diff --git a/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md index 020a7bb599..567797d6ff 100644 --- a/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ b/windows/configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md @@ -203,7 +203,7 @@ Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or   - ## Email notes + ## Email notes - temp from Lily: When you push down a SyncML for Assigned Access xml through the EnterpriseAssignedAccess CSP, it need to be escaped. But if you add the lockdown xml in the provisioning package, you don’t need to escape the xml as ICD will do that when building the package. Providing an escaped xml in ICD will cause building the package fail. diff --git a/windows/deploy/provisioning-apply-package.md b/windows/deploy/provisioning-apply-package.md deleted file mode 100644 index fb4a533c51..0000000000 --- a/windows/deploy/provisioning-apply-package.md +++ /dev/null @@ -1,96 +0,0 @@ ---- -title: Apply a provisioning package (Windows 10) -description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime"). -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Apply a provisioning package - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime"). - -## Desktop editions - -### During initial setup, from a USB drive - -1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**. - - ![The first screen to set up a new PC](images/oobe.jpg) - -2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**. - - ![Set up device?](images/setupmsg.jpg) - -3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. - - ![Provision this device](images/prov.jpg) - -4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. - - ![Choose a package](images/choose-package.png) - -5. Select **Yes, add it**. - - ![Do you trust this package?](images/trust-package.png) - - - -### After setup, from a USB drive, network folder, or SharePoint site - -On a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. - -![add a package option](images/package.png) - -## Mobile editions - -### Using removable media - -1. Insert an SD card containing the provisioning package into the device. -2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. - - ![add a package option](images/packages-mobile.png) - -3. Click **Add**. - -4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**. - - ![Is this package from a source you trust](images/package-trust.png) - -### Copying the provisioning package to the device - -1. Connect the device to your PC through USB. - -2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device. - -3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**. - - ![Is this package from a source you trust](images/package-trust.png) - - - - - - - -## Related topics - -- [Provisioning packages for Windows 10](provisioning-packages.md) -- [How provisioning works in Windows 10](provisioning-how-it-works.md) -- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md) -- [Create a provisioning package](provisioning-create-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows ICD command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) \ No newline at end of file diff --git a/windows/deploy/provisioning-create-package.md b/windows/deploy/provisioning-create-package.md deleted file mode 100644 index 4a1c8ac0df..0000000000 --- a/windows/deploy/provisioning-create-package.md +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Create a provisioning package (Windows 10) -description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Create a provisioning package for Windows 10 - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile. - ->[Learn how to install Windows Configuration Designer.](provisioning-install-icd.md) - ->[!TIP] ->We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain. - -## Start a new project - -1. Open Windows Configuration Designer: - - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut, - - or - - - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**. - -2. Select your desired option on the **Start** page, which offers multiple options for creating a provisioning package, as shown in the following image: - - ![Configuration Designer wizards](images/icd-create-options-1703.png) - - - The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see [What you can configure using Configuration Designer wizardS](provisioning-packages.md#configuration-designer-wizards). - - (NEED TO LINK TO WIZARD TOPICS) - - For instructions on **Simple provisioning**, see [Provision PCs with common settings](provision-pcs-for-initial-deployment.md). - - For instructions on **Provision school devices**, see [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain). - - - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. The rest of this procedure uses **Advanced provisioning**. - - >[!TIP] - >You can start a project in the simple editor and then switch the project to the advanced editor. - > - >![Switch to advanced editor](images/icd-switch.png) - -3. Enter a name for your project, and then click **Next**. - -4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options. - - | Windows edition | Settings available for customization | Provisioning package can apply to | - | --- | --- | --- | - | All Windows editions | Common settings | All Windows 10 devices | - | All Windows desktop editions | Common settings and settings specific to desktop devices | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education) | - | All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices | - | Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices | - | Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning) | - | Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub) | - -5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning packge to import to your project, and then click **Finish**. - ->[!TIP] ->**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly. - -After you click **Finish**, Windows Configuration Designer will open the **Available customizations** pane. - - - - -## Configure settings - -For an advanced provisioning project, Windows Configuration Designer opens the **Available customizations** pane. The example in the following image is based on **All Windows desktop editions** settings. - -![What the ICD interface looks like](images/icd-runtime.png) - -The settings in Windows Configuration Designer are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers). - -The process for configuring settings is similar for all settings. The following table shows an example. - - - - - - - -
![step one](images/one.png)
Expand a category.		![Expand Certificates category](images/icd-step1.png)
![step two](images/two.png)
Select a setting.		![Select ClientCertificates](images/icd-step2.png)
![step three](images/three.png)
Enter a value for the setting. Click **Add** if the button is displayed.		![Enter a name for the certificate](images/icd-step3.png)
![step four](images/four.png)
Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and additional settings are displayed.		![Additional settings for client certificate](images/icd-step4.png)
![step five](images/five.png)
When the setting is configured, it is displayed in the **Selected customizations** pane.		![Selected customizations pane](images/icd-step5.png)
- -For details on each specific setting, see [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx). The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image. - -![Windows Configuration Designer opens the reference topic when you select a setting](images/icd-setting-help.png) - - - ## Build package - -1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**. - - ![Export on top bar](images/icd-export-menu.png) - -2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**: - - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field. - - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field. - - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages). - - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0. - -3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections. - - - **Encrypt package** - If you select this option, an auto-generated password will be shown on the screen. - - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. - - >[!NOTE] - >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. - > - >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner. - -4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows Configuration Designer uses the project folder as the output location. - -5. In the **Build the provisioning package** window, click **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page. - -6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - -7. When you are done, click **Finish** to close the wizard and go back to the Customizations page. - -**Next step**: [How to apply a provisioning package](provisioning-apply-package.md) - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) - -- [How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://docs.microsoft.com/sccm/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm) - -## Related topics - -- [Provisioning packages for Windows 10](provisioning-packages.md) -- [How provisioning works in Windows 10](provisioning-how-it-works.md) -- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md) -- [Apply a provisioning package](provisioning-apply-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) \ No newline at end of file diff --git a/windows/deploy/provisioning-how-it-works.md b/windows/deploy/provisioning-how-it-works.md deleted file mode 100644 index b888e5ff69..0000000000 --- a/windows/deploy/provisioning-how-it-works.md +++ /dev/null @@ -1,182 +0,0 @@ ---- -title: How provisioning works in Windows 10 (Windows 10) -description: A provisioning package (.ppkg) is a container for a collection of configuration settings. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# How provisioning works in Windows 10 - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 devices. Windows Configuration Designer is a tool that makes it easy to create a provisioning package. Windows Configuration Designer can be installed from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) or through the Windows Store. - -## Provisioning packages - -A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or simply downloaded to the device. - -To enable adding multiple sets of settings or configurations, the configuration data used by the provisioning engine is built out of multiple configuration sources that consist of separate provisioning packages. Each provisioning package contains the provisioning data from a different source. - -A provisioning package (.ppkg) is a container for a collection of configuration settings. The package has the following format: - -- Package metadata – The metadata contains basic information about the package such as package name, description, version, ranking, and so on. - -- XML descriptors – Each descriptor defines a customization asset or configuration setting included in the package. - -- Asset payloads – The payloads of a customization asset or a configuration setting associated with an app or data asset. - -You can use provisioning packages for runtime device provisioning by accessing the package on a removable media attached to the device, through near field communication (NFC), or by downloading from a remote source location. - -## Precedence for provisioning packages - -When multiple provisioning packages are available for device provisioning, the combination of package owner type and package rank level defined in the package manifest is used to resolve setting conflicts. The pre-defined package owner types are listed below in the order of lowest to highest owner type precedence: - -1. Microsoft - -2. Silicon Vender - -3. OEM - -4. System Integrator - -5. Mobile Operator - -6. IT Admin - -The valid value range of package rank level is 0 to 99. - -When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For example, the value of a setting in a package with owner **System Integrator** and rank level **3** takes precedence over the same setting in a package with owner **OEM** and rank level **4**. This is because the System Integrator owner type has the higher precedence over the OEM owner type. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device. - -## Windows provisioning XML - -Windows provisioning XML is the framework that allows Microsoft and OEM components to declare end-user configurable settings and the on-device infrastructure for applying the settings with minimal work by the component owner. - -Settings for each component can be declared within that component's package manifest file. These declarations are turned into settings schema that are used by Windows Configuration Designer to expose the potential settings to users to create customizations in the image or in provisioning packages. Windows Configuration Designer translates the user configuration, which is declared through Windows provisioning answer file(s), into the on-device provisioning format. - -When the provisioning engine selects a configuration, the Windows provisioning XML is contained within the selected provisioning data and is passed through the configuration manager and then to the [Windows provisioning CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/provisioning-csp). The Windows provisioning CSP then takes and applies the provisioning to the proper location for the actual component to use. - -## Provisioning engine - -The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10. - -The provisioning engine provides the following functionality: - -- Provisioning configuration at any time when the device is running including first boot and setup or OOBE. It is also extensible to other points during the run-time of the device. -- Reading and combining settings from multiple sources of configuration that may be added to an image by Microsoft, the OEM, or system integrator, or added by IT/education administrators or users to the device at run-time. Configuration sources may be built into the image or from provisioning packages added to the device. -- Responding to triggers or events and initiating a provisioning stage. -- Authenticating the provisioning packages. -- Selecting a set of configuration based on the stage and a set of keys—such as the SIM, MCC/MNC, IMSI range, and so on—that map to a specific configuration then passing this configuration to the configuration management infrastructure to be applied. -- Working with OOBE and the control panel UI to allow user selection of configuration when a specific match cannot be determined. - -## Configuration manager - -The configuration manager provides the unified way of managing Windows 10 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference) to perform the specific management requests and settings. - -The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. - -Underneath the configuration manager are the CSPs. Each section of configuration translates to a particular CSP to handle interpreting into an action on the device. Each CSP translates the instructions in the configuration and calls into the appropriate APIs and components to perform the requested provisioning actions. - -## Policy and resource manager - -The policy, resource, and context manager components manage the enrollment and unenrollment of devices into enterprise environments. The enrollment process into an enterprise is essentially the provisioning of configuration and device management policies that the enterprise wants to enforce on the device. This is usually done through the explicit signing up of the device to an enterprise's device management server over a network connection. This provides the user with the ability to access the enterprise's resources through the device and the enterprise with a means