From 939ef5dfb96e14c831a0cbc881c741c345690867 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Thu, 7 Mar 2024 13:15:50 -0500
Subject: [PATCH] Fix typos and update descriptions in Assigned Access
documentation
---
.../assigned-access/configuration-file.md | 22 +++----
.../configuration/assigned-access/examples.md | 4 +-
.../configuration/assigned-access/index.md | 4 +-
.../configuration/assigned-access/overview.md | 58 +++++++++----------
.../assigned-access/policy-settings.md | 6 +-
.../assigned-access/quickstart-kiosk.md | 6 +-
.../quickstart-restricted-user-experience.md | 2 +-
.../shell-launcher/configuration-file.md | 2 +-
.../assigned-access/shell-launcher/index.md | 6 +-
.../shell-launcher/quickstart-kiosk.md | 2 +-
10 files changed, 56 insertions(+), 56 deletions(-)
diff --git a/windows/configuration/assigned-access/configuration-file.md b/windows/configuration/assigned-access/configuration-file.md
index 03ab4317a9..5a96fcc4a4 100644
--- a/windows/configuration/assigned-access/configuration-file.md
+++ b/windows/configuration/assigned-access/configuration-file.md
@@ -90,8 +90,8 @@ A configuration file can contain one or more profiles. Each profile is identifie
A profile can be one of two types:
-- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile don't access the desktop, but only the UWP application or Microsoft Edge running in full-screen above the Lock screen
-- `AllAppList` is used to configure a restricted user experience. Users assigned this profile access the desktop with the specific apps on the Start menu
+- `KioskModeApp`: is used to configure a kiosk experience. Users assigned this profile don't access the desktop, but only the Universal Windows Platform (UWP) application or Microsoft Edge running in full-screen above the Lock screen
+- `AllAppList` is used to configure a restricted user experience. Users assigned this profile, access the desktop with the specific apps on the Start menu
> [!IMPORTANT]
>
@@ -105,7 +105,7 @@ The properties of a `KioskModeApp` profile are:
| Property| Description | Details |
|-|-|-|
|`AppUserModelId`|The Application User Model ID (AUMID) of the UWP app.|Learn how to [Find the Application User Model ID of an installed app](../store/find-aumid.md).|
-|`v4:ClassicAppPath`|The full path to a desktop app executable.|This is the path to the desktop app that will be used in the kiosk mode. The path can contain system environment variables in the form of `%variableName%`.|
+|`v4:ClassicAppPath`|The full path to a desktop app executable.|This is the path to the desktop app used in kiosk mode. The path can contain system environment variables in the form of `%variableName%`.|
|`v4:ClassicAppArguments`|The arguments to be passed to the desktop app.|This property is optional.|
By default, you can use the CTRL+ALT+DEL sequence to exit kiosk mode. You can define a `BreakoutSequence` element to change the default sequence. The `Key` attribute is a string that represents the key combination.
@@ -132,13 +132,13 @@ Based on the purpose of the kiosk device, define the list of applications that a
> [!NOTE]
> If an app has a dependency on another app, both must be included in the allowed apps list.
-Within the `AllAppList` node you define a list of applications that are allowed execute. Each `App` element has the following properties:
+Within the `AllAppList` node, define a list of applications that are allowed execute. Each `App` element has the following properties:
| Property| Description | Details |
|-|-|-|
|`AppUserModelId`|The Application User Model ID (AUMID) of the UWP app.|Learn how to [Find the Application User Model ID of an installed app](../store/find-aumid.md).|
-|`DesktopAppPath`|The full path to a desktop app executable.|This is the path to the desktop app that will be used in the kiosk mode. The path can contain system environment variables in the form of `%variableName%`.|
-|`rs5:AutoLaunch`|A Boolean attribute to indicate whether to launch the app (either desktop or UWP app) automatically when the user signs in.|This property is optional. Only one application is allowed to be auto-launched.|
+|`DesktopAppPath`|The full path to a desktop app executable.|This is the path to the desktop app that used in kiosk mode. The path can contain system environment variables in the form of `%variableName%`.|
+|`rs5:AutoLaunch`|A Boolean attribute to indicate whether to launch the app (either desktop or UWP app) automatically when the user signs in.|This property is optional. Only one application can autolaunch.|
|`rs5:AutoLaunchArguments`|The arguments to be passed to the app that is configured with `AutoLaunch`.|AutoLaunchArguments are passed to the apps as is and the app needs to handle the arguments explicitly. This property is optional.|
Example:
@@ -183,7 +183,7 @@ Here are some practical examples.
