deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Delete unused kiosk images and update kiosk setup documentation

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-01-25 17:41:19 -05:00
parent e918590383
commit 6002f441e7
11 changed files with 55 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/configuration/kiosk/images/kiosk-desktop.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

BIN
windows/configuration/kiosk/images/kiosk-fullscreen.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/configuration/kiosk/images/kiosk.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.3 KiB

BIN
windows/configuration/kiosk/images/office-logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.5 KiB

BIN
windows/configuration/kiosk/images/user.PNG
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.3 KiB

BIN
windows/configuration/kiosk/images/windows.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 631 B

1
windows/configuration/kiosk/kiosk-additional-reference.md
View File

@ -1,7 +1,6 @@
---
title: More kiosk methods and reference information (Windows 10/11)
description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
ms.topic: reference
ms.date: 12/31/2017
---

93
windows/configuration/kiosk/kiosk-methods.md
View File

@ -1,57 +1,33 @@
---
title: Configure kiosks and digital signs on Windows 10/11 desktop editions
description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
ms.topic: article
ms.date: 12/31/2017
---
# Configure kiosks and digital signs on Windows desktop editions
>[!WARNING]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Organization may want to set up special purpose devices, such as a device in the lobby that customers can use to view product catalogs, or a device displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
- Single-app kiosk: runs a single Universal Windows Platform (UWP) application in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically. If the kiosk app is closed, it will automatically restart
- Multi-app kiosk: runs one or more applications from the desktop. People using the kiosk see a customized Start menu that shows only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types
- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user signs in. This type of single-app kiosk doesn't run above the lock screen.
A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.
![Illustration of a full-screen kiosk experience that runs one app on a Windows client device.](images/kiosk-fullscreen.png)
- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types.
A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)
A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user.
There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
- **Which type of app will your kiosk run?**
![icon that represents apps.](images/office-logo.png)
Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
- **Which type of kiosk do you need?**
![icon that represents a kiosk.](images/kiosk.png)
If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk.
If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk
- **Which edition of Windows client will the kiosk run?**
![icon that represents Windows.](images/windows.png)
All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home
- **Which type of user account will be the kiosk account?**
![icon that represents a user account.](images/user.png)
The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method
>[!IMPORTANT]
>Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
@ -60,42 +36,41 @@ There are several kiosk configuration methods that you can choose from, dependin
## Methods for a single-app kiosk running a UWP app
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
[Assigned access in Settings](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user
[Assigned access cmdlets](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user
[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
| You can use this method | For this edition | For this kiosk account type |
|--|--|--|
| [Assigned access in Settings](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
| [Assigned access cmdlets](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
| [Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
## Methods for a single-app kiosk running a Windows desktop application
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
| You can use this method | For this edition | For this kiosk account type |
|--|--|--|
| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
| [Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
## Methods for a multi-app kiosk
You can use this method | For this edition | For this kiosk account type
--- | --- | ---
[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID
[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
| You can use this method | For this edition | For this kiosk account type |
|--|--|--|
| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
| [Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID |
| [MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
## Summary of kiosk configuration methods
Method | App type | Account type | Single-app kiosk | Multi-app kiosk
--- | --- | --- | :---: | :---:
[Assigned access in Settings](kiosk-single-app.md) | UWP | Local account | ✅ |
[Assigned access cmdlets](kiosk-single-app.md) | UWP | Local account | ✅ |
[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ | ✅
Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✅ | ✅
[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✅
| Method | App type | Account type | Single-app kiosk | Multi-app kiosk |
|--|--|--|:-:|:-:|
| [Assigned access in Settings](kiosk-single-app.md) | UWP | Local account | ✅ |
| [Assigned access cmdlets](kiosk-single-app.md) | UWP | Local account | ✅ |
| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ | ✅ |
| Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✅ | ✅ |
| [Shell Launcher](kiosk-shelllauncher.md) | Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
| [MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✅ |
>[!NOTE]
>For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.