to manage and control access and manage and control the device itself. - -The key differences between enterprise enrollment and the configuration performed by the provisioning engine are: -- Enrollment enforces a limited and controlled set of policies on the device that the user may not have full control over. The provisioning engine exposes a larger set of settings that configure more aspects of the device and are generally user adjustable. -- The policy manager manages policy settings from multiple entities and performs a selection of the setting based on priority of the entities. The provisioning engine applies the settings and does not offer a means of prioritizing settings from different sources. The more specific provisioning is the last one applied and the one that is used. -- Individual policy settings applied from different enrollment entities are stored so they can be removed later during unenrollment. This enables the user to remove enterprise policy and return the device to a state without the enterprise restrictions and any sensitive data. The provisioning engine does not maintain individual provisioning settings or a means to roll back all applied settings. - -In Windows 10, the application of policy and enrollment through provisioning is required to support cases where an enterprise or educational institution does not have a DM server for full device management. The provisioning engine supports provisioning enrollment and policy through its configuration and integrates with the existing policy and resource manager components directly or through the configuration manager. - -## Triggers and stages - -Triggers are events during the lifetime of the system that start a provisioning stage. Some examples of triggers are: boot, OOBE, SIM change, user added, administrator added, user login, device update, and various manual triggers (such as deployment over USB or launched from an email attachment or USB flash drive). - -When a trigger occurs, provisioning is initiated for a particular provisioning stage. The stages are grouped into sets based on the scope of the settings: -- **Static**: First stage run for provisioning to apply configuration settings to the system to set up OOBE or apply device-wide settings that cannot be done when the image is being created. -- **System**: Run during OOBE and configure system-wide settings. -- **UICC**: UICC stages run for each new UICC in a device to handle configuration and branding based on the identity of the UICC or SIM card. This enables the runtime configuration scenarios where an OEM can maintain one image that can be configured for multiple operators. -- **Update**: Runs after an update to apply potential updated settings changes. -- **User**: runs during a user account first run to configure per-user settings. - - - - - - - - - -## Device provisioning during OOBE - -The provisioning engine always applies provisioning packages persisted in the `C:\Recovery\Customizations` folder on the OS partition. When the provisioning engine applies provisioning packages in the `%ProgramData%\Microsoft\Provisioning` folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect. - -Device users can apply a provisioning package from a remote source when the device first boots to OOBE. The device provisioning during OOBE is only triggered after the language, locale, time zone, and other settings on the first OOBE UI page are configured. When device provisioning is triggered, the provisioning UI is displayed in the OOBE page. The provisioning UI allows users to select a provisioning package acquired from a remote source, such as through NFC or a removable media. - -The following table shows how device provisioning can be initiated when a user first boots to OOBE. - - -| Package delivery | Initiation method | Supported device | -| --- | --- | --- | -| Removable media - USB drive or SD card
(Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices | -| From an administrator device through machine-to-machine NFC or NFC tag
(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows 10 Mobile devices and IoT Core devices | - -The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. - -When the provisioning engine applies provisioning packages during OOBE, it applies only the runtime settings from the package to the device. Runtime settings can be system-wide configuration settings, including security policy, Windows app install/uninstall, network configuration, bootstrapping MDM enrollment, provisioning of file assets, account and domain configuration, Windows edition upgrade, and more. The provisioning engine also checks for the configuration settings on the device, such as region/locale or SIM card, and applies the multivariant settings with matching condition(s). - -## Device provisioning at runtime - -At device runtime, stand-alone provisioning packages can be applied by user initiation. The following table shows when provisioning at device runtime can be initiated. - -| Package delivery | Initiation method | Supported device | -| --- | --- | --- | -| Removable media - USB drive or SD card
(Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices | -| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices | -| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows 10 Mobile devices and IoT Core devices | - -When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device. - -When applying multiple provisioning packages to a device, the provisioning engine resolves settings with conflicting configuration values from different packages by evaluating the package ranking using the combination of package owner type and package rank level defined in the package metadata. A configuration setting applied from a provisioning package with the highest package ranking will be the final value applied to the device. - -After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**. - - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) - - -## Related topics - -- [Provisioning packages for Windows 10](provisioning-packages.md) -- [Install Windows Configuration Designer](provisioning-install-icd.md) -- [Create a provisioning package](provisioning-create-package.md) -- [Apply a provisioning package](provisioning-apply-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) - - - - -  - -  - - - - - diff --git a/windows/deploy/provisioning-install-icd.md b/windows/deploy/provisioning-install-icd.md deleted file mode 100644 index cd27087c4f..0000000000 --- a/windows/deploy/provisioning-install-icd.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: Install Windows Configuration Designer (Windows 10) -description: Learn how to install and run Windows Configuration Designer. -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Install Windows Configuration Designer - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows 10. Windows Configuration Designer is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices. - -## Supported platforms - -Windows Configuration Designer can create provisioning packages for Windows 10 desktop and mobile editions, including Windows 10 IoT Core, as well as Microsoft Surface Hub and Microsoft HoloLens. You can run Windows Configuration Designer on the following operating systems: - -- Windows 10 - x86 and amd64 -- Windows 8.1 Update - x86 and amd64 -- Windows 8.1 - x86 and amd64 -- Windows 8 - x86 and amd64 -- Windows 7 - x86 and amd64 -- Windows Server 2016 -- Windows Server 2012 R2 Update -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 - -## Install Windows Configuration Designer - -On devices running Windows 10, version 1703, you can install [Windows Configuration Designer from the Windows Store](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on other operating systems, install it from the Windows Assessment and Deployment Kit (ADK) for Windows 10. - ->[!NOTE] ->The Windows Configuration Designer App from the Windows Store currently supports only English. For a localized version of the Windows Configuration Designer, install it from the Windows ADK. - -1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows 10 that you want to create provisioning packages for (version 1511 or version 1607). - - >[!NOTE] - >The rest of this procedure uses Windows ADK for Windows 10, version 1607 as an example. - -2. Save **adksetup.exe** and then run it. - -3. On the **Specify Location** page, select an installation path and then click **Next**. - >[!NOTE] - >The estimated disk space listed on this page applies to the full Windows ADK. If you only install Windows Configuration Designer, the space requirement is approximately 32 MB. -4. Make a selection on the **Windows Kits Privacy** page, and then click **Next**. - -5. Accept the **License Agreement**, and then click **Next**. - -6. On the **Select the features you want to install** page, clear all selections except **Configuration Designer**, and then click **Install**. - - ![Only Configuration Designer selected for installation](images/icd-install.png) - -## Current Windows Configuration Designer limitations - - -- You can only run one instance of Windows Configuration Designer on your computer at a time. - -- Be aware that when adding apps and drivers, all files stored in the same folder will be imported and may cause errors during the build process. - -- The Windows Configuration Designer UI does not support multivariant configurations. Instead, you must use the Windows Configuration Designer command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). - -- While you can open multiple projects at the same time within Windows Configuration Designer, you can only build one project at a time. - -- In order to enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you need to explicitly enable **Allow websites to prompt for information using scripted windows**. Do this by opening Internet Explorer and then navigating to **Settings** > **Internet Options** > **Security** -> **Custom level** > **Allow websites to prompt for information using scripted windows**, and then choose **Enable**. - -- If you copy a Windows Configuration Designer project from one PC to another PC, make sure that all the associated files for the deployment assets, such as apps and drivers, are copied along with the project to the same path as it was on the original PC. - - For example, when you add a driver to a provisioned package, you must copy the .INF file to a local directory on the PC that is running Windows Configuration Designer. If you don't do this, and attempt to use a copied version of this project on a different PC, Windows Configuration Designer might attempt to resolve the path to the files that point to the original PC. - -- **Recommended**: Before starting, copy all source files to the PC running Windows Configuration Designer, rather than using external sources like network shares or removable drives. This reduces the risk of interrupting the build process from a temporary network issue or from disconnecting the USB device. - -**Next step**: [How to create a provisioning package](provisioning-create-package.md) - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) - -## Related topics - -- [Provisioning packages for Windows 10](provisioning-packages.md) -- [How provisioning works in Windows 10](provisioning-how-it-works.md) -- [Create a provisioning package](provisioning-create-package.md) -- [Apply a provisioning package](provisioning-apply-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) - - - -  - -  - - - - - diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md deleted file mode 100644 index acd1e9dedb..0000000000 --- a/windows/deploy/provisioning-packages.md +++ /dev/null @@ -1,163 +0,0 @@ ---- -title: Provisioning packages (Windows 10) -description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. -ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Provisioning packages for Windows 10 - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. - -A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. - -Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization. - -The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages. Windows Configuration Designer is also available as an app in the Windows Store. - - -## New in Windows 10, version 1703 - -- The tool for creating provisioning packages is renamed Windows Configuration Designer, replacing the Windows Imaging and Configuration Designer (ICD) tool. The components for creating images have been removed from Windows Configuration Designer, which now provides access to runtime settings only. -- Windows Configuration Designer can still be installed from the Windows ADK. You can also install it from the Windows Store. -- Windows Configuration Designer adds more wizards to make it easier to create provisioning packages for specific scenarios. See [What you can configure](#configuration-designer-wizards) for wizard descriptions. -- The wizard **Provision desktop devices** (previously called **Simple provisioning**) now enables joining Azure Active Directory (Azure AD) domains and also allows you to remove non-Microsoft software from Windows desktop devices during provisioning. -- Provisioning packages can be made available [using NFC and barcodes](provisioning-nfc.md). -- When provisioning packages are applied to a device, a status screen indicates successful or failed provisioning. -- Windows 10 includes PowerShell cmdlets that simplify scripted provisioning. Using these cmdlets, you can add provisioning packages, remove provisioning packages and generate log files to investigate provisioning errors. -- The **Provision school devices** wizard is removed from Windows Configuration Designer. Instead, use the **Setup School PCs** app from the Windows Store. - - -## Benefits of provisioning packages - - -Provisioning packages let you: - -- Quickly configure a new device without going through the process of installing a new image. - -- Save time by configuring multiple devices using one provisioning package. - -- Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure. - -- Set up a device without the device having network connectivity. - -Provisioning packages can be: - -- Installed using removable media such as an SD card or USB flash drive. - -- Attached to an email. - -- Downloaded from a network share. - -- Deployed in NFC tags or barcodes. - -## What you can configure - -### Configuration Designer wizards - -The following table describes settings that you can configure using the wizards in the Configuration Designer to create provisioning packages. - - - - - - - - - -
**Step****Description****Desktop
wizard**		**Mobile
wizard**		**Kiosk
wizard**
Set up deviceAssign device name,
enter product key to upgrade Windows,
configure shared used,
remove pre-installed software		![yes](images/checkmark.png)![yes](images/checkmark.png)
(Only device name and upgrade key)		![yes](images/checkmark.png)
Set up networkConnect to a Wi-Fit network![yes](images/checkmark.png)![yes](images/checkmark.png)![yes](images/checkmark.png)
Account managementEnroll device in Active Directory,
enroll device in Azure Active Directory,
or create a local administrator account		![yes](images/checkmark.png)![no](images/crossmark.png)![yes](images/checkmark.png)
Bulk Enrollment in Azure ADEnroll device in Azure Active Directory![no](images/crossmark.png)![yes](images/checkmark.png)![no](images/crossmark.png)
Add applications?![no](images/crossmark.png)![no](images/crossmark.png)![yes](images/checkmark.png)
Add certificates?![no](images/crossmark.png)![no](images/crossmark.png)![yes](images/checkmark.png)
Configure kiosk account and appCreate local account to run the kiosk mode app,
specify the app to run in kiosk mode		![no](images/crossmark.png)![no](images/crossmark.png)![yes](images/checkmark.png)
Configure kiosk common settingsSet tablet mode,