#### Block everything
-Either don't use the node or leave it empty
+Either don't use the node or leave it empty.
```xml
@@ -313,9 +313,9 @@ Example with some apps pinned:
::: zone pivot="windows-10"
-You can't pin apps on the taskbar in a restricted user experience, and it's not supported to configure a Taskbar layout using the `` tag in a layout modification XML as part of the Assigned Access configuration.
+You can't pin apps on the taskbar in a restricted user experience. It's not supported to configure a Taskbar layout using the `` tag in a layout modification XML, as part of the Assigned Access configuration.
-The only Taskbar customization available is the possiblity to show or hide it, using the `ShowTaskbar` boolean attribute.
+The only Taskbar customization available is the option to show or hide it, using the `ShowTaskbar` boolean attribute.
The following example exposes the taskbar:
@@ -406,7 +406,7 @@ Limitations:
### AutoLogon account
-With ``, Assigned Access creates and manages an user account to automatically sign in after a device restarts. The account is a local standard user.
+With ``, Assigned Access creates and manages a user account to automatically sign in after a device restarts. The account is a local standard user.
The following example shows how to specify an account to sign in automatically, and the optional display name for the account on the sign-in screen:
@@ -424,7 +424,7 @@ The following example shows how to specify an account to sign in automatically,
### Global profile
-With `GlobalProfile` you can define an Assigned Access profile that is applied to every non-admin account that signs in. This can be useful in scenarios like frontline workers or student devices, where you want to ensure that every user has a consistent experience.
+With `GlobalProfile`, you can define an Assigned Access profile that is applied to every non-admin account that signs in. `GlobalProfile` is useful in scenarios like frontline workers or student devices, where you want to ensure that every user has a consistent experience.
```xml
diff --git a/windows/configuration/assigned-access/examples.md b/windows/configuration/assigned-access/examples.md
index c52a8c8d66..3c0c865d64 100644
--- a/windows/configuration/assigned-access/examples.md
+++ b/windows/configuration/assigned-access/examples.md
@@ -9,7 +9,7 @@ appliesto:
# Assigned Access examples
-This artcile contains examples of XML files to configure a device with Assigned Access. The files can be easily modified to fit your specific needs.
+This article contains examples of XML files to configure a device with Assigned Access. The files can be easily modified to fit your specific needs.
To learn more:
@@ -20,7 +20,7 @@ To learn more:
[!INCLUDE [example-kiosk-edge](includes/example-kiosk-edge.md)]
-## Kiosk experience with UWP app
+## Kiosk experience with Universal Windows Platform (UWP) app
[!INCLUDE [example-kiosk-uwp](includes/example-kiosk-uwp.md)]
diff --git a/windows/configuration/assigned-access/index.md b/windows/configuration/assigned-access/index.md
index f02676086b..d3f11e065f 100644
--- a/windows/configuration/assigned-access/index.md
+++ b/windows/configuration/assigned-access/index.md
@@ -43,7 +43,7 @@ Windows offers two different features to configure a kiosk experience:
This option loads the Windows desktop, but it only allows to run a defined set of applications. When the designated user signs in, the user can only run the apps that are allowed. The Start menu is customized to show only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types. This option is sometimes referred to as *multi-app kiosk*.
-To configure a restricted user experience you use the **Assigned Access** feature.
+To configure a restricted user experience, you use the **Assigned Access** feature.
