deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Remove assigned access example files

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-02-29 07:40:50 -05:00
parent a9b8c65d0b
commit 8b87782524
33 changed files with 219 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
windows/configuration/assigned-access/shell-launcher/configuration-file.md Normal file
View File

@ -0,0 +1,217 @@
---
title: Create an Shell Launcher configuration file
description: Learn how to create an XML file to configure a device with Shell Launcher.
ms.date: 02/12/2024
ms.topic: how-to
---
# Create an Shell Launcher configuration file
This article provides practical examples of Shell Launcher XML configuration files.
Let's start by looking at the basic structure of the XML file.
- A configuration xml can define one or multiple `Profiles`
- Each profile has a unique `Profile Id` and defines a `Shell` elemnt, which is the application that executes when the user signs in
- A profile can define a default action to be taken when the application exits and may define actions to be taken when the application exits with a specific return code
- A profile must be associated to a user account to have an effect
- You can define a `Default profile` that is used when no other profile is associated to a user account
- A configuration xml can define one or multiple `configs`
- Each config associates a user account to a `profile Id`
- A profile has no effect if it's not associated to a user account
You can start your file by pasting the following XML code into a text editor, and saving the file with an xml extension. For example, `kiosk.xml`.
```xml
<?xml version="1.0" encoding="utf-8" ?>
<ShellLauncherConfiguration
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<!-- Add configuration here as needed -->
</Profiles>
<Configs>
<!-- Add configuration here as needed -->
</Configs>
</ShellLauncherConfiguration>
```
## Profiles node
If you want to define a default profile, you can use the `DefaultProfile` element:
```xml
<Profiles>
<DefaultProfile>
<!-- Add configuration here as needed -->
</DefaultProfile>
</Profiles>
```
Each profile is identified by a unique identifier `Profile Id`, for example:
```xml
<Profiles>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
<!-- Add configuration here as needed -->
</Profile>
</Profiles>
```
### Shell node
The `Shell` node defines the application that executes when the user signs in:
- The `Shell` attribute is the path to the application
- The `V2:AppType` attribute defines the type of application
- The `V2:AllAppsFullScreen` attribute is a boolean value that defines if all applications are executed in full screen
```xml
<Shell Shell="" V2:AppType="" V2:AllAppsFullScreen="">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="" Action=""/>
</ReturnCodeActions>
<DefaultAction Action=""/>
</Shell>
```
```xml
<?xml version="1.0" encoding="utf-8" ?>
<ShellLauncherConfiguration
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell=""/>
</DefaultProfile>
<Profile Id="">
<Shell Shell="" V2:AppType="" V2:AllAppsFullScreen="">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="" Action=""/>
</ReturnCodeActions>
<DefaultAction Action=""/>
</Shell>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount/>
<Profile Id=""/>
</Config>
</Configs>
</ShellLauncherConfiguration>
```
## Default action, custom action, exit code
Shell Launcher defines four actions to handle app exits. You can customize Shell Launcher and use the actions based on different exit code.
| Value | Description |
|--|--|
| 0 | Restart the shell |
| 1 | Restart the device |
| 2 | Shut down the device |
| 3 | Do nothing |
These actions can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
To configure these actions with Shell Launcher CSP, use below syntax in the Shell Launcher configuration xml. You can specify at most four custom actions mapping to four exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
``` xml
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
<ReturnCodeAction ReturnCode="1" Action="DoNothing"/>
</ReturnCodeActions>
<DefaultAction Action="RestartDevice"/>
```
## AllAppsFullScreen
In the XML for Shell Launcher v2, note the **AllAppsFullScreen** attribute. When set to **True**, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to **False** or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode.
### AppType
Allowed values are `Desktop` and `UWP`.
`AllAppsFullScreen` is a boolean value. If true, all applications are executed in full screen. If false...
:::row:::
:::column span="1":::
**Scenario**
:::column-end:::
:::column span="3":::
**Sample Xml**
:::column-end:::
:::row-end:::
:::row:::
:::column span="1":::
**Desktop application**
:::column-end:::
:::column span="3":::
In this example, Microsoft Edge is executed in full screen, opening a website. The website is reloaded after 2 minutes of inactivity.
```xml
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
<Shell Shell="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2" V2:AppType="Desktop" V2:AllAppsFullScreen="true">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
</ReturnCodeActions>
<DefaultAction Action="RestartShell"/>
</Shell>
</Profile>
```
:::column-end:::
:::row-end:::
:::row:::
:::column span="1":::
**UWP application**
In this example, the Weather app is executed in full screen.
:::column-end:::
:::column span="3":::
```xml
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="Microsoft.BingWeather_8wekyb3d8bbwe!App" V2:AppType="UWP">
<DefaultAction Action="RestartShell"/>
</Shell>
</DefaultProfile>
</Profiles>
<Configs/>
</ShellLauncherConfiguration>
```
:::column-end:::
:::row-end:::
## Kiosk example
[!INCLUDE [quickstart-xml](..includes/quickstart-xml.md)]
<!--troubleshooting
Event Viewer
Run "eventvwr.msc"
Navigate to "Applications and Services Logs"
There are 2 areas of your interests:
"Microsoft-Windows-AssignedAccess"
"Microsoft-Windows-AssignedAccessBroker"
Before any repro, it's recommended to enable "Operational" channel to get the most of logs.
TraceLogging
<TBD>
Registry Key
These locations contain the latest Assigned Access Configuration:
HKLM\SOFTWARE\Microsoft\Windows\AssignedAccessConfiguration
HKLM\SOFTWARE\Microsoft\Windows\AssignedAccessCsp
These locations contain the latest "evaluated" configuration for each sign-in user:
"HKCU\SOFTWARE\Microsoft\Windows\AssignedAccessConfiguration" (If it doesn't exist, it means no Assigned Access to be enforced for this user.)
-->