configure welcome and shutdown screens,
turn off timeout settings		![no](images/crossmark.png)![no](images/crossmark.png)![yes](images/checkmark.png)
- ->[!NOTE] ->After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package. - -### Configuration Designer advanced editor - -The following table provides some examples of settings that you can configure using the Windows Configuration Designer advanced editor to create provisioning packages. - -| Customization options | Examples | -|--------------------------|-----------------------------------------------------------------------------------------------| -| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters | -| Applications | Windows apps, line-of-business applications | -| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service\* | -| Certificates | Root certification authority (CA), client certificates | -| Connectivity profiles | Wi-Fi, proxy settings, Email | -| Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings | -| Data assets | Documents, music, videos, pictures | -| Start menu customization | Start menu layout, application pinning | -| Other | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on | -\* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices. -  - -For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012). - -## Changes to provisioning in Windows 10, version 1607 - ->[!NOTE] ->This section is retained for customers using Windows 10, version 1607, on the Current Branch for Business. Some of this information is not applicable in Windows 10, version 1703. - -Windows ICD for Windows 10, version 1607, simplified common provisioning scenarios. - -![Configuration Designer options](images/icd.png) - -Windows ICD in Windows 10, version 1607, supported the following scenarios for IT administrators: - -* **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. - - > [Learn how to use simple provisioning to configure Windows 10 computers.](provision-pcs-for-initial-deployment.md) - -* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. - - > [Learn how to use advanced provisioning to configure Windows 10 computers with apps and certificates.](provision-pcs-with-apps-and-certificates.md) - -* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: - - * System Center Configuration Manager and Microsoft Intune hybrid (certificate-based enrollment) - * AirWatch (password-string based enrollment) - * Mobile Iron (password-string based enrollment) - * Other MDMs (cert-based enrollment) - -> [!NOTE] -> Windows ICD in Windows 10, version 1607, also provided a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index). - -## Learn more - -- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921) - -- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922) - -## Related topics - -- [How provisioning works in Windows 10](provisioning-how-it-works.md) -- [Install Windows Configuration Designer](provisioning-install-icd.md) -- [Create a provisioning package](provisioning-create-package.md) -- [Apply a provisioning package](provisioning-apply-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) - - - - - -  - -  - - - - - diff --git a/windows/deploy/provisioning-powershell.md b/windows/deploy/provisioning-powershell.md deleted file mode 100644 index ed05c3ca94..0000000000 --- a/windows/deploy/provisioning-powershell.md +++ /dev/null @@ -1,71 +0,0 @@ ---- -title: provisioning powershell (Windows 10) -description: -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# provisioning powershell - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -RS2 ships with Windows Provisioning PowerShell cmdlets in box. These cmdlets make it easy to script the following functions - - - - - - - - -
CmdletPurposeSyntax
Add-ProvisioningPackage Use this cmdlet to apply a provisioning package```Add-ProvisioningPackage [-Path] [-ForceInstall] [-LogsFolder ] [-WprpFile ] []```
Remove-ProvisioningPackageRemove a provisioning package ```Remove-ProvisioningPackage -PackageId [-LogsFolder ] [-WprpFile ] []```
```Remove-ProvisioningPackage -Path [-LogsFolder ] [-WprpFile ] []```
```Remove-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []```
Get-ProvisioningPackage Get information about an installed provisioning package ```Get-ProvisioningPackage -PackageId [-LogsFolder ] [-WprpFile ] []```
```Get-ProvisioningPackage -Path [-LogsFolder ] [-WprpFile ] []```
```Get-ProvisioningPackage -AllInstalledPackages [-LogsFolder ] [-WprpFile ] []```
Export-ProvisioningPackage Extract the contents of a provisioning package ```Export-ProvisioningPackage -PackageId -OutputFolder [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []```
```Export-ProvisioningPackage -Path -OutputFolder [-Overwrite] [-AnswerFileOnly] [-LogsFolder ] [-WprpFile ] []```
Add-TrustedProvisioningCertificate Adds a certificate to the Trusted Certificate store TBD
- ->[!NOTE] -> You can use Get-Help to get usage help on any command. For example: `Get-Help Add-ProvisioningPackage` - -Trace logs are captured when using cmdlets. The following logs are available in the logs folder after the cmdlet completes: - -- ProvTrace.<timestamp>.ETL - ETL trace file, unfiltered -- ProvTrace.<timestamp>.XML - ETL trace file converted into raw trace events, unfiltered -- ProvTrace.<timestamp>.TXT - TEXT file containing trace output formatted for easy reading, filtered to only show events logged by providers in the WPRP file -- ProvLogReport.<timestamp>.XLS - Excel file containing trace output, filtered to only show events logged by providers in WPRP file - - - ->[!NOTE] ->When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts. - - -## Related topics - -- [How provisioning works in Windows 10](provisioning-how-it-works.md) -- [Install Windows Configuration Designer](provisioning-install-icd.md) -- [Create a provisioning package](provisioning-create-package.md) -- [Apply a provisioning package](provisioning-apply-package.md) -- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) -- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) -- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) -- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) -- [NFC-based device provisioning](provisioning-nfc.md) -- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md) -- [Create a provisioning package with multivariant settings](provisioning-multivariant.md) - - - - - -  - -  - - - - - diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md deleted file mode 100644 index e5c03d9939..0000000000 --- a/windows/manage/configure-windows-10-taskbar.md +++ /dev/null @@ -1,302 +0,0 @@ ---- -title: Configure Windows 10 taskbar (Windows 10) -description: Admins can pin apps to users' taskbars. -keywords: ["taskbar layout","pin apps"] -ms.prod: W10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- -# Configure Windows 10 taskbar - -**Applies to** - -- Windows 10 - -Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar. - -> [!NOTE] -> The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout. - -You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). - -If you specify an app to be pinned that is not provisioned for the user on the computer, the pinned icon won't appear on the taskbar. - -The order of apps in the XML file dictates the order of pinned apps on the taskbar from left to right, to the right of any existing apps pinned by the user. - -> [!NOTE] -> In operating systems configured to use a right-to-left language, the taskbar order will be reversed. - -The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using the XML file to the right (green square). - -![Windows left, user center, enterprise to the right](images/taskbar-generic.png) - - -## Configure taskbar (general) - -To configure the taskbar: -1. Create the XML file. - * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from the following sample to the file. - * If you are only configuring the taskbar, use the following sample to create a layout modification XML file. -2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar. - * Use `` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps. - * Use `` and Desktop Application Link Path to pin desktop applications. -3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). - ->[!IMPORTANT] ->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using Group Policy. - -### Tips for finding AUMID and Desktop Application Link Path - -In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. - -The easiest way to find this data for an application is to: -1. Pin the application to the Start menu on a reference or testing PC. -2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet. -3. Open the generated XML file. -4. Look for an entry corresponding to the app you pinned. -5. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`. - - -### Sample taskbar configuration XML file - -```xml - - - - - - - - - - - -``` -### Sample taskbar configuration added to Start layout XML file - -```xml - - - - - - - - - - - - - - - - - - - - - - - -``` - -##Keep default apps and add your own - -The `` section will append listed apps to the taskbar by default. The following sample keeps the default apps pinned and adds pins for Paint, Microsoft Reader, and a command prompt. - -```xml - - - - - - - - - - - - -``` -**Before:** - -![default apps pinned to taskbar](images/taskbar-default.png) - -**After:** - - ![additional apps pinned to taskbar](images/taskbar-default-plus.png) - -## Remove default apps and add your own - -By adding `PinListPlacement="Replace"` to ``, you remove all default pinned apps; only the apps that you specify will be pinned to the taskbar. - -If you only want to remove some of the default pinned apps, you would use this method to remove all default pinned apps and then include the default app that you want to keep in your list of pinned apps. - -```xml - - - - - - - - - - - - - -``` -**Before:** - -![Taskbar with default apps](images/taskbar-default.png) - -**After:** - -![Taskbar with default apps removed](images/taskbar-default-removed.png) - -## Configure taskbar by country or region - -The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there is no `` node with a region tag for the current region, the first `` node that has no specified region will be applied. When you specify one or more countries or regions in a `` node, the specified apps are pinned on computers configured for any of the specified countries or regions. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -When the preceding example XML file is applied, the resulting taskbar for computers in the US or UK: - -![taskbar for US and UK locale](images/taskbar-region-usuk.png) - -The resulting taskbar for computers in Germany or France: - -![taskbar for DE and FR locale](images/taskbar-region-defr.png) - -The resulting taskbar for computers in any other country region: - -![taskbar for all other regions](images/taskbar-region-other.png) - - -> [!NOTE] -> [Look up country and region codes (use the ISO Short column)](https://go.microsoft.com/fwlink/p/?LinkId=786445) - - - - -## Layout Modification Template schema definition - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -## Related topics - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) diff --git a/windows/manage/customize-and-export-start-layout.md b/windows/manage/customize-and-export-start-layout.md deleted file mode 100644 index 5aa308d75f..0000000000 --- a/windows/manage/customize-and-export-start-layout.md +++ /dev/null @@ -1,165 +0,0 @@ ---- -title: Customize and export Start layout (Windows 10) -description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout. -ms.assetid: CA8DF327-5DD4-452F-9FE5-F17C514B6236 -keywords: ["start screen"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Customize and export Start layout - - -**Applies to** - -- Windows 10 - ->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - -The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout. - -After you export the layout, decide whether you want to apply a *full* Start layout or a *partial* Start layout. - -When a full Start layout is applied, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. - -When [a partial Start layout](#configure-a-partial-start-layout) is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. - ->[!NOTE] ->Partial Start layout is only supported on Windows 10, version 1511 and later. - -  - -You can deploy the resulting .xml file to devices using one of the following methods: - -- [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) - -- [Windows Imaging and Configuration Designer provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) - -- [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - -## Customize the Start screen on your test computer - - -To prepare a Start layout for export, you simply customize the Start layout on a test computer. - -**To prepare a test computer** - -1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users’ computers (Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education). Install all apps and services that the Start layout should display. - -2. Create a new user account that you will use to customize the Start layout. - - -**To customize Start** - -1. Sign in to your test computer with the user account that you created. - -2. Customize the Start layout as you want users to see it by using the following techniques: - - - **Pin apps to Start**. From Start, type the name of the app. When the app appears in the search results, right-click the app, and then click **Pin to Start**. - - To view all apps, click **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start. - - - **Unpin apps** that you don’t want to display. To unpin an app, right-click the app, and then click **Unpin from Start**. - - - **Drag tiles** on Start to reorder or group apps. - - - **Resize tiles**. To resize tiles, right-click the tile and then click **Resize.** - - - **Create your own app groups**. Drag the apps to an empty area. To name a group, click above the group of tiles and then type the name in the **Name group** field that appears above the group. - -## Export the Start layout - - -When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet in Windows PowerShell to export the Start layout to an .xml file. - -**To export the Start layout to an .xml file** - -1. From Start, open **Windows PowerShell**. - -2. At the Windows PowerShell command prompt, enter the following command: - - `export-startlayout –path .xml ` - - In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml). - - Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet does not append the file name extension, and the policy settings require the extension. - - Example of a layout file produced by `Export-StartLayout`: - - - - - - - - - - - - - - - - -
XML
<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
-      <DefaultLayoutOverride>
-        <StartLayoutCollection>
-          <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
-            <start:Group Name="Life at a glance" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
-              <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" />
-              <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
-            </start:Group>        
-          </defaultlayout:StartLayout>
-        </StartLayoutCollection>
-      </DefaultLayoutOverride>
-    </LayoutModificationTemplate>
