deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

reference article update

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-02-25 11:07:32 -05:00
parent 5a99d6c47e
commit 81fbc127f9
4 changed files with 80 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/configuration/assigned-access/assigned-access-xsd.md
View File

@ -9,9 +9,9 @@ ms.date: 02/15/2024
This reference article contains the latest Assigned Access XML schema definition (XSD) and the XSD additions for each version of Windows. This reference article contains the latest Assigned Access XML schema definition (XSD) and the XSD additions for each version of Windows.
## Windows 11 ## Assigned Access XSD
The following is the XSD for Assigned Access in Windows 11: The following is the latest Assigned Access XSD, introduced in Windows 11:
```xml ```xml
<xs:schema <xs:schema

9
windows/configuration/assigned-access/create-assigned-access-configuration.md
View File

@ -244,12 +244,17 @@ Add your pinnedList JSON into the StartPins tag in your XML file.
</v5:StartPins> </v5:StartPins>
``` ```
### TaskbarLayout node
::: zone-end ::: zone-end
> [!NOTE] > [!NOTE]
> If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen. > If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
#### Taskbar ::: zone pivot="windows-10"
### Taskbar
Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled All-In-One kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled All-In-One kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
@ -264,6 +269,8 @@ The following example hides the taskbar:
> [!NOTE] > [!NOTE]
> This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. > This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
::: zone-end
### KioskModeApp ### KioskModeApp
**KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML. **KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML.

