diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index 3223550a4b..f46d83dd4b 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -152,107 +152,107 @@ The **Set up School PCs** app produces a specialized provisioning package that m
Specify the system sleep timeout (on battery) | 1 hour |
- | Turn off hybrid sleep (plugged in) | Enabled |
+
| Turn off hybrid sleep (plugged in) | Enabled |
- | Turn off hybrid sleep (on battery) | Enabled |
+
| Turn off hybrid sleep (on battery) | Enabled |
- | Specify the unattended sleep timeout (plugged in) | 1 hour |
+
| Specify the unattended sleep timeout (plugged in) | 1 hour |
- | Specify the unattended sleep timeout (on battery) | 1 hour |
+
| Specify the unattended sleep timeout (on battery) | 1 hour |
- | Allow standby states (S1-S3) when sleeping (plugged in) | Enabled |
+
| Allow standby states (S1-S3) when sleeping (plugged in) | Enabled |
- | Allow standby states (S1-S3) when sleeping (on battery) | Enabled |
+
| Allow standby states (S1-S3) when sleeping (on battery) | Enabled |
- | Specify the system hibernate timeout (plugged in) | Enabled, 0 |
+
| Specify the system hibernate timeout (plugged in) | Enabled, 0 |
- | Specify the system hibernate timeout (on battery) | Enabled, 0 |
+
| Specify the system hibernate timeout (on battery) | Enabled, 0 |
- | Admin Templates > System > Power Management > Video and Display Settings |
- | Turn off the display (plugged in) | 1 hour |
+
| Admin Templates>System>Power Management>Video and Display Settings |
+ | Turn off the display (plugged in) | 1 hour |
- | Turn off the display (on battery | 1 hour |
+
| Turn off the display (on battery | 1 hour |
- | Admin Templates > System > Logon |
+
| Admin Templates>System>Logon |
- | Show first sign-in animation | Disabled |
+
| Show first sign-in animation | Disabled |
- | Hide entry points for Fast User Switching | Enabled |
+
| Hide entry points for Fast User Switching | Enabled |
- | Turn on convenience PIN sign-in | Disabled |
+
| Turn on convenience PIN sign-in | Disabled |
- | Turn off picture password sign-in | Enabled |
+
| Turn off picture password sign-in | Enabled |
- | Turn off app notification on the lock screen | Enabled |
+
| Turn off app notification on the lock screen | Enabled |
- | Allow users to select when a password is required when resuming from connected standby | Disabled |
+
| Allow users to select when a password is required when resuming from connected standby | Disabled |
- | Block user from showing account details on sign-in | Enabled |
+
| Block user from showing account details on sign-in | Enabled |
- | Admin Templates > System > User Profiles |
+
| Admin Templates>System>User Profiles |
- | Turn off the advertising ID | Enabled |
+
| Turn off the advertising ID | Enabled |
- | Admin Templates > Windows Components |
+
| Admin Templates>Windows Components |
- | Do not show Windows Tips | Enabled |
+
| Do not show Windows Tips | Enabled |
- | Turn off Microsoft consumer experiences | Enabled |
+
| Turn off Microsoft consumer experiences | Enabled |
- | Microsoft Passport for Work | Disabled |
+
| Microsoft Passport for Work | Disabled |
- | Prevent the usage of OneDrive for file storage | Enabled |
+
| Prevent the usage of OneDrive for file storage | Enabled |
- | Admin Templates > Windows Components > Biometrics |
+
| Admin Templates>Windows Components>Biometrics |
- | Allow the use of biometrics | Disabled |
+
| Allow the use of biometrics | Disabled |
- | Allow users to log on using biometrics | Disabled |
+
| Allow users to log on using biometrics | Disabled |
- | Allow domain users to log on using biometrics | Disabled |
+
| Allow domain users to log on using biometrics | Disabled |
- | Admin Templates > Windows Components > Data Collection and Preview Builds |
+
| Admin Templates>Windows Components>Data Collection and Preview Builds |
- | Toggle user control over Insider builds | Disabled |
+
| Toggle user control over Insider builds | Disabled |
- | Disable pre-release features or settings | Disabled |
+
| Disable pre-release features or settings | Disabled |
- | Do not show feedback notifications | Enabled |
+
| Do not show feedback notifications | Enabled |
- | Admin Templates > Windows Components > File Explorer |
+
| Admin Templates > Windows Components > File Explorer |
- | Show lock in the user tile menu | Disabled |
+
| Show lock in the user tile menu | Disabled |
- | Admin Templates > Windows Components > Maintenance Scheduler |
+
| Admin Templates > Windows Components > Maintenance Scheduler |
- | Automatic Maintenance Activation Boundary | 12am |
+
| Automatic Maintenance Activation Boundary | 12am |
- | Automatic Maintenance Random Delay | Enabled, 2 hours |
+
| Automatic Maintenance Random Delay | Enabled, 2 hours |
- | Automatic Maintenance WakeUp Policy | Enabled |
+
| Automatic Maintenance WakeUp Policy | Enabled |
- | Admin Templates > Windows Components > Microsoft Edge |
+
| Admin Templates > Windows Components > Microsoft Edge |
- | Open a new tab with an empty tab | Disabled |
+
| Open a new tab with an empty tab | Disabled |
- | Configure corporate home pages | Enabled, about:blank |
+
| Configure corporate home pages | Enabled, about:blank |
- | Admin Templates > Windows Components > Search |
+
| Admin Templates > Windows Components > Search |
- | Allow Cortana | Disabled |
+
| Allow Cortana | Disabled |
- | Windows Settings > Security Settings > Local Policies > Security Options |
+
| Windows Settings > Security Settings > Local Policies > Security Options |
- | Interactive logon: Do not display last user name | Enabled |
+