- -## Configure a partial Start layout - - -A partial Start layout enables you to add one or more customized tile groups to users' Start screens or menus, while still allowing users to make changes to other parts of the Start layout. All groups that you add are *locked*, meaning users cannot change the contents of those tile groups, however users can change the location of those groups. Locked groups are identified with an icon, as shown in the following image. - -![locked tile group](images/start-pinned-app.png) - -When a partial Start layout is applied for the first time, the new groups are added to the users' existing Start layouts. If an app tile is in both an existing group and in a new locked group, the duplicate app tile is removed from the existing (unlocked) group. - -When a partial Start layout is applied to a device that already has a StartLayout.xml applied, groups that were added previously are removed and the groups in the new layout are added. - -If the Start layout is applied by Group Policy or MDM, and the policy is removed, the groups remain on the devices but become unlocked. - -**To configure a partial Start screen layout** - -1. [Customize the Start layout](#bmk-customize-start). - -2. [Export the Start layout](#bmk-exportstartscreenlayout). -3. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows: - - ``` syntax - - ``` - -4. Save the file and apply using any of the deployment methods. - -## Related topics - - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - -  - -  - - - - - diff --git a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md deleted file mode 100644 index 5c22ec50fe..0000000000 --- a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10) -description: You can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain. -ms.assetid: F4A47B36-F1EF-41CD-9CBA-04C83E960545 -keywords: ["Start layout", "start menu", "layout", "group policy"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Customize Windows 10 Start and taskbar with Group Policy - - -**Applies to** - -- Windows 10 - ->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - -In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead. - ->[!NOTE] ->Taskbar configuration is available starting in Windows 10, version 1607. -> ->Start and taskbar configuration are available for Windows 10 Pro in version 1703. - -This topic describes how to update Group Policy settings to display a customized Start and taskbar layout when the users sign in. By creating a domain-based GPO with these settings, you can deploy a customized Start and taskbar layout to users in a domain. - ->[!WARNING]   ->When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. When you apply a taskbar layout, users will still be able to pin and unpin apps, and change the order of pinned apps. - -  - -**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) - -## Operating system requirements - - -Start and taskbar layout control using Group Policy is supported in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703. - -The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](https://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base. - -## How Start layout control works - - -Three features enable Start and taskbar layout control: - -- The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - - >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. - -- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. - -- In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case. - ->[!NOTE]   ->To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863). - -  - -## Use Group Policy to apply a customized Start layout in a domain - - -To apply the Start and taskbar layout to users in a domain, use the Group Policy Management Console (GPMC) to configure a domain-based Group Policy Object (GPO) that sets **Start Layout** policy settings in the **Start Menu and Taskbar** administrative template for users in a domain. - -The GPO applies the Start and taskbar layout at the next user sign-in. Each time the user signs in, the timestamp of the .xml file with the Start and taskbar layout is checked and if a newer version of the file is available, the settings in the latest version of the file are applied. - -The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. - -The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available when the first user signs in, Start and the taskbar are not customized during the session, but the user will be prevented from making changes to Start. On subsequent sign-ins, if the file is available at sign-in, the layout it contains will be applied to the user's Start and taskbar. - -For information about deploying GPOs in a domain, see [Working with Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620889). - -## Use Group Policy to apply a customized Start layout on the local computer - - -You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**. - ->[!NOTE]   ->This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment). -> ->This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10. - - -This procedure adds the customized Start and taskbar layout to the user configuration, which overrides any Start layout settings in the local computer configuration when a user signs in on the computer. - -**To configure Start Layout policy settings in Local Group Policy Editor** - -1. On the test computer, press the Windows key, type **gpedit**, and then select **Edit group policy (Control panel)**. - -2. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**. - - ![start screen layout policy settings](images/starttemplate.jpg) - -3. Right-click **Start Layout** in the right pane, and click **Edit**. - - This opens the **Start Layout** policy settings. - - ![policy settings for start screen layout](images/startlayoutpolicy.jpg) - -4. Enter the following settings, and then click **OK**: - - 1. Select **Enabled**. - - 2. Under **Options**, specify the path to the .xml file that contains the Start and taskbar layout. For example, type **C:\\Users\\Test01\\StartScreenMarketing.xml**. - - 3. Optionally, enter a comment to identify the Start and taskbar layout. - - >[!IMPORTANT]   - >If you disable Start Layout policy settings that have been in effect and then re-enable the policy, users will not be able to make changes to Start, however the layout in the .xml file will not be reapplied unless the file has been updated. In Windows PowerShell, you can update the timestamp on a file by running the following command: - - >`(ls ).LastWriteTime = Get-Date` - -   - -## Update a customized Start layout - - -After you use Group Policy to apply a customized Start and taskbar layout on a computer or in a domain, you can update the layout simply by replacing the .xml file that is specified in the Start Layout policy settings with a file with a newer timestamp. - -## Related topics - - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - - - - - diff --git a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md deleted file mode 100644 index 07a815a1b6..0000000000 --- a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Customize Windows 10 Start and taskbar with mobile device management (MDM) (Windows 10) -description: You can use a mobile device management (MDM) policy to deploy a customized Start layout to users. -ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4 -keywords: ["start screen", "start menu"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: medium ---- - -# Customize Windows 10 Start and taskbar with mobile device management (MDM) - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -**Looking for consumer information?** - -- [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - - -In Windows 10 Mobile, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead. - - ->[!NOTE] ->Taskbar configuration is available starting in Windows 10, version 1607. -> ->Start and taskbar configuration are available for Windows 10 Pro in version 1703. - -**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile. - ->[!WARNING] ->When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. - -  - -## How Start layout control works - - -Two features enable Start layout control: - -- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - - >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. -   -- In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244). - -## Create a policy for your customized Start layout - - -This example uses Microsoft Intune to configure an MDM policy that applies a customized Start and taskbar layout. See the documentation for your MDM solution for help in applying the policy. - -1. In your customized Start and taskbar layout XML file, replace markup characters with escape characters, and save the file. (You can replace the characters manually or use an online tool.) - - Example of a layout file: - - ```xml - - - - - - - - - - - - - - - - - - - - - - - - ``` - Example of the same layout file with escape characters replacing the markup characters: - - ``` - <LayoutModificationTemplate - xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification" - xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" - xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" - xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" - Version="1"> - <LayoutOptions StartTileGroupCellWidth="6" StartTileGroupsColumnCount="1" /> - <DefaultLayoutOverride> - <StartLayoutCollection> - <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"> - <start:Group Name="Life at a glance" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"> - <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" /> - <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI" /> - <start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> - </start:Group> - </defaultlayout:StartLayout> - </StartLayoutCollection> - </DefaultLayoutOverride> - <CustomTaskbarLayoutCollection> - <defaultlayout:TaskbarLayout> - <taskbar:TaskbarPinList> - <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" /> - <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" /> - </taskbar:TaskbarPinList> - </defaultlayout:TaskbarLayout> - </CustomTaskbarLayoutCollection> - </LayoutModificationTemplate> - ``` - -2. In the Microsoft Intune administration console, click **Policy** > **Add Policy**. - -3. Under **Windows**, choose a **Custom Configuration (Windows 10 Desktop and Mobile and later)** policy. - -4. Enter a name (mandatory) and description (optional) for the policy. - -5. In the **OMA-URI Settings** section, click **Add.** - -6. In **Add or Edit OMA-URI Setting**, enter the following information. - - | Item | Information | - |----|----| - | **Setting name** | Enter a unique name for the OMA-URI setting to help you identify it in the list of settings. | - | **Setting description** | Provide a description that gives an overview of the setting and other relevant information to help you locate it. | - | **Data type** | **String** | - | **OMA-URI (case sensitive)** | **./User/Vendor/MSFT/Policy/Config/Start/StartLayout** | - | **Value** | Paste the contents of the Start layout .xml file that you created. | - -7. Click **OK** to save the setting and return to the **Create Policy** page. - -8. Click **Save Policy**. - -## Related topics - - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) - - - - diff --git a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md deleted file mode 100644 index 32d56a1ca6..0000000000 --- a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md +++ /dev/null @@ -1,132 +0,0 @@ ---- -title: Customize Windows 10 Start and taskbar with ICD and provisioning packages (Windows 10) -description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users. -ms.assetid: AC952899-86A0-42FC-9E3C-C25F45B1ACAC -keywords: ["Start layout", "start menu"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: medium ---- - -# Customize Windows 10 Start and taskbar with ICD and provisioning packages - - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - -**Looking for consumer information?** - -- [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - - - -In Windows 10 Pro, Windows 10 Mobile, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead. - ->[!NOTE] ->Taskbar configuration is available starting in Windows 10, version 1607. -> ->Start and taskbar configuration are available for Windows 10 Pro in version 1703. - ->[!IMPORTANT] ->If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy. - -**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions or [create a Start layout XML](start-layout-xml-mobile.md) for mobile. - -## How Start layout control works - - -Three features enable Start and taskbar layout control: - -- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. - - >[!NOTE]   - >To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet. - -- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration. - - -- In ICD, you use the **Start/StartLayout** setting to set the path to the .xml file that defines the Start and taskbar layout. - -## Create a provisioning package that contains a customized Start layout - - -Use the [Imaging and Configuration Designer (ICD) tool](https://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - ->[!IMPORTANT] ->When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -1. Open ICD (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). -<<<<<<< HEAD - -======= ->>>>>>> refs/remotes/origin/rs2 -2. Choose **Advanced provisioning**. - -3. Name your project, and click **Next**. - -4. Choose **All Windows desktop editions** and click **Next**. - -5. On **New project**, click **Finish**. The workspace for your package opens. - -6. Expand **Runtime settings** > **Start**, and click **StartLayout**. - - >[!TIP] - >If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**. - -7. Specify the path and file name of the Start layout .xml that you created with the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet. - -8. On the **File** menu, select **Save.