43
windows/configuration/kiosk/kiosk-prepare.md
View File

@ -1,7 +1,6 @@
---
title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
ms.topic: article
ms.date: 12/31/2017
---
@ -29,7 +28,6 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Hide update notifications**. Starting with Windows 10 version 1809, you can hide notifications from showing on the devices. To enable this feature, you have the following options:
- **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
- **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
- **Use the registry**:
@ -168,27 +166,16 @@ For a more secure kiosk experience, we recommend that you make the following con
- `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
- **Disable removable media**: To enable this feature, you have the following options:
- **Use Group policy**: `Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions`. Review the available settings that apply to your situation.
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
- **Use an MDM provider**: In Intune, you have the following options:
- [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
- [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
- `\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
When looking at settings, check the supported OS for each setting to make sure it applies.
- [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
- `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
## Enable logging
@ -207,7 +194,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
> [!TIP]
> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
**How to edit the registry to have an account sign in automatically**
How to edit the registry to have an account sign in automatically:
1. Open Registry Editor (regedit.exe).
@ -216,14 +203,12 @@ You may also want to set up **automatic logon** for your kiosk device. When your
1. Go to
**HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\Windows NT\CurrentVersion\Winlogon**
**HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon**
1. Set the values for the following keys.
- *AutoAdminLogon*: set value as **1**.
- *DefaultUserName*: set value as the account that you want signed in.
- *DefaultPassword*: set value as the password for the account.
> [!NOTE]
@ -255,18 +240,18 @@ The following table describes some features that have interoperability issues we
- **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
Alt + F4, Alt + Shift + Tab, Alt + Tab aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
<kbd>Alt</kbd> + <kbd>F4</kbd>, <kbd>Alt</kbd> + <kbd>Shift</kbd> + <kbd>Tab</kbd>, <kbd>Alt</kbd> + <kbd>Tab</kbd> aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
| Key combination | Blocked behavior for assigned access users |
| --- | --- |
| Alt + Esc | Cycle through items in the reverse order from which they were opened. |
| Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
| Ctrl + Esc | Open the Start screen. |
| Ctrl + F4 | Close the window. |
| Ctrl + Shift + Esc | Open Task Manager. |
| Ctrl + Tab | Switch windows within the application currently open. |
| <kbd>Alt</kbd> + <kbd>Esc</kbd> | Cycle through items in the reverse order from which they were opened. |
| <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Esc</kbd> | Cycle through items in the reverse order from which they were opened. |
| <kbd>Ctrl</kbd> + <kbd>Esc</kbd> | Open the Start screen. |
| <kbd>Ctrl</kbd> + <kbd>F4</kbd> | Close the window. |
| <kbd>Ctrl</kbd> + <kbd>Shift</kbd + <kbd>Esc</kbd> | Open Task Manager. |
| <kbd>Ctrl</kbd> + <kbd>Tab</kbd> | Switch windows within the application currently open. |
| LaunchApp1 | Open the app that is assigned to this key. |
| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator. |
| LaunchMail | Open the default mail client. |
@ -275,24 +260,16 @@ The following table describes some features that have interoperability issues we
Keyboard Filter settings apply to other standard accounts.
- **Key sequences blocked by [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)**: If Keyboard Filter is turned ON, then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).
[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user can't turn off the device when it's in assigned access.
For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including users with assigned access.
For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
- **WEDL_AssignedAccess class**: You can use this class to configure and manage basic lockdown features for assigned access. It's recommended to you use the Windows PowerShell cmdlets instead.
If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
- **Welcome Screen**: Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
## Testing your kiosk in a virtual machine (VM)

