcher-configure.md
|
||||
- name: Create a Shell Launcher configuration file
|
||||
href: create-shell-launcher-configuration.md
|
||||
href: shell-launcher-configuration-file.md
|
||||
- name: Find the AUMID of an installed app
|
||||
href: find-aumid.md
|
||||
- name: Use Shell Launcher to create a Windows client kiosk
|
||||
|
||||
Reference in New Issue
Block a user