** - -9. On the **Export** menu, select **Provisioning package**. - -10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** - -11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - -12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location. - - Optionally, you can click **Browse** to change the default output location. - -13. Click **Next**. - -14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -16. Copy the provisioning package to the target device. - -17. Double-click the ppkg file and allow it to install. - -## Related topics - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - -  - -  - - - - - diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md deleted file mode 100644 index 3f212de416..0000000000 --- a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md +++ /dev/null @@ -1,202 +0,0 @@ ---- -title: Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise (Windows 10) -description: A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. -ms.assetid: 35EC82D8-D9E8-45C3-84E9-B0C8C167BFF7 -keywords: kiosk, lockdown, assigned access -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile -author: jdeckerMS -localizationpriority: high ---- - -# Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise - - -**Applies to** - -- Windows 10 Mobile - -A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise for kiosk mode by using the Apps Corner feature. You can also use the Enterprise Assigned Access configuration service provider (CSP) to configure a kiosk experience. - -**Note**   -The specified app must be an above lock screen app. For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386). - -  - -## Apps Corner - - -Apps Corner lets you set up a custom Start screen on your Windows 10 Mobile or Windows 10 Mobile Enterprise device, where you can share only the apps you choose with the people you let use your device. You configure a device for kiosk mode by selecting a single app to use in Apps Corner. - ->[!NOTE] ->Apps Corner is only available in Windows 10 Mobile, version 1607, and earlier. - -**To set up Apps Corner** - -1. On Start ![start](images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](images/settingsicon.png) > **Accounts** > **Apps Corner**. - -2. Tap **Apps**, tap to select the app that you want people to use in the kiosk mode, and then tap done ![](images/doneicon.png) - -3. If your phone doesn't already have a lock screen password, you can set one now to ensure that people can't get to your Start screen from Apps Corner. Tap **Protect my phone with a password**, click **Add**, type a PIN in the **New PIN** box, type it again in the **Confirm PIN** box, and then tap **OK**. Press **Back** ![back](images/backicon.png) to the Apps Corner settings. - -4. Turn **Action center** on or off, depending on whether you want people to be able to use these features when using the device in kiosk mode. - -5. Tap **advanced**, and then turn features on or off, depending on whether you want people to be able to use them. - -6. Press **Back** ![back](images/backicon.png) when you're done. - -**To use Apps Corner** - -1. On Start ![start](images/starticon.png), swipe over to the App list, then tap **Settings** ![settings](images/settingsicon.png) > **Accounts** > **Apps Corner** > launch ![launch](images/launchicon.png). - - **Tip**   - Want to get to Apps Corner with one tap? In **Settings**, tap **Apps Corner** > **pin** to pin the Apps Corner tile to your Start screen. - -   - -2. Give the device to someone else, so they can use the device and only the one app you chose. - -3. When they're done and you get the device back, press and hold Power ![power](images/powericon.png), and then swipe right to exit Apps Corner. - -## Enterprise Assigned Access - - -Enterprise Assigned Access allows you to lock down your Windows 10 Mobile or Windows 10 Mobile Enterprise device in kiosk mode by creating a user role that has only a single app, set to run automatically, in the Allow list. - -**Note**  The app can be a Universal Windows app, Universal Windows Phone 8 app, or a legacy Silverlight app. - -  - -### Set up Enterprise Assigned Access in MDM - -In AssignedAccessXml, for Application, you enter the product ID for the app to run in kiosk mode. Find product IDs at [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md). - -[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](https://go.microsoft.com/fwlink/p/?LinkID=618601) - -### Set up assigned access using Windows Imaging and Configuration Designer (ICD) - -> **Important** -When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed. - -**To create and apply a provisioning package for a kiosk device** - -1. Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601). - - **Note**   - Do not escape the xml in *AssignedAccess*.xml file as Windows Imaging and Configuration Designer (ICD) will do that when building the package. Providing escaped xml in Windows ICD will cause building the package fail. - -   - -2. Open Windows ICD (by default, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`). -3. Choose **Advanced provisioning**. - - - -4. Name your project, and click **Next**. - -5. Choose **All Windows mobile editions** and click **Next**. - -6. On **New project**, click **Finish**. The workspace for your package opens. - -7. Expand **Runtime settings** > **EmbeddedLockdownProfiles**, and click **AssignedAccessXml**. - -8. Click **Browse** to select the *AssignedAccess*.xml file. - -9. On the **File** menu, select **Save.** - -10. On the **Export** menu, select **Provisioning package**. - -11. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** - -12. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package. - -13. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows ICD uses the project folder as the output location. - - Optionally, you can click **Browse** to change the default output location. - -14. Click **Next**. - -15. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. - - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. - -16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. - -17. Select the **output location** link to go to the location of the package. You can distribute that .ppkg to mobile devices using any of the following methods: - - - Removable media (USB/SD) - - **To apply a provisioning package from removable media** - - 1. Copy the provisioning package file to the root directory on a micro SD card. - - 2. On the device, insert the micro SD card containing the provisioning package. - - 3. Go to **Settings** > **Accounts** > **Provisioning.** - - 4. Tap **Add a package**. - - 5. On the **Choose a method** screen, in the **Add from** dropdown menu, select **Removable Media**. - - 6. Select a package will list all available provisioning packages on the micro SD card. Tap the desired package, and then tap **Add**. - - 7. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 8. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - - - Email - - **To apply a provisioning package sent in email** - - 1. Send the provisioning package in email to an account on the device. - - 2. Open the email on the device, and then double-tap the attached file. - - 3. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 4. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - - - USB tether (mobile only) - - **To apply a provisioning package using USB tether** - - 1. Connect the device to your PC by USB. - - 2. Select the provisioning package that you want to use to provision the device, and then drag and drop the file to your device. - - 3. The provisioning package installation dialog will appear on the phone. - - 4. You will see a message that tells you what the package will do the device, such as **Adding it will: Lock down the user interface**. Tap **Yes, add it**. - - 5. Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device. - - [Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012) - -## Related topics - - -[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) - -[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) - -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) - -  - -  - - - - - diff --git a/windows/manage/set-up-shared-or-guest-pc.md b/windows/manage/set-up-shared-or-guest-pc.md deleted file mode 100644 index 1d6256d6ea..0000000000 --- a/windows/manage/set-up-shared-or-guest-pc.md +++ /dev/null @@ -1,302 +0,0 @@ ---- -title: Set up a shared or guest PC with Windows 10 (Windows 10) -description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios. -keywords: ["shared pc mode"] -ms.prod: W10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Set up a shared or guest PC with Windows 10 - - -**Applies to** - -- Windows 10 - -Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise. - -> [!NOTE] -> If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education. - -##Shared PC mode concepts -A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. Users who sign-in are signed in as standard users, not admin users. - -###Account models -It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC as a standard user. The user who originally joined the PC to the domain will have administrative rights when they sign in. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Start without an account** option on the sign-in screen, which doesn't require any user credentials or authentication and creates a new local account. - -###Account management -When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Start without an account** option. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. - -###Maintenance and sleep -Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not is use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods. - -While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates. Use one of the following methods to configure Windows Update: - -- Group Policy: Set **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** to `4` and check **Install during automatic maintenance**. -- MDM: Set **Update/AllowAutoUpdate** to `4`. -- Provisioning: In Windows Imaging and Configuration Designer (ICD), set **Policies/Update/AllowAutoUpdate** to `4`. - -[Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_AllowAutoUpdate) - -###App behavior - -Apps can take advantage of shared PC mode by changing their app behavior to align with temporary use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first-run experiences. For information on how an app can query for shared PC mode, see [SharedModeSettings class](https://msdn.microsoft.com/en-us/library/windows/apps/windows.system.profile.sharedmodesettings.aspx). - -###Customization -Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring shared PC mode on Windows](#configuring-shared-pc-mode-on-windows). The options are listed in the following table. - -| Setting | Value | -|:---|:---| -| EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. | -| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. Specifying the guest option will add the **Start without an account** option to the sign-in screen and enable anonymous guest access to the PC.
- **Only guest** allows anyone to use the PC as a local standard (non-admin) account.
- **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.
- **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. | -| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out.
- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.

Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. | -| AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. | -| AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. | -| AccountManagement: EnableAccountManager | Set as **True** to enable automatic account management. If this is not set to true, no automatic account management will be done. | -| Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value. | -| Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. When **SetEduPolicies** is **True**, the following additional settings are applied:
- Local storage locations are restricted. Users can only save files to the cloud.
- Custom Start and taskbar layouts are set.\*
- A custom sign-in screen background image is set.\*
- Additional educational policies are applied (see full list below).

\*Only applies to Windows 10 Pro Education, Enterprise, and Education | -| Customization: SetPowerPolicies | When set as **True**:
- Prevents users from changing power settings
- Turns off hibernate
- Overrides all power state transitions to sleep (e.g. lid close) | -| Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep. | -| Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies. | - - -##Configuring shared PC mode on Windows -You can configure Windows to be in shared PC mode in a couple different ways: -- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune) - -![custom OMA-URI policy in Intune](images/oma-uri-shared-pc.png) - -- A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx), exposed in Windows Configuration Designer as SharedPC. - -![Shared PC settings in ICD](images/icd-adv-shared-pc.png) - - -### Create a provisioning package for shared use - -Use Windows Configuration Designer to create a provisioning package that configures a device for shared PC mode. [Install Windows Configuration Designer.](https://technet.microsoft.com/itpro/windows/deploy/provisioning-install). - -1. Open Windows Configuration Designer. - -2. On the **Start page**, select **Advanced provisioning**. - -3. Enter a name and (optionally) a description for the project, and click **Next**. - -4. Select **All Windows desktop editions**, and click **Next**. - -5. Click **Finish**. - -6. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization) - -7. On the **File** menu, select **Save.** -8. On the **Export** menu, select **Provisioning package**. -9. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.** -10. Set a value for **Package Version**. - > [!TIP] - > You can make changes to existing packages and change the version number to update previously applied packages. -   -11. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. - - > [!IMPORTANT]   - > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently. -   -12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location. - Optionally, you can click **Browse** to change the default output location. -13. Click **Next**. -14. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status. - If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**. -15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again. - If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. - - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build. - - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**. -16. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods: - - - Shared network folder - - - SharePoint site - - - Removable media (USB/SD) (select this option to apply to a PC during initial setup) - - -### Apply the provisioning package - -You can apply the provisioning package to a PC during initial setup or to a PC that has already been set up. - -**During initial setup** -1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**. - - ![The first screen to set up a new PC](images/oobe.jpg) - -2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**. - - ![Set up device?](images/setupmsg.jpg) - -3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**. - - ![Provision this device](images/prov.jpg) - -4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**. - - ![Choose a package](images/choose-package.png) - -5. Select **Yes, add it**. - - ![Do you trust this package?](images/trust-package.png) - -6. Read and accept the Microsoft Software License Terms. - - ![Sign in](images/license-terms.png) - -7. Select **Use Express settings**. - - ![Get going fast](images/express-settings.png) - -8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**. - - ![Who owns this PC?](images/who-owns-pc.png) - -9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**. - - ![Connect to Azure AD](images/connect-aad.png) - -10. Sign in with your domain, Azure AD, or Office 365 account and password. When you see the progress ring, you can remove the USB drive. - - ![Sign in](images/sign-in-prov.png) - - -**After setup** - -On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and selects the package to install. - -![add a package option](images/package.png) - -> [!NOTE] -> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost. - -## Guidance for accounts on shared PCs - -* We recommend no local admin accounts on the PC to improve the reliability and security of the PC. -* When a PC is set up in shared PC mode, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Start without an account** will also be deleted automatically at sign out. -* On a Windows PC joined to Azure Active Directory: - * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC. - * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal. -* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new local accounts created by the **Start without an account** selection on the sign-in screen (if enabled) will automatically be deleted at sign-out. -* If admin accounts are necessary on the PC - * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or - * Create admin accounts before setting up shared PC mode, or - * Create exempt accounts before signing out when turning shared pc mode on. -* The account management service supports accounts that are exempt from deletion. - * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key. - * To add the account SID to the registry key using PowerShell:
- ``` - $adminName = "LocalAdmin" - $adminPass = 'Pa$$word123' - iex "net user /add $adminName $adminPass" - $user = New-Object System.Security.Principal.NTAccount($adminName) - $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) - $sid = $sid.Value; - New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force - ``` - - - - -## Policies set by shared PC mode -Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options. - -> [!IMPORTANT] -> It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Policy name