## Choose the right experience
@@ -51,7 +51,7 @@ When you're considering a kiosk or restricted user experience, you need to choos
| | Question |
|--|--|
-| **🔲** | *How many apps?*
This will determine the experience to build: **kiosk** or **restricted user experience**.|
+| **🔲** | *How many apps?*
The number of apps determines the experience to build: **kiosk** or **restricted user experience**.|
| **🔲** | *Desktop experience or custom?*
If your users require access to the desktop with a custom Start menu, then you can build a **restricted user experience** with **Assigned Access**. If your users require access to multiple applications but with a custom user interface, then you should use **Shell Launcher**.|
| **🔲** | *In single-app scenario, which type of app will your kiosk run?*
If the kiosk requires a Universal Windows Platform (UWP) app or Microsoft Edge, you can build a **kiosk experience** with **Assigned Access**. If the kiosk requires a desktop app, you can build a **kiosk experience** with **Shell Launcher**.|
| **🔲** | *Which edition of Windows client will the kiosk run?"*
**Assigned Access** is supported on Windows Pro and Enterprise/Education. **Shell Launcher** is only supported on Windows Enterprise and Education editions.|
diff --git a/windows/configuration/assigned-access/overview.md b/windows/configuration/assigned-access/overview.md
index 9ad550dd9b..d4773b9a4e 100644
--- a/windows/configuration/assigned-access/overview.md
+++ b/windows/configuration/assigned-access/overview.md
@@ -9,7 +9,7 @@ ms.topic: overview
Assigned Access is a Windows feature that you can use to configure a device as a kiosk or with a restricted user experience.
-When you configure a **kiosk experience**, a single UWP application or Microsoft Edge is executed in full screen, above the lock screen. Users can only use that application. If the kiosk app is closed, it automatically restarts. Practical examples include:
+When you configure a **kiosk experience**, a single Universal Windows Platform (UWP) application or Microsoft Edge is executed in full screen, above the lock screen. Users can only use that application. If the kiosk app is closed, it automatically restarts. Practical examples include:
- Public browsing
- Interactive digital signage
@@ -28,7 +28,7 @@ When you configure a **restricted user experience**, users can only execute a de
Here are the requirements for Assigned Access:
- To use a kiosk experience, [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be enabled
-- You can only use a kiosk experience when signing in from the console. The kiosk experience isn't supported over a remote desktop connection
+- To use a kiosk experience, you must sign in from the console. The kiosk experience isn't supported over a remote desktop connection
[!INCLUDE [assigned-access](../../../includes/licensing/assigned-access.md)]
@@ -144,11 +144,11 @@ Here are the steps to configure a kiosk using the Settings app:
> [Other Users](ms-settings:otherusers)
1. Under **Set up a kiosk**, select **Get Started**
-1. In the **Create an account** dialog, enter the account name and select **Next**
+1. In the **Create an account** dialog, enter the account name, and select **Next**
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
-1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
+1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in
@@ -240,7 +240,7 @@ Write-Output "Successfully applied Assigned Access configuration"
#### [:::image type="icon" source="../images/icons/settings.svg"::: **Settings**](#tab/settings)
-This option is not available using Settings.
+This option isn't available using Settings.
---
@@ -251,12 +251,12 @@ This option is not available using Settings.
To validate the kiosk or restricted user experience, sign in with the user account you specified in the configuration file.
-The Assigned Access configuration takes effect the next time the targeted user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience.
+The Assigned Access configuration takes effect the next time the targeted user signs in. If that user account is signed in when you apply the configuration, sign out and sign back in to validate the experience.
> [!NOTE]
> Starting in Windows 11, a restricted user experience supports the use of multiple monitors.
-### Auto-trigger touch keyboard
+### Autotrigger touch keyboard
The touch keyboard is automatically triggered when there's an input needed and no physical keyboard is attached on touch-enabled devices. You don't need to configure any other setting to enforce this behavior.
