From 6ca7cd0518e04aa098da7586c7a003b669a82f50 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 14 Jun 2016 07:13:54 -0700 Subject: [PATCH 1/4] remove br after table --- education/windows/set-up-school-pcs-technical.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 3223550a4b..10c7eaa57b 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -252,7 +252,7 @@ The **Set up School PCs** app produces a specialized provisioning package that m

User Account Control: Behavior of the elevation prompt for standard users

Auto deny

-

+ ## Related topics From aba42e515ce408c712995a622f362ef8d9a8252a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 14 Jun 2016 08:28:19 -0700 Subject: [PATCH 2/4] hopefully fix table whitespace --- .../windows/set-up-school-pcs-technical.md | 102 +++++++++--------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md index 10c7eaa57b..f46d83dd4b 100644 --- a/education/windows/set-up-school-pcs-technical.md +++ b/education/windows/set-up-school-pcs-technical.md @@ -152,107 +152,107 @@ The **Set up School PCs** app produces a specialized provisioning package that m

Specify the system sleep timeout (on battery)

1 hour

-

Turn off hybrid sleep (plugged in)

Enabled

+

Turn off hybrid sleep (plugged in)

Enabled

-

Turn off hybrid sleep (on battery)

Enabled

+

Turn off hybrid sleep (on battery)

Enabled

-

Specify the unattended sleep timeout (plugged in)

1 hour

+

Specify the unattended sleep timeout (plugged in)

1 hour

-

Specify the unattended sleep timeout (on battery)

1 hour

+

Specify the unattended sleep timeout (on battery)

1 hour

-

Allow standby states (S1-S3) when sleeping (plugged in)

Enabled

+

Allow standby states (S1-S3) when sleeping (plugged in)

Enabled

-

Allow standby states (S1-S3) when sleeping (on battery)

Enabled

+

Allow standby states (S1-S3) when sleeping (on battery)

Enabled

-

Specify the system hibernate timeout (plugged in)

Enabled, 0

+

Specify the system hibernate timeout (plugged in)

Enabled, 0

-

Specify the system hibernate timeout (on battery)

Enabled, 0

+

Specify the system hibernate timeout (on battery)

Enabled, 0

-

Admin Templates > System > Power Management > Video and Display Settings

-

Turn off the display (plugged in)

1 hour

+

Admin Templates>System>Power Management>Video and Display Settings

+

Turn off the display (plugged in)

1 hour

-

Turn off the display (on battery

1 hour

+

Turn off the display (on battery

1 hour

-

Admin Templates > System > Logon

+

Admin Templates>System>Logon

-

Show first sign-in animation

Disabled

+

Show first sign-in animation

Disabled

-

Hide entry points for Fast User Switching

Enabled

+

Hide entry points for Fast User Switching

Enabled

-

Turn on convenience PIN sign-in

Disabled

+

Turn on convenience PIN sign-in

Disabled

-

Turn off picture password sign-in

Enabled

+

Turn off picture password sign-in

Enabled

-

Turn off app notification on the lock screen

Enabled

+

Turn off app notification on the lock screen

Enabled

-

Allow users to select when a password is required when resuming from connected standby

Disabled

+

Allow users to select when a password is required when resuming from connected standby