Value

When set?

Admin Templates > Control Panel > Personalization

Prevent enabling lock screen slide show

Enabled

Always

Prevent changing lock screen and logon image

Enabled

Always

Admin Templates > System > Power Management > Button Settings

Select the Power button action (plugged in)

Sleep

SetPowerPolicies=True

Select the Power button action (on battery)

Sleep

SetPowerPolicies=True

Select the Sleep button action (plugged in)

Sleep

SetPowerPolicies=True

Select the lid switch action (plugged in)

Sleep

SetPowerPolicies=True

Select the lid switch action (on battery)

Sleep

SetPowerPolicies=True

Admin Templates > System > Power Management > Sleep Settings

Require a password when a computer wakes (plugged in)

Enabled

SignInOnResume=True

Require a password when a computer wakes (on battery)

Enabled

SignInOnResume=True

Specify the system sleep timeout (plugged in)

*SleepTimeout*

SetPowerPolicies=True

Specify the system sleep timeout (on battery)

*SleepTimeout*

SetPowerPolicies=True

Turn off hybrid sleep (plugged in)

Enabled

SetPowerPolicies=True

Turn off hybrid sleep (on battery)

Enabled

SetPowerPolicies=True

Specify the unattended sleep timeout (plugged in)

*SleepTimeout*

SetPowerPolicies=True

Specify the unattended sleep timeout (on battery)

*SleepTimeout*

SetPowerPolicies=True

Allow standby states (S1-S3) when sleeping (plugged in)

Enabled

SetPowerPolicies=True

Allow standby states (S1-S3) when sleeping (on battery)

Enabled

SetPowerPolicies=True

Specify the system hibernate timeout (plugged in)

Enabled, 0

SetPowerPolicies=True

Specify the system hibernate timeout (on battery)

Enabled, 0

SetPowerPolicies=True

Admin Templates>System>Power Management>Video and Display Settings

Turn off the display (plugged in)

*SleepTimeout*

SetPowerPolicies=True

Turn off the display (on battery

*SleepTimeout*

SetPowerPolicies=True

Admin Templates>System>Logon

Show first sign-in animation

Disabled

Always

Hide entry points for Fast User Switching

Enabled

Always

Turn on convenience PIN sign-in

Disabled

Always

Turn off picture password sign-in

Enabled

Always

Turn off app notification on the lock screen

Enabled

Always

Allow users to select when a password is required when resuming from connected standby