13
windows/configuration/assigned-access/shell-launcher/includes/quickstart-intune.md Normal file
View File

@ -0,0 +1,13 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 02/05/2024
ms.topic: include
---
```msgraph-interactive
POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations
Content-Type: application/json
{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Kiosk - Shell Launcher", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "ShellLauncher", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/ShellLauncher", "secretReferenceValueId": null, "isEncrypted": true, "value": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<ShellLauncherConfiguration\nxmlns=\"http://schemas.microsoft.com/ShellLauncher/2018/Configuration\"\nxmlns:V2=\"http://schemas.microsoft.com/ShellLauncher/2019/Configuration\">\n <Profiles>\n <DefaultProfile>\n <Shell Shell=\"%SystemRoot%\\explorer.exe\"/>\n </DefaultProfile>\n <Profile Id=\"{EDB3036B-780D-487D-A375-69369D8A8F78}\">\n <Shell Shell=\"%ProgramFiles(x86)%\\Microsoft\\Edge\\Application\\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2\" V2:AppType=\"Desktop\" V2:AllAppsFullScreen=\"true\">\n <ReturnCodeActions>\n <ReturnCodeAction ReturnCode=\"0\" Action=\"RestartShell\"/>\n <ReturnCodeAction ReturnCode=\"-1\" Action=\"RestartDevice\"/>\n <ReturnCodeAction ReturnCode=\"255\" Action=\"ShutdownDevice\"/>\n </ReturnCodeActions>\n <DefaultAction Action=\"RestartShell\"/>\n </Shell>\n </Profile>\n </Profiles>\n <Configs>\n <Config>\n <AutoLogonAccount/>\n <Profile Id=\"{EDB3036B-780D-487D-A375-69369D8A8F78}\"/>\n </Config>\n </Configs>\n</ShellLauncherConfiguration>" } ], }
```

43
windows/configuration/assigned-access/shell-launcher/includes/quickstart-ps.md Normal file
View File

@ -0,0 +1,43 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 02/05/2024
ms.topic: include
---
```PowerShell
$shellLauncherConfiguration = @"
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="%SystemRoot%\explorer.exe"/>
</DefaultProfile>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
<Shell Shell="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2" V2:AppType="Desktop" V2:AllAppsFullScreen="true">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
</ReturnCodeActions>
<DefaultAction Action="RestartShell"/>
</Shell>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount/>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}"/>
</Config>
</Configs>
</ShellLauncherConfiguration>
"@
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.ShellLauncher = [System.Net.WebUtility]::HtmlEncode($shellLauncherConfiguration)
$obj = Set-CimInstance -CimInstance $obj
```

35
windows/configuration/assigned-access/shell-launcher/includes/quickstart-xml.md Normal file
View File

@ -0,0 +1,35 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 02/05/2024
ms.topic: include
---
```xml
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="%SystemRoot%\explorer.exe"/>
</DefaultProfile>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
<Shell Shell="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe --kiosk https://www.contoso.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=2" V2:AppType="Desktop" V2:AllAppsFullScreen="true">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
</ReturnCodeActions>
<DefaultAction Action="RestartShell"/>
</Shell>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount/>
<Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}"/>
</Config>
</Configs>
</ShellLauncherConfiguration>
```

50
windows/configuration/assigned-access/shell-launcher/index.md Normal file
View File