132
windows/configuration/assigned-access/kiosk-policies.md
View File

@ -2,87 +2,79 @@
title: Policy settings enforced by Assigned Access title: Policy settings enforced by Assigned Access
description: Learn about the policy settings enforced on a device configured with Assigned Access. description: Learn about the policy settings enforced on a device configured with Assigned Access.
ms.topic: reference ms.topic: reference
ms.date: 02/26/2024 ms.date: 02/25/2024
--- ---
# Policy settings enforced by Assigned Access # Policy settings enforced by Assigned Access
When the Assigned Access configuration is applied on a device, certain policy settings are enforced, impacting other users using the device. When the Assigned Access configuration is applied on a device, certain policy settings are enforced, impacting other users using the device. The policy settings are appllied using a combination of configuration service provider (CSP) and group policy (GPO) settings.
This reference article lists the policy settings applied by Assigned Access. This reference article lists the policy settings applied by Assigned Access.
## Group policy
The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Microsoft Entra users.
| Setting | Value |
|--|--|
| Remove Pinned programs from the taskbar | Enabled |
| Turn off toast notifications | Enabled |
| Remove Task Manager | Enabled |
| Remove Change Password option in Security Options UI | Enabled |
| Remove Sign Out option in Security Options UI | Enabled |
| Prevent access to drives from My Computer | Enabled - Restrict all drives |
>[!NOTE] >[!NOTE]
>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics. >It's not recommended to configure policy settings enforced by Assigned Access to different values using other channels. Assigned Access is optimized to provide a locked-down experience.
## MDM policy ## Device policy settings
Start/AllowPinnedFolderDocuments The following settings are applied at the device level. Any user accessing the device is subject to the policy settings, including administrator accounts.
Start/AllowPinnedFolderDownloads
Start/AllowPinnedFolderFileExplorer
Start/AllowPinnedFolderHomeGroup
Start/AllowPinnedFolderMusic
Start/AllowPinnedFolderNetwork
Start/AllowPinnedFolderPersonalFolder
Start/AllowPinnedFolderPictures
Start/AllowPinnedFolderSettings
Start/AllowPinnedFolderVideos
Start/DisableContextMenus
Start/HidePeopleBar (hide)
Start/HideChangeAccountSettings (hide)
AllowWindowsInkWorkspace (disabled and the feature is turned off)
StartLayout
DontDisplayNetworkSelectionUI
<!-- | Type | Path | Name/Description |
## Start Menu |------|----------------------------------------------------------------------------|---------------------------------------------------------------------------|
| CSP | `./Vendor/MSFT/Policy/Config/Experience/AllowCortana` | Disable Cortana |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDocuments` | Disable Start documents icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDownloads` | Disable Start downloads icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderFileExplorer` | Disable Start file explorer icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderHomeGroup` | Disable Start home group icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderMusic` | Disable Start music icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderNetwork` | Disable Start network icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderPersonalFolder` | Disable Start personal folder icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderPictures` | Disable Start pictures icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderSettings` | Disable Start settings icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderVideos` | Disable Start videos icon policy |
| CSP | `./Vendor/MSFT/Policy/Config/Start/HideChangeAccountSettings` | Hide *Change account settings* from appearing in the user tile |
| CSP | `./Vendor/MSFT/Policy/Config/Update/SetAutoRestartNotificationDisable` | Hides all update notifications |
| CSP | `./Vendor/MSFT/Policy/Config/Update/UpdateNotificationLevel` | Disables auto restart notifications for updates |
| CSP | `./Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace` | Access to ink workspace is disabled |
| CSP | `./Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI` | Hide networks UI on the logon screen, as well as on "security options" UI |
*Remove access to the context menus for the task bar ## User policy settings
*Clear history of recently opened documents on exit
*Prevent users from customizing their Start Screen
*Prevent users from uninstalling applications from Start
*Remove All Programs list from the Start menu
*Remove Run menu from Start Menu
## Desktop The following policy settings are applied to any nonadministrator accessing the device:
Hide and disable all items on the desktop | Type | Path | Name/Description |
|------|----------------------------------------------------------------------------------|-------------------------------------------------------------------|
## Task bar | CSP | `./User/Vendor/MSFT/Policy/Config/Start/DisableContextMenus` | Disable Context Menu for Start menu apps |
| CSP | `./User/Vendor/MSFT/Policy/Config/Start/HidePeopleBar` | Hide People Bar from appearing on taskbar |
*Disable showing balloon notificationss as toast | CSP | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
*Do not allow pinning items in Jump Lists | CSP | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentJumplists` | Hide recent jumplists from appearing on the Start menu/taskbar |
*Do not allow pinning programs to the Taskbar | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Clear history of recently opened documents on exit |
*Do not display or track items in Jump Lists from remote locations | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notificationss as toast |
*Remove Notification Center | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning items in Jump Lists |
*Remove Control Center (What is it? is it action center perhaps?) | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning programs to the Taskbar |
*Lock all Taskbar settings | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not display or track items in Jump Lists from remote locations |
*Lock the Taskbar | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide and disable all items on the desktop |
*Prevent users from adding or removing toolbars | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide the Task View button |
**Prevent users from moving taskbar to another screen dock location | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock all taskbar settings |
**Prevent users from rearranging toolbars | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock the Taskbar |
*Prevent users from resizing the taskbar | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from adding or removing toolbars |
*Remove frequent programs list from the Start Menu | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from customizing their Start Screen |
*Remove the Security and Maintenance icon | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from moving taskbar to another screen dock location |
*Turn off all balloon notifications | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from rearranging toolbars |
*Turn off feature advertisement balloon notifications | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from resizing the taskbar |
**Hide the Task View button | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from uninstalling applications from Start |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove access to the context menus for the task bar |
--> | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove All Programs list from the Start menu |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Control Center |
>[!NOTE] | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove frequent programs list from the Start Menu |
>It's not recommended to configure policy settings enforced by Assigned Access to different values using other channels. Assigned Access is optimized to provide a locked-down experience. | GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Notification and Action Center |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Quick Settings |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove Run menu from Start Menu |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Remove the Security and Maintenance icon |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Turn off all balloon notifications |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar | Turn off feature advertisement balloon notifications |
| GPO | User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications | Turn off toast notifications |
| GPO | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Change Password |
| GPO | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Logoff |
| GPO | User Configuration\Administrative Templates\System\Ctrl+Alt+Del Options | Remove Task Manager |
| GPO | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove *Map network drive* and *Disconnect Network Drive* |
| GPO | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove File Explorer's default context menu |

10
windows/configuration/assigned-access/shell-launcher-xsd.md
View File

@ -7,10 +7,12 @@ ms.date: 02/15/2024
# Shell Launcher XML Schema Definition (XSD) # Shell Launcher XML Schema Definition (XSD)
This reference article contains the XML schema definitions (XSD) for Shell Launcher and Shell Launcher v2. This reference article contains the latest Shell Launcher XML schema definition (XSD) and the XSD additions for each version of Windows.
## Shell Launcher XSD ## Shell Launcher XSD
The following is the latest Shell Launcher XSD:
```xml ```xml
<xs:schema <xs:schema
elementFormDefault="qualified" elementFormDefault="qualified"
@ -163,7 +165,11 @@ This reference article contains the XML schema definitions (XSD) for Shell Launc
</xs:schema> </xs:schema>
``` ```
## Shell Launcher v2 XSD ## Windows 10, version 1903 additions
In Windows 10, version 1903, Shell Launcher introduced the support of both UWP and Win32 apps as the custom shell.
The following is the XSD for Shell Launcher features added in Windows 10, version 1903:
```xml ```xml
<xs:schema <xs:schema