Disabled

SignInOnResume=True

Block user from showing account details on sign-in

Enabled

Always

Admin Templates>System>User Profiles

Turn off the advertising ID

Enabled

SetEduPolicies=True

Admin Templates>Windows Components

Do not show Windows Tips

*Only on Pro, Enterprise, Pro Education, and Education*

Enabled

SetEduPolicies=True

Turn off Microsoft consumer experiences

*Only on Pro, Enterprise, Pro Education, and Education*

Enabled

SetEduPolicies=True

Microsoft Passport for Work

Disabled

Always

Prevent the usage of OneDrive for file storage

Enabled

Always

Admin Templates>Windows Components>Biometrics

Allow the use of biometrics

Disabled

Always

Allow users to log on using biometrics

Disabled

Always

Allow domain users to log on using biometrics

Disabled

Always

Admin Templates>Windows Components>Data Collection and Preview Builds

Toggle user control over Insider builds

Disabled

Always

Disable pre-release features or settings

Disabled

Always

Do not show feedback notifications

Enabled

Always

Admin Templates>Windows Components>File Explorer

Show lock in the user tile menu

Disabled

Always

Admin Templates>Windows Components>Maintenance Scheduler

Automatic Maintenance Activation Boundary

*MaintenanceStartTime*

Always

Automatic Maintenance Random Delay

Enabled, 2 hours

Always

Automatic Maintenance WakeUp Policy

Enabled

Always

Admin Templates>Windows Components>Microsoft Edge

Open a new tab with an empty tab

Disabled

SetEduPolicies=True

Configure corporate home pages

Enabled, about:blank

SetEduPolicies=True

Admin Templates>Windows Components>Search

Allow Cortana

Disabled

SetEduPolicies=True

Windows Settings>Security Settings>Local Policies>Security Options

Interactive logon: Do not display last user name

Enabled, Disabled when account model is only guest

Always

Interactive logon: Sign-in last interactive user automatically after a system-initiated restart

Disabled

Always

Shutdown: Allow system to be shut down without having to log on

Disabled

Always

User Account Control: Behavior of the elevation prompt for standard users

Auto deny

Always



- - - -## Related topics - -[Set up a device for anyone to use (kiosk)](set-up-a-device-for-anyone-to-use.md) - - -  - -  - - - - - diff --git a/windows/manage/settings-that-can-be-locked-down.md b/windows/manage/settings-that-can-be-locked-down.md deleted file mode 100644 index 6e0e342400..0000000000 --- a/windows/manage/settings-that-can-be-locked-down.md +++ /dev/null @@ -1,499 +0,0 @@ ---- -title: Settings and quick actions that can be locked down in Windows 10 Mobile (Windows 10) -description: This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. -ms.assetid: 69E2F202-D32B-4FAC-A83D-C3051DF02185 -keywords: ["lockdown"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -ms.pagetype: mobile -author: jdeckerMS -localizationpriority: high ---- - -# Settings and quick actions that can be locked down in Windows 10 Mobile - - -**Applies to** - -- Windows 10 Mobile - -This topic lists the settings and quick actions that can be locked down in Windows 10 Mobile. - -## Settings lockdown in Windows 10, version 1703 - -In earlier versions of Windows 10, you used the page name to define allowed settings. Starting in Windows 10, version 1703, you use the settings URI. - -For example, in place of **SettingsPageDisplay**, you would use **ms-settings:display**. - -See the [ms-settings: URI scheme reference](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each Settings page. - -## Settings lockdown in Windows 10, version 1607 and earlier - - -You can use Lockdown.xml to configure lockdown settings. - -The following table lists the settings pages and page groups. Use the page name in the Settings section of Lockdown.xml. The Settings section contains an allow list of pages in the Settings app. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Main menuSub-menuPage name
SystemSettingsPageGroupPCSystem
DisplaySettingsPageDisplay
Notifications & actionsSettingsPageAppsNotifications
PhoneSettingsPageCalls
MessagingSettingsPageMessaging
BatterySettingsPageBatterySaver
Apps for websitesSettingsPageAppsForWebsites
StorageSettingsPageStorageSenseStorageOverview
Driving modeSettingsPageDrivingMode
Offline mapsSettingsPageMaps
AboutSettingsPagePCSystemInfo
DevicesSettingsPageGroupDevices
Default cameraSettingsPagePhotos
BluetoothSettingsPagePCSystemBluetooth
NFCSettingsPagePhoneNFC
MouseSettingsPageMouseTouchpad
USBSettingsPageUsb
Network and wirelessSettingsPageGroupNetwork
Cellular & SIMSettingsPageNetworkCellular
Wi-FiSettingsPageNetworkWiFi
Airplane modeSettingsPageNetworkAirplaneMode
Data usageSettingsPageDataSenseOverview
Mobile hotspotSettingsPageNetworkMobileHotspot
VPNSettingsPageNetworkVPN
PersonalizationSettingsPageGroupPersonalization
StartSettingsPageBackGround
ColorsSettingsPageColors
SoundsSettingsPageSounds
Lock screenSettingsPageLockscreen
Glance screenSettingsPageGlance
Navigation barSettingsNagivationBar
AccountsSettingsPageGroupAccounts
Your infoSettingsPageAccountsPicture
Sign-in optionsSettingsPageAccountsSignInOptions
Email & app accountsSettingsPageAccountsEmailApp
Access work or schoolSettingsPageWorkAccess
Sync your settingsSettingsPageAccountsSync

Apps corner

-

(disabled in Assigned Access)

SettingsPageAppsCorner
Time & languageSettingsPageGroupTimeRegion
Date & timeSettingsPageTimeRegionDateTime
LanguageSettingsPageTimeLanguage
RegionSettingsPageTimeRegion
KeyboardSettingsPageKeyboard
SpeechSettingsPageSpeech
Ease of accessSettingsPageGroupEaseOfAccess
NarratorSettingsPageEaseOfAccessNarrator
MagnifierSettingsPageEaseOfAccessMagnifier
High contrastSettingsPageEaseOfAccessHighContrast
Closed captionsSettingsPageEaseOfAccessClosedCaptioning
More optionsSettingsPageEaseOfAccessMoreOptions
PrivacySettingsPageGroupPrivacy
LocationSettingsPagePrivacyLocation
CameraSettingsPagePrivacyWebcam
MicrophoneSettingsPagePrivacyMicrophone
MotionSettingsPagePrivacyMotionData
NotificationsSettingsPagePrivacyNotifications
Speech. inking, & typingSettingsPagePrivacyPersonalization
Account infoSettingsPagePrivacyAccountInfo
ContactsSettingsPagePrivacyContacts
CalendarSettingsPagePrivacyCalendar
Phone callsSettingsPagePrivacyPhoneCall
Call historySettingsPagePrivacyCallHistory
EmailSettingsPagePrivacyEmail
MessagingSettingsPagePrivacyMessaging
RadiosSettingsPagePrivacyRadios
Continue App ExperiencesSettingsPagePrivacyCDP
Background appsSettingsPagePrivacyBackgroundApps
Accessory appsSettingsPageAccessories
Advertising IDSettingsPagePrivacyAdvertisingId
Other devicesSettingsPagePrivacyCustomPeripherals
Feedback and diagnosticsSettingsPagePrivacySIUFSettings
Update and securitySettingsPageGroupRestore
Phone updateSettingsPageRestoreMusUpdate
Windows Insider ProgramSettingsPageFlights
Device encryptionSettingsPageGroupPCSystemDeviceEncryption
BackupSettingsPageRestoreOneBackup
Find my phoneSettingsPageFindMyDevice
For developersSettingsPageSystemDeveloperOptions
OEMSettingsPageGroupExtensibility
ExtensibilitySettingsPageExtensibility
- -  - -## Quick actions lockdown - - -Quick action buttons are locked down in exactly the same way as Settings pages/groups. By default they are always conditional. - -You can specify the quick actions as follows: - -``` syntax - - - - - - - - - - - - - - - - - - -``` - - - -  - -## Related topics - - -[Configure Windows 10 Mobile using Lockdown XML](lockdown-xml.md) - -[Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md) - -  - -  - - - - - diff --git a/windows/manage/start-layout-xml-desktop.md b/windows/manage/start-layout-xml-desktop.md deleted file mode 100644 index 9d91db50a4..0000000000 --- a/windows/manage/start-layout-xml-desktop.md +++ /dev/null @@ -1,487 +0,0 @@ ---- -title: Start layout XML for desktop editions of Windows 10 (Windows 10) -description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions. -keywords: ["start screen"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Start layout XML for desktop editions of Windows 10 (reference) - - -**Applies to** - -- Windows 10 - ->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - -On Windows 10 for desktop editions (Pro, Enterprise, Education), the customized Start works by: - -- Windows 10 checks the chosen base default layout, such as the desktop edition and whether Cortana is supported for the country/region. - -- Windows 10 reads the LayoutModification.xml file and allows groups to be appended to Start. The groups have the following constraints: - - 2 groups that are 6 columns wide, or equivalent to the width of 3 medium tiles. - - 2 medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row. - - No limit to the number of apps that can be pinned. There is a theoretical limit of 24 tiles per group (4 small tiles per medium square x 3 columns x 2 rows). - -## LayoutModification XML - -IT admins can provision the Start layout using a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles. The easiest method for creating a LayoutModification.xml file is by using the Export-StartLayout cmdlet; see [Customize and export Start layout](customize-and-export-start-layout.md) for instructions. - ->[!NOTE] ->To make sure the Start layout XML parser processes your file correctly, follow these guidelines when working with your LayoutModification.xml file: ->- Do not leave spaces or white lines in between each element. ->- Do not add comments inside the StartLayout node or any of its children elements. ->- Do not add multiple rows of comments. - -The following table lists the supported elements and attributes for the LayoutModification.xml file. - -| Element | Attributes | Description | -| --- | --- | --- | -| LayoutModificationTemplate | xmlns
xmlns:defaultlayout
xmlns:start
Version | Use to describe the changes to the default Start layout | -| [LayoutOptions](#layoutoptions)

Parent:
LayoutModificationTemplate | StartTileGroupsColumnCount
FullScreenStart | Use to specify:
- Whether to use full screen Start on the desktop
- The number of tile columns in the Start menu | -| RequiredStartGroupsCollection

Parent:
LayoutModificationTemplate | n/a | Use to contain collection of RequiredStartGroups | -| [RequiredStartGroups](#requiredstartgroups)

Parent:
RequiredStartGroupsCollection | Region | Use to contain the AppendGroup tags, which represent groups that can be appended to the default Start layout | -| [AppendGroup](#appendgroup)

Parent:
RequiredStartGroups | Name | Use to specify the tiles that need to be appended to the default Start layout | -| [start:Tile](#specify-start-tiles)