@@ -277,28 +277,28 @@ The Breakout Sequence of Ctrl + Alt + Del is th
The following keyboard shortcuts are blocked for the user accounts with Assigned Access:
-| Keyboard shortcut | Action |
-|--|--|
-| Ctrl + Shift + Esc | Open Task Manager |
-| WIN + , (comma) | Temporarily peek at the desktop |
-| WIN + A | Open Action center |
-| WIN + Alt + D | Display and hide the date and time on the desktop |
-| WIN + Ctrl + F | Find computer objects in Active Directory |
-| WIN + D | Display and hide the desktop |
-| WIN + E | Open File Explorer |
-| WIN + F | Open Feedback Hub |
-| WIN + G | Open Game bar when a game is open |
-| WIN + I | Open Settings |
-| WIN + J | Set focus to a Windows tip when one is available |
-| WIN + O | Lock device orientation |
-| WIN + Q | Open search |
-| WIN + R | Open the Run dialog box |
-| WIN + S | Open search |
-| WIN + Shift + C | Open Cortana in listening mode |
-| WIN + X | Open the Quick Link menu |
-| LaunchApp1 | Open the app that is assigned to this key |
-| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator |
-| LaunchMail | Open the default mail client |
+| Keyboard shortcut | Action |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------|
+| Ctrl + Shift + Esc | Open Task Manager |
+| WIN + , (comma) | Temporarily peek at the desktop |
+| WIN + A | Open Action center |
+| WIN + Alt + D | Display and hide the date and time on the desktop |
+| WIN + Ctrl + F | Find computer objects in Active Directory |
+| WIN + D | Display and hide the desktop |
+| WIN + E | Open File Explorer |
+| WIN + F | Open Feedback Hub |
+| WIN + G | Open Game bar when a game is open |
+| WIN + I | Open Settings |
+| WIN + J | Set focus to a Windows tip when one is available |
+| WIN + O | Lock device orientation |
+| WIN + Q | Open search |
+| WIN + R | Open the Run dialog box |
+| WIN + S | Open search |
+| WIN + Shift + C | Open Cortana in listening mode |
+| WIN + X | Open the Quick Link menu |
+| LaunchApp1 | Open the app that is assigned to this key |
+| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator |
+| LaunchMail | Open the default mail client |
## Remove Assigned Access
diff --git a/windows/configuration/assigned-access/policy-settings.md b/windows/configuration/assigned-access/policy-settings.md
index 04094dc2af..c32ee06b8d 100644
--- a/windows/configuration/assigned-access/policy-settings.md
+++ b/windows/configuration/assigned-access/policy-settings.md
@@ -7,7 +7,7 @@ ms.date: 03/04/2024
# Assigned Access policy settings
-When the Assigned Access configuration is applied on a device, certain policy settings and AppLocker rules are enforced, impacting the users accessing the device. The policy settings are appllied using a combination of configuration service provider (CSP) and group policy (GPO) settings.
+When the Assigned Access configuration is applied on a device, certain policy settings and AppLocker rules are enforced, impacting the users accessing the device. The policy settings use a combination of configuration service provider (CSP) and group policy (GPO) settings.
This reference article lists the policy settings and AppLocker rules applied by Assigned Access.
@@ -48,7 +48,7 @@ The following policy settings are applied to any nonadministrator account access
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentJumplists` | Hide recent jumplists from appearing on the Start menu/taskbar |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Clear history of recently opened documents on exit |
-| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notificationss as toast |
+| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notifications as toast |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning items in Jump Lists |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning programs to the Taskbar |
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not display or track items in Jump Lists from remote locations |
@@ -83,7 +83,7 @@ The following policy settings are applied to any nonadministrator account access
When you deploy an Assigned Access restricted user experience, AppLocker rules are generated to allow the apps that are listed in the configuration. Here are the predefined Assigned Access AppLocker rules:
-### UWP app rules
+### Universal Windows Platform (UWP) app rules
1. The default rule is to allow all users to launch the signed *packaged apps*
1. The packaged app *deny list* is generated at runtime when the Assigned Access user signs in:
diff --git a/windows/configuration/assigned-access/quickstart-kiosk.md b/windows/configuration/assigned-access/quickstart-kiosk.md
index 2e6357c244..db9b0e603c 100644
--- a/windows/configuration/assigned-access/quickstart-kiosk.md
+++ b/windows/configuration/assigned-access/quickstart-kiosk.md
@@ -1,6 +1,6 @@
---
title: "Quickstart: Configure a kiosk experience with Assigned Access"
-description: Learn how to configure a kiosk experience with Assigned Access, using Windows Configuration Designer, Microsoft Intune, PowerShell or GPO.