@ -0,0 +1,50 @@
---
title: What is Shell Launcher?
description: Learn how to configure devices with Shell Launcher.
ms.date: 05/12/2023
ms.topic: overview
---
# What is Shell Launcher?
Shell Launcher is a Windows feature that you can use to replace the default Windows Explorer shell (`explorer.exe`) with the `CustomShellHost.exe` application. CustomShellHost can launch a Windows desktop application or a UWP app.
Practical examples include:
- Public kiosks
- ATMs
Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components. From a custom shell, you can launch secondary views displayed on multiple monitors, or launch other apps in full screen on user's demand.
Methods of controlling access to other desktop applications and system components can be used with Shell Launcher. These methods include, but are not limited to:
- Configuration Service Provider (CSP): you can use a Mobile Device Management (MDM) solution like Microsoft Intune
- Group policy (GPO)
- [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview)
[!INCLUDE [shell-launcher](../../../..includes/licensing/shell-launcher.md)]
## Limitations
Here are some limitations to consider when using Shell Launcher:
- Windows doesn't support setting a custom shell prior to out-of-box experience OOBE. If you do, you can't deploy the resulting image
- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you can't specify `write.exe` in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. `Write.exe` creates a 32-bit `wordpad.exe` process and exits. Since Shell Launcher is not aware of the newly created `wordpad.exe` process, Shell Launcher will take action based on the exit code of `Write.exe`, such as restarting the custom shell.
## Configure a device with Shell Launcher
[!INCLUDE [tab-intro](../../../..includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
You can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3].
- **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
- **Value:** content of the XML configuration file
#### [:::image type="icon" source="../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
---
Depending on your configuration method, you can have a user to automatically sign in to the device.

71
windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md Normal file
View File

@ -0,0 +1,71 @@
---
title: "Quickstart: configure a kiosk experience with Shell Launcher"
description: Learn how to configure a kiosk experience with Shell Launcher, using Windows Configuration Designer, Microsoft Intune, or PowerShell.
ms.topic: quickstart
ms.date: 02/05/2024
---
# Quickstart: configure a kiosk experience with Shell Launcher
When you configure Windows as a *kiosk* with Shell Launcher, you configure an application to replace the default shell (`explorer.exe`). This is useful for public-facing scenarios, such as a point of sale or a business critical application.
This quickstart provides practical examples of how to configure a kiosk experience on Windows with Shell Launcher. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, and PowerShell. While different solutions are used, the configuration settings and results are the same.
The examples can be modified to fit your specific requirements. For example, you can change the app used, the URL specified when opening Microsoft Edge, or change the name of the user that automatically signs in to Windows.
## Prerequisites
>[!div class="checklist"]
>Here's a list of requirements to complete this quickstart:
>
>- A Windows Enterprise or Education device
>- Microsoft Intune, or a non-Microsoft MDM solution, if you want to configure the settings using MDM
>- Access to the [psexec tool](/sysinternals/downloads/psexec), if you want to test the configuration using Windows PowerShell
## Configure a kiosk device
[!INCLUDE [tab-intro](../../../..includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
> [!TIP]
> Use the following Graph call to automatically create a custom policy in your Microsoft Intune tenant without assignments nor scope tags.
>
> When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires *DeviceManagementConfiguration.ReadWrite.All* permissions.
[!INCLUDE [quickstart-intune](..includes/quickstart-intune.md)]
[!INCLUDE [intune-custom-settings-2](../../../..includes/configure/intune-custom-settings-2.md)]
Alternatively, you can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3].
- **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
- **Value:**
[!INCLUDE [quickstart-xml](..includes/quickstart-xml.md)]
#### [:::image type="icon" source="../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
[!INCLUDE [powershell-wmi-bridge-1](../../../..includes/configure/powershell-wmi-bridge-1.md)]
[!INCLUDE [quickstart-ps](..includes/quickstart-ps.md)]
[!INCLUDE [powershell-wmi-bridge-2](../../../..includes/configure/powershell-wmi-bridge-2.md)]
---
## User experience
After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.
## Next steps
> [!div class="nextstepaction"]
> Learn more how to create a Shell Launcher configuration file:
>
> [Create a Shell Launcher configuration file](create-configuration.md)
<!--links-->
[WIN-3]: /windows/client-management/mdm/assignedaccess-csp
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10

9
windows/configuration/assigned-access/shell-launcher/toc.yml Normal file
View File

@ -0,0 +1,9 @@
items:
- name: What is Shell Launcher?
href: index.md
- name: "Quickstart: Configure a kiosk with Shell Launcher"
href: quickstart-kiosk.md
- name: Create a Shell Launcher configuration file
href: configuration-file.md
- name: Shell Launcher XSD
href: xsd.md

193
windows/configuration/assigned-access/shell-launcher/xsd.md Normal file
View File