Disabled

-

Block user from showing account details on sign-in

Enabled

+

Block user from showing account details on sign-in

Enabled

-

Admin Templates > System > User Profiles

+

Admin Templates>System>User Profiles

-

Turn off the advertising ID

Enabled

+

Turn off the advertising ID

Enabled

-

Admin Templates > Windows Components

+

Admin Templates>Windows Components

-

Do not show Windows Tips

Enabled

+

Do not show Windows Tips

Enabled

-

Turn off Microsoft consumer experiences

Enabled

+

Turn off Microsoft consumer experiences

Enabled

-

Microsoft Passport for Work

Disabled

+

Microsoft Passport for Work

Disabled

-

Prevent the usage of OneDrive for file storage

Enabled

+

Prevent the usage of OneDrive for file storage

Enabled

-

Admin Templates > Windows Components > Biometrics

+

Admin Templates>Windows Components>Biometrics

-

Allow the use of biometrics

Disabled

+

Allow the use of biometrics

Disabled

-

Allow users to log on using biometrics

Disabled

+

Allow users to log on using biometrics

Disabled

-

Allow domain users to log on using biometrics

Disabled

+

Allow domain users to log on using biometrics

Disabled

-

Admin Templates > Windows Components > Data Collection and Preview Builds

+

Admin Templates>Windows Components>Data Collection and Preview Builds

-

Toggle user control over Insider builds

Disabled

+

Toggle user control over Insider builds

Disabled

-

Disable pre-release features or settings

Disabled

+

Disable pre-release features or settings

Disabled

-

Do not show feedback notifications

Enabled

+

Do not show feedback notifications

Enabled

-

Admin Templates > Windows Components > File Explorer

+

Admin Templates > Windows Components > File Explorer

-

Show lock in the user tile menu

Disabled

+

Show lock in the user tile menu

Disabled

-

Admin Templates > Windows Components > Maintenance Scheduler

+

Admin Templates > Windows Components > Maintenance Scheduler

-

Automatic Maintenance Activation Boundary

12am

+

Automatic Maintenance Activation Boundary

12am

-

Automatic Maintenance Random Delay

Enabled, 2 hours

+

Automatic Maintenance Random Delay

Enabled, 2 hours

-

Automatic Maintenance WakeUp Policy

Enabled

+

Automatic Maintenance WakeUp Policy

Enabled

-

Admin Templates > Windows Components > Microsoft Edge

+

Admin Templates > Windows Components > Microsoft Edge

-

Open a new tab with an empty tab

Disabled

+

Open a new tab with an empty tab

Disabled

-

Configure corporate home pages

Enabled, about:blank

+

Configure corporate home pages

Enabled, about:blank

-

Admin Templates > Windows Components > Search

+

Admin Templates > Windows Components > Search

-

Allow Cortana

Disabled

+

Allow Cortana

Disabled

-

Windows Settings > Security Settings > Local Policies > Security Options

+

Windows Settings > Security Settings > Local Policies > Security Options

-

Interactive logon: Do not display last user name

Enabled

+

Interactive logon: Do not display last user name

Enabled

-

Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

Disabled

+

Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

Disabled

-

Shutdown: Allow system to be shut down without having to log on

Disabled

+

Shutdown: Allow system to be shut down without having to log on

Disabled

-

User Account Control: Behavior of the elevation prompt for standard users

Auto deny

+

User Account Control: Behavior of the elevation prompt for standard users

Auto deny

- +
## Related topics From 7eb1a302515cac6bc6615776d662fdb8fc1c3c85 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 14 Jun 2016 12:50:35 -0700 Subject: [PATCH 3/4] updated shell launcher script --- ...istory-for-manage-and-update-windows-10.md | 6 ++ ...osk-for-windows-10-for-desktop-editions.md | 84 ++++++++++--------- 2 files changed, 52 insertions(+), 38 deletions(-) diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md index 5bdd320fd8..603af6fbde 100644 --- a/windows/manage/change-history-for-manage-and-update-windows-10.md +++ b/windows/manage/change-history-for-manage-and-update-windows-10.md @@ -12,6 +12,12 @@ author: jdeckerMS This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). +## June 2016 + +| New or changed topic | Description | +| ---|---| +| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the sample script for Shell Launcher. | + ## May 2016 | New or changed topic | Description | diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index 2c481fd829..c772363cef 100644 --- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -289,76 +289,84 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device. ``` - $COMPUTER = “localhost” - $NAMESPACE = “root\standardcimv2\embedded” +$COMPUTER = "localhost" +$NAMESPACE = "root\standardcimv2\embedded" - # Create a handle to the class instance so we can call the static methods. - $ShellLauncherClass = [wmiclass]”\\$COMPUTER\${NAMESPACE}:WESL_UserSetting” +# Create a handle to the class instance so we can call