| Interactive logon: Do not display last user name | Enabled |
- | Interactive logon: Sign-in last interactive user automatically after a system-initiated restart | Disabled |
+
| Interactive logon: Sign-in last interactive user automatically after a system-initiated restart | Disabled |
- | Shutdown: Allow system to be shut down without having to log on | Disabled |
+
| Shutdown: Allow system to be shut down without having to log on | Disabled |
- | User Account Control: Behavior of the elevation prompt for standard users | Auto deny |
+
| User Account Control: Behavior of the elevation prompt for standard users | Auto deny |
-
+
## Related topics
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 5bdd320fd8..603af6fbde 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -12,6 +12,12 @@ author: jdeckerMS
This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## June 2016
+
+| New or changed topic | Description |
+| ---|---|
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the sample script for Shell Launcher. |
+
## May 2016
| New or changed topic | Description |
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index 2c481fd829..382809735a 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -289,76 +289,84 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici
Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
```
- $COMPUTER = “localhost”
- $NAMESPACE = “root\standardcimv2\embedded”
+$COMPUTER = "localhost"
+$NAMESPACE = "root\standardcimv2\embedded"
- # Create a handle to the class instance so we can call the static methods.
- $ShellLauncherClass = [wmiclass]”\\$COMPUTER\${NAMESPACE}:WESL_UserSetting”
+# Create a handle to the class instance so we can call the static methods.
+$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
- # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
+# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
- $Admins_SID = “S-1-5-32-544”
+$Admins_SID = "S-1-5-32-544"
- # Create a function to retrieve the SID for a user account on a machine.
+# Create a function to retrieve the SID for a user account on a machine.
- function Get-UsernameSID($AccountName) {
+function Get-UsernameSID($AccountName) {
+
+ $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
+ $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
+
+ return $NTUserSID.Value
+
+}
- $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
- $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
+# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
- return $NTUserSID.Value
+$Cashier_SID = Get-UsernameSID("Cashier")
- }
+# Define actions to take when the shell program exits.
- # Get the SID for a user account named “Cashier”. Rename “Cashier” to an existing account on your system to test this script.
+$restart_shell = 0
+$restart_device = 1
+$shutdown_device = 2
- $Cashier_SID = Get-UsernameSID(“Cashier”)
+# Examples. You can change these examples to use the program that you want to use as the shell.
- # Define actions to take when the shell program exits.
+# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
- $restart_shell = 0
- $restart_device = 1
- $shutdown_device = 2
+$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
- # Examples. You can change these examples to use the program that you want to use as the shell.
+# Display the default shell to verify that it was added correctly.
- # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
+$DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
- $ShellLauncherClass.SetDefaultShell(“cmd.exe”, $restart_device)
+"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction
- # Display the default shell to verify that it was added correctly.
+# Set Internet Explorer as the shell for "Cashier", and restart the machine if Internet Explorer is closed.
- $DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
+$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell)
- “`nDefault Shell is set to “ + $DefaultShellObject.Shell + “ and the default action is set to “ + $DefaultShellObject.defaultaction
+# Set Explorer as the shell for administrators.
- # Set Internet Explorer as the shell for “Cashier”, and restart the machine if Internet Explorer is closed.
+$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")
- $ShellLauncherClass.SetCustomShell($Cashier_SID, “c:\program files\internet explorer\iexplore.exe www.microsoft.com”, ($null), ($null), $restart_shell)
+# View all the custom shells defined.
- # Set Explorer as the shell for administrators.
+"`nCurrent settings for custom shells:"
+Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
- $ShellLauncherClass.SetCustomShell($Admins_SID, “explorer.exe”)
+# Enable Shell Launcher
- # View all the custom shells defined.
+$ShellLauncherClass.SetEnabled($TRUE)
- “`nCurrent settings for custom shells:”
- Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
+$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
- # Enable Shell Launcher
+"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
- $ShellLauncherClass.SetEnabled($TRUE)
+# Remove the new custom shells.
- $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
+$ShellLauncherClass.RemoveCustomShell($Admins_SID)
- “`nEnabled is set to “ + $IsShellLauncherEnabled.Enabled
+$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
- # Remove the new custom shells.
+# Disable Shell Launcher
- $ShellLauncherClass.RemoveCustomShell($Admins_SID)
+$ShellLauncherClass.SetEnabled($FALSE)
- $ShellLauncherClass.RemoveCustomShell($Cashier_SID)
+$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
+
+"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
```
## Related topics