@ -0,0 +1,193 @@
---
title: Shell Launcher XML Schema Definition (XSD)
description: Shell Launcher XSD reference article.
ms.topic: reference
ms.date: 02/15/2024
---
# Shell Launcher XML Schema Definition (XSD)
This reference article contains the latest Shell Launcher XML schema definition (XSD) and the XSD additions for each version of Windows.
## Shell Launcher XSD
Here's the latest Shell Launcher XSD, introduced in Windows 11:
```xml
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:default="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:V2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration" targetNamespace="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
<xs:import namespace="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"/>
<xs:complexType name="profile_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="DefaultProfile" type="default_profile_t"/>
<xs:element name="Profile" type="profile_t"/>
</xs:choice>
<xs:element name="Profile" type="profile_t" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="default_profile_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Shell" type="default_shell_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="default_shell_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Shell" type="xs:string" use="required"/>
<xs:attribute ref="V2:AppType"/>
<xs:attribute ref="V2:AllAppsFullScreen"/>
</xs:complexType>
<xs:complexType name="custom_shell_t">
<xs:all minOccurs="1" maxOccurs="1">
<xs:element name="ReturnCodeActions" type="return_code_action_list_t" minOccurs="0" maxOccurs="1">
<xs:unique name="ForbidDuplicatedReturnCodes">
<xs:selector xpath="default:ReturnCodeAction"/>
<xs:field xpath="@ReturnCode"/>
</xs:unique>
</xs:element>
<xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
</xs:all>
<xs:attribute name="Shell" type="xs:string" />
<xs:attribute ref="V2:AppType"/>
<xs:attribute ref="V2:AllAppsFullScreen"/>
</xs:complexType>
<xs:complexType name="default_action_t">
<xs:attribute name="Action" type="system_action_t" use="required"/>
</xs:complexType>
<xs:simpleType name="system_action_t">
<xs:restriction base="xs:string">
<xs:enumeration value="RestartShell" />
<xs:enumeration value="RestartDevice" />
<xs:enumeration value="ShutdownDevice" />
<xs:enumeration value="DoNothing" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="profile_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Shell" type="custom_shell_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Id" type="guid_t" use="required"/>
<xs:attribute name="Name" type="xs:string" use="optional"/>
</xs:complexType>
<xs:simpleType name="guid_t">
<xs:restriction base="xs:string">
<xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="return_code_action_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="ReturnCodeAction" type="return_code_action_t" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="return_code_action_t">
<xs:attribute name="ReturnCode" type="xs:integer" use="required"/>
<xs:attribute name="Action" type="system_action_t" use="required"/>
</xs:complexType>
<xs:complexType name="config_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Config" type="config_t" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="config_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="Account" type="account_t" minOccurs="1" maxOccurs="1">
<xs:key name="mutexNameOrSID">
<xs:selector xpath="."/>
<xs:field xpath="@Name|@Sid"/>
</xs:key>
</xs:element>
<xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
</xs:choice>
<xs:element name="Profile" type="profile_id_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="account_t">
<xs:attribute name="Name" type="xs:string" use="optional"/>
<xs:attribute name="Sid" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="autologon_account_t">
<xs:attribute name="HiddenId" type="guid_t" fixed="{50021E57-1CE4-49DF-99A9-8DB659E2C2DD}"/>
</xs:complexType>
<xs:complexType name="profile_id_t">
<xs:attribute name="Id" type="guid_t" use="required"/>
</xs:complexType>
<!--below is the definition of the config xml content-->
<xs:element name="ShellLauncherConfiguration">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Profiles" type="profile_list_t" minOccurs="1" maxOccurs="1">
<xs:unique name="ForbidDuplicatedProfiles">
<xs:selector xpath="default:Profile"/>
<xs:field xpath="@Id"/>
</xs:unique>
</xs:element>
<xs:element name="Configs" type="config_list_t" minOccurs="0" maxOccurs="1">
<xs:unique name="ForbidDuplicatedConfigs_Name">
<xs:selector xpath="default:Config/default:Account"/>
<xs:field xpath="@Name"/>
</xs:unique>
<xs:unique name="ForbidDuplicatedConfigs_Sid">
<xs:selector xpath="default:Config/default:Account"/>
<xs:field xpath="@Sid"/>
</xs:unique>
<xs:unique name="ForbidDuplicatedAutoLogonAccount">
<xs:selector xpath="default:Config/default:AutoLogonAccount"/>
<xs:field xpath="@HiddenId"/>
</xs:unique>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
```
## Windows 10, version 1903 additions
In Windows 10, version 1903, Shell Launcher introduced the support of both UWP and desktop apps as the custom shell.
Here's the Shell Launcher XSD for the features added in Windows 10, version 1903:
```xml
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"
xmlns:default="http://schemas.microsoft.com/ShellLauncher/2019/Configuration" targetNamespace="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
<xs:attribute name="AppType">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:enumeration value="UWP"/>
<xs:enumeration value="Desktop"/>
</xs:restriction>
</xs:simpleType>
</xs:attribute>
<xs:attribute name="AllAppsFullScreen" type="xs:boolean"/>
</xs:schema>
```