+description: Learn how to configure a kiosk experience with Assigned Access using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO).
ms.topic: quickstart
ms.date: 03/04/2024
---
@@ -75,11 +75,11 @@ Here are the steps to configure a kiosk using the Settings app:
> [Other Users](ms-settings:otherusers)
1. Under **Set up a kiosk**, select **Get Started**
-1. In the **Create an account** dialog, enter the account name and select **Next**
+1. In the **Create an account** dialog, enter the account name, and select **Next**
>[!NOTE]
>If there are any local standard user accounts already, the **Create an account** dialog offers the option to **Choose an existing account**
-1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
+1. Choose the application to run when the kiosk account signs in. Only apps that can run above the lock screen are available in the list of apps to choose from. If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be open when the kiosk accounts signs in
diff --git a/windows/configuration/assigned-access/quickstart-restricted-user-experience.md b/windows/configuration/assigned-access/quickstart-restricted-user-experience.md
index e63464a50a..63c64b0177 100644
--- a/windows/configuration/assigned-access/quickstart-restricted-user-experience.md
+++ b/windows/configuration/assigned-access/quickstart-restricted-user-experience.md
@@ -1,6 +1,6 @@
---
title: "Quickstart: Configure a restricted user experience with Assigned Access"
-description: Learn how to configure a restricted user experience using Windows Configuration Designer, Microsoft Intune, PowerShell or GPO.
+description: Learn how to configure a restricted user experience with Assigned Access using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO).
ms.topic: quickstart
ms.date: 03/04/2024
appliesto:
diff --git a/windows/configuration/assigned-access/shell-launcher/configuration-file.md b/windows/configuration/assigned-access/shell-launcher/configuration-file.md
index 5c0502b1de..2dba54c2c4 100644
--- a/windows/configuration/assigned-access/shell-launcher/configuration-file.md
+++ b/windows/configuration/assigned-access/shell-launcher/configuration-file.md
@@ -220,7 +220,7 @@ Microsoft Entra accounts must be specified with the format: `AzureAD\{UPN}`. `Az
When the user account signs in, the associated Shell Launcher profile is applied, loading the application specified in the profile.
-### Auto logon account
+### Autologon account
With ``, Shell Launcher creates and manages a user account to automatically sign in after a device restarts. The account is a local standard user named `Kiosk`.
diff --git a/windows/configuration/assigned-access/shell-launcher/index.md b/windows/configuration/assigned-access/shell-launcher/index.md
index 04ee225ba3..d15947fe60 100644
--- a/windows/configuration/assigned-access/shell-launcher/index.md
+++ b/windows/configuration/assigned-access/shell-launcher/index.md
@@ -17,7 +17,7 @@ Practical examples include:
Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components. From a custom shell, you can launch secondary views displayed on multiple monitors, or launch other apps in full screen on user's demand.
-With Shell Launcher you can use features and methods to control access to other applications or system components. These methods include, but are not limited to:
+With Shell Launcher, you can use features and methods to control access to other applications or system components. These methods include, but aren't limited to:
- Configuration Service Provider (CSP): you can use a Mobile Device Management (MDM) solution like Microsoft Intune
- Group policy (GPO)
@@ -31,8 +31,8 @@ Shell Launcher is part of the [Assigned Access](../overview.md) feature, which a
Here are some limitations to consider when using Shell Launcher:
-- Windows doesn't support setting a custom shell prior to out-of-box experience (OOBE). If you do, you can't deploy the resulting image
-- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you can't specify `write.exe` in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. `Write.exe` creates a 32-bit `wordpad.exe` process and exits. Since Shell Launcher is not aware of the newly created `wordpad.exe` process, Shell Launcher will take action based on the exit code of `Write.exe`, such as restarting the custom shell
+- Windows doesn't support setting a custom shell before the out-of-box experience (OOBE). If you do, you can't deploy the resulting image
+- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you can't specify `write.exe` in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. `Write.exe` creates a 32-bit `wordpad.exe` process and exits. Since Shell Launcher isn't aware of the newly created `wordpad.exe` process, Shell Launcher takes action based on the exit code of `Write.exe`, such as restarting the custom shell
## Configure a device with Shell Launcher
diff --git a/windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md b/windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md
index e8426ba1d7..f217d88363 100644
--- a/windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md
+++ b/windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md
@@ -1,6 +1,6 @@
---
title: "Quickstart: configure a kiosk experience with Shell Launcher"
-description: Learn how to configure a kiosk experience with Shell Launcher, using Windows Configuration Designer, Microsoft Intune, or PowerShell.
+description: Learn how to configure a kiosk experience with Shell Launcher, using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO).
ms.topic: quickstart
ms.date: 02/05/2024
---