the static methods. +$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" - # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. +# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. - $Admins_SID = “S-1-5-32-544” +$Admins_SID = "S-1-5-32-544" - # Create a function to retrieve the SID for a user account on a machine. +# Create a function to retrieve the SID for a user account on a machine. - function Get-UsernameSID($AccountName) { +function Get-UsernameSID($AccountName) { - $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) - $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) + $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) + $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) - return $NTUserSID.Value + return $NTUserSID.Value + +} - } +# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. - # Get the SID for a user account named “Cashier”. Rename “Cashier” to an existing account on your system to test this script. +$Cashier_SID = Get-UsernameSID("Cashier") - $Cashier_SID = Get-UsernameSID(“Cashier”) +# Define actions to take when the shell program exits. - # Define actions to take when the shell program exits. +$restart_shell = 0 +$restart_device = 1 +$shutdown_device = 2 - $restart_shell = 0 - $restart_device = 1 - $shutdown_device = 2 +# Examples. You can change these examples to use the program that you want to use as the shell. - # Examples. You can change these examples to use the program that you want to use as the shell. +# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. - # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. +$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) - $ShellLauncherClass.SetDefaultShell(“cmd.exe”, $restart_device) +# Display the default shell to verify that it was added correctly. - # Display the default shell to verify that it was added correctly. +$DefaultShellObject = $ShellLauncherClass.GetDefaultShell() - $DefaultShellObject = $ShellLauncherClass.GetDefaultShell() +"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction - “`nDefault Shell is set to “ + $DefaultShellObject.Shell + “ and the default action is set to “ + $DefaultShellObject.defaultaction +# Set Internet Explorer as the shell for "Cashier", and restart the machine if Internet Explorer is closed. - # Set Internet Explorer as the shell for “Cashier”, and restart the machine if Internet Explorer is closed. +$ShellLauncherClass.SetCustomShell($Cashier_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell) - $ShellLauncherClass.SetCustomShell($Cashier_SID, “c:\program files\internet explorer\iexplore.exe www.microsoft.com”, ($null), ($null), $restart_shell) +# Set Explorer as the shell for administrators. - # Set Explorer as the shell for administrators. +$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe") - $ShellLauncherClass.SetCustomShell($Admins_SID, “explorer.exe”) +# View all the custom shells defined. - # View all the custom shells defined. +"`nCurrent settings for custom shells:" +Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction - “`nCurrent settings for custom shells:” - Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction +# Enable Shell Launcher - # Enable Shell Launcher +$ShellLauncherClass.SetEnabled($TRUE) - $ShellLauncherClass.SetEnabled($TRUE) +$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() - $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() +"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled - “`nEnabled is set to “ + $IsShellLauncherEnabled.Enabled +# Remove the new custom shells. - # Remove the new custom shells. +$ShellLauncherClass.RemoveCustomShell($Admins_SID) - $ShellLauncherClass.RemoveCustomShell($Admins_SID) +$ShellLauncherClass.RemoveCustomShell($Cashier_SID) - $ShellLauncherClass.RemoveCustomShell($Cashier_SID) +# Disable Shell Launcher + +$ShellLauncherClass.SetEnabled($FALSE) + +$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() + +"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled ``` ## Related topics From b2702c4151da5057b1591152bcbc3052a720ac14 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 14 Jun 2016 14:46:09 -0700 Subject: [PATCH 4/4] script tweaks --- .../set-up-a-kiosk-for-windows-10-for-desktop-editions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md index c772363cef..382809735a 100644 --- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md +++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md @@ -303,12 +303,12 @@ $Admins_SID = "S-1-5-32-544" # Create a function to retrieve the SID for a user account on a machine. function Get-UsernameSID($AccountName) { - + $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) - - return $NTUserSID.Value + return $NTUserSID.Value + } # Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script. @@ -323,7 +323,7 @@ $shutdown_device = 2 # Examples. You can change these examples to use the program that you want to use as the shell. -# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. +# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)