53
windows/configuration/kiosk/kiosk-shelllauncher.md
View File

@ -1,7 +1,6 @@
---
title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
ms.topic: article
ms.date: 12/31/2017
---
@ -12,7 +11,6 @@ Using Shell Launcher, you can configure a device that runs an application as the
>[!NOTE]
>Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
>
>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
@ -28,6 +26,7 @@ Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe`
Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app.
In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
- You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**.
- From a custom UWP shell, you can launch secondary views and run on multiple monitors.
- The custom shell app runs in full screen, and can run other apps in full screen on user's demand.
@ -37,12 +36,11 @@ For sample XML configurations for the different app combinations, see [Samples f
## Requirements
>[!WARNING]
>- Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
>
>- Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
- A domain, Microsoft Entra ID, or local user account.
- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
[See the technical reference for the shell launcher component.](/windows-hardware/customize/enterprise/shell-launcher)
@ -54,9 +52,7 @@ To set a custom shell, you first turn on the Shell Launcher feature, and then yo
**To turn on Shell Launcher in Windows features**
1. Go to Control Panel &gt; **Programs and features** &gt; **Turn Windows features on or off**.
1. Expand **Device Lockdown**.
1. Select **Shell Launcher** and **OK**.
Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.
@ -80,19 +76,12 @@ The following XML sample works for **Shell Launcher v1**:
```xml
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
<Profiles>
<Profile ID="{24A7309204F3F-44CC-8375-53F13FE213F7}">
<Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com" />
</Profile>
</Profiles>
<Configs>
<!--local account-->
<Account Name="ShellLauncherUser"/>
@ -105,27 +94,16 @@ For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying th
```xml
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="ShellLauncherV2DemoUwp_5d7tap497jwe8!App" v2:AppType="UWP" v2:AllAppsFullScreen="true">
<DefaultAction Action="RestartShell"/>
</Shell>
</DefaultProfile>
</Profiles>
<Configs/>
</ShellLauncherConfiguration>
```
@ -163,29 +141,22 @@ using System.Runtime.InteropServices;
static class CheckShellLauncherLicense
{
const int S_OK = 0;
public static bool IsShellLauncherLicenseEnabled()
{
int enabled = 0;
if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
enabled = 0;
}
return (enabled != 0);
}
static class NativeMethods
{
[DllImport("Slc.dll")]
internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
}
}
"@
$type = Add-Type -TypeDefinition $source -PassThru
return $type[0]::IsShellLauncherLicenseEnabled()
}
@ -238,7 +209,6 @@ $restart_device = 1
$shutdown_device = 2
# Examples. You can change these examples to use the program that you want to use as the shell.
# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
@ -265,39 +235,36 @@ Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting
# Enable Shell Launcher
$ShellLauncherClass.SetEnabled($TRUE)
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
# Remove the new custom shells.
$ShellLauncherClass.RemoveCustomShell($Admins_SID)
$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
# Disable Shell Launcher
$ShellLauncherClass.SetEnabled($FALSE)
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
```
## default action, custom action, exit code
Shell launcher defines four actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
Value|Description
--- | ---
0|Restart the shell
1|Restart the device
2|Shut down the device
3|Do nothing
| Value | Description |
|--|--|
| 0 | Restart the shell |
| 1 | Restart the device |
| 2 | Shut down the device |
| 3 | Do nothing |
These actions can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
To configure these actions with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most four custom actions mapping to four exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
``` xml
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>

3
windows/configuration/kiosk/setup-digital-signage.md
View File

@ -22,7 +22,6 @@ Kiosk Browser must be downloaded for offline licensing using Microsoft Store for
This procedure explains how to configure digital signage using Kiosk Browser on a device running Windows client that has already been set up (completed the first-run experience).
1. [Get **Kiosk Browser** in Microsoft Store for Business with offline, unencoded license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
1. [Download the **Kiosk Browser** package, license file, and all required frameworks.](/microsoft-store/distribute-offline-apps#download-an-offline-licensed-app)
1. [Install Windows Configuration Designer.](~/provisioning-packages/provisioning-install-icd.md)
1. Open Windows Configuration Designer and select **Provision kiosk devices**.
@ -30,7 +29,6 @@ This procedure explains how to configure digital signage using Kiosk Browser on
1. On **Set up device**, select **Disabled**, and select **Next**.
1. On **Set up network**, enable network setup:
- Toggle **On** wireless network connectivity.
- Enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
1. On **Account management**, select **Disabled**, and select **Next**.
1. On **Add applications**, select **Add an application**:
@ -46,7 +44,6 @@ This procedure explains how to configure digital signage using Kiosk Browser on
- For **App type**, select **Universal Windows App**.
- In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
1. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**.
1. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu:
- In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.
- In **BlockedUrl**, enter `*`.