Parent:
AppendGroup | AppUserModelID
Size
Row
Column | Use to specify any of the following:
- A Universal Windows app
- A Windows 8 or Windows 8.1 app | -| start:DesktopApplicationTile

Parent:
AppendGroup | DesktopApplicationID
DesktopApplicationLinkPath
Size
Row
Column | Use to specify any of the following:
- A Windows desktop application with a known AppUserModelID
- An application in a known folder with a link in a legacy Start Menu folder
- A Windows desktop application link in a legacy Start Menu folder
- A Web link tile with an associated .url file that is in a legacy Start Menu folder | -| start:SecondaryTile

Parent:
AppendGroup | AppUserModelID
TileID
Arguments
DisplayName
Square150x150LogoUri
ShowNameOnSquare150x150Logo
ShowNameOnWide310x150Logo
Wide310x150LogoUri
BackgroundColor
ForegroundText
IsSuggestedApp
Size
Row
Column | Use to pin a Web link through a Microsoft Edge secondary tile | -| TopMFUApps

Parent:
LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area | -| Tile

Parent:
TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID | -| DesktopApplicationTile

Parent:
TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID | -| AppendOfficeSuite

Parent:
LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start

Do not use this tag with AppendDownloadOfficeTile | -| AppendDownloadOfficeTile

Parent:
LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in Start

Do not use this tag with AppendOfficeSuite | - -### LayoutOptions - -New devices running Windows 10 for desktop editions will default to a Start menu with 2 columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features: - -- Boot to tablet mode can be set on or off. -- Set full screen Start on desktop to on or off. - To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false. -- Specify the number of columns in the Start menu to 1 or 2. - To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2. - -The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use 1 column in the Start menu: - -```XML - - - -``` - -For devices being upgraded to Windows 10 for desktop editions: - -- Devices being upgraded from Windows 7 will default to a Start menu with 1 column. -- Devices being upgraded from Windows 8.1 or Windows 8.1 Upgrade will default to a Start menu with 2 columns. - -### RequiredStartGroups - -The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout. - ->[!IMPORTANT] ->For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag. - -You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you are using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example: - -```XML - -``` - -If the country/region setting for the Windows device matches a **RequiredStartGroups**, then the tiles laid out within the **RequiredStartGroups** is applied to Start. - -If you specify a region-agnostic **RequiredStartGroups** (or one without the optional Region attribute) then the region-agnostic **RequiredStartGroups** is applied to Start. - -### AppendGroup - -**AppendGroup** tags specify a group of tiles that will be appended to Start. There is a maximum of two **AppendGroup** tags allowed per **RequiredStartGroups** tag. - -For Windows 10 for desktop editions, AppendGroup tags contain start:Tile, start:DesktopApplicationTile, or start:SecondaryTile tags. - -You can specify any number of tiles in an **AppendGroup**, but you cannot specify a tile with a **Row** attribute greater than 4. The Start layout does not support overlapping tiles. - -### Specify Start tiles - -To pin tiles to Start, partners must use the right kind of tile depending on what you want to pin. - -#### Tile size and coordinates - -All tile types require a size (**Size**) and coordinates (**Row** and **Column**) attributes regardless of the tile type that you use when prepinning items to Start. - -The following table describes the attributes that you must use to specify the size and location for the tile. - -| Attribute | Description | -| --- | --- | -| Size | Determines how large the tile will be.

- 1x1 - small tile
- 2x2 - medium tile
- 4x2 - wide tile
- 4x4 - large tile | -| Row | Specifies the row where the tile will appear. | -| Column | Specifies the column where the tile will appear. | - -For example, a tile with Size="2x2", Row="2", and Column="2" results in a tile located at (2,2) where (0,0) is the top-left corner of a group. - -#### start:Tile - -You can use the **start:Tile** tag to pin any of the following apps to Start: - -- A Universal Windows app -- A Windows 8 app or Windows 8.1 app - -To specify any one of these apps, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app. - -The following example shows how to pin the Microsoft Edge Universal Windows app: - - ```XML - - ``` - -#### start:DesktopApplicationTile - -You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop application to Start. There are two ways you can specify a Windows desktop application: - -- By using a path to a shortcut link (.lnk file) to a Windows desktop application. - - To pin a Windows desktop application through this method, you must first add the .lnk file in the specified location when the device first boots. - - The following example shows how to pin the Command Prompt: - - ```XML - - ``` - - You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables. - - If you are pointing to a third-party Windows desktop application, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\". - -- By using the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option. - - To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app. - - The following example shows how to pin the Internet Explorer Windows desktop application: - - ```XML - - ``` - - -You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile. - -To pin a legacy .url shortcut to Start, you must create .url file (right-click on the desktop, select **New** > **Shortcut**, and then type a Web URL). You must add this .url file in a legacy Start Menu directory before first boot; for example, `%APPDATA%\Microsoft\Windows\Start Menu\Programs\` or the all users profile `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\`. - -The following example shows how to create a tile of the Web site's URL, which you can treat similarly to a Windows desktop application tile: - -```XML - -``` - -#### start:SecondaryTile - -You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. This method doesn't require any additional action compared to the method of using legacy .url shortcuts (through the start:DesktopApplicationTile tag). - -The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile: - -```XML - -``` - -The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to *8Size**, **Row**, and *8Column**. - -| Attribute | Required/optional | Description | -| --- | --- | --- | -| AppUserModelID | Required | Must point to Microsoft Edge. | -| TileID | Required | Must uniquely identify your Web site tile. | -| Arguments | Required | Must contain the URL of your Web site. | -| DisplayName | Required | Must specify the text that you want users to see. | -| Square150x150LogoUri | Required | Specifies the logo to use on the 2x2 tile. | -| Wide310x150LogoUri | Optional | Specifies the logo to use on the 4x2 tile. | -| ShowNameOnSquare150x150Logo | Optional | Specifies whether the display name is shown on the 2x2 tile. The values you can use for this attribute are true or false. | -| ShowNameOnWide310x150Logo | Optional | Specifies whether the display name is shown on the 4x2 tile. The values you can use for this attribute are true or false. | -| BackgroundColor | Optional | Specifies the color of the tile. You can specify the value in ARGB hexadecimal (for example, #FF112233) or specify "transparent". | -| ForegroundText | Optional | Specifies the color of the foreground text. Set the value to either "light" or "dark". | - -Secondary Microsoft Edge tiles have the same size and location behavior as a Universal Windows app, Windows 8 app, or Windows 8.1 app. - -#### TopMFUApps - -You can use the **TopMFUApps** tag to add up to 3 default apps to the frequently used apps section in the system area, which delivers system-driven lists to the user including important or frequently accessed system locations and recently installed apps. - -You can use this tag to add: - -- Apps with an **AppUserModelID** attribute - This includes Windows desktop applications that have a known application user model ID. Use a **Tile** tag with the **AppUserModelID** attribute set to the app's application user model ID. -- Apps without a **AppUserModelID** attribute - For these apps, you must create a .lnk file that points to the installed app and place the .lnk file in the `%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs` directory. Use a **DesktopApplicationTile** tag with the **LinkFilePath** attribute set to the .lnk file name and path. - -The following example shows how to modify your LayoutModification.xml file to add both kinds of apps to the system area in Start: - - ```XML - - - - - - - -``` - -#### AppendOfficeSuite - -You can use the **AppendOfficeSuite** tag to add the in-box installed Office suite of apps to Start. - -The following example shows how to add the **AppendOfficeSuite** tag to your LayoutModification.xml file to append the full Universal Office suite to Start: - -```XML - - - -``` - -#### AppendDownloadOfficeTile - -You can use the **AppendDownloadOfficeTile** tag to append the Office trial installer to Start. This tag adds the Download Office tile to Start and the download tile will appear at the bottom right-hand side of the second group. - -The following example shows how to add the **AppendDownloadOfficeTile** tag to your LayoutModification.xml file: - -```XML - - - -``` - -## Sample LayoutModification.xml - -The following sample LayoutModification.xml shows how you can configure the Start layout for devices running Windows 10 for desktop editions: - -```XML - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -## Use Windows Provisioning multivariant support - -The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see [Create a provisioning package with multivariant settings](https://msdn.microsoft.com/library/windows/hardware/dn916108.aspx). - -The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against. - -For example, if you want to ensure that there's a specific layout for a certain condition, you can: -1. Create a specific layout customization file and then name it LayoutCustomization1.xml. -2. Include the file as part of your provisioning package. -3. Create your multivariant target and reference the XML file within the target condition in the main customization XML file. - -The following example shows what the overall customization file might look like with multivariant support for Start: - -```XML - - - - {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} - My Provisioning Package - 1.0 - OEM - 50 - - - - - - - - - - - - - - - - - 1 - 1 - 1 - - - 1 - - - - - - - - - c:\users\\appdata\local\Microsoft\Windows\Shell\LayoutCustomization1.XML - - 1 - - - - - - -``` - -When the condition is met, the provisioning engine takes the XML file and places it in the location that the operating system has set and then the Start subsystem reads the file and applies the specific customized layout. - -You must repeat this process for all variants that you want to support so that each variant can have a distinct layout for each of the conditions and targets that need to be supported. For example, if you add a **Language** condition, you can create a Start layout that has its own localized group. - -## Add the LayoutModification.xml file to the device - -Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 for desktop editions, you can use Windows ICD methods to add the XML file to the device. - -1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting. -2. In the middle pane, click **Browse** to open File Explorer. -3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. -4. Select the file and then click **Open**. - -This should set the value of **StartLayout**. The setting appears in the **Selected customizations** pane. - ->[!NOTE] ->There is currently no way to add the .url and .lnk files through Windows ICD. - -Once you have created the LayoutModification.xml file and it is present in the device, the system overrides the base default layout and any Unattend settings used to customize Start. - - - - - - - - - - - - -## Related topics - - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) -  - -  - - - - - diff --git a/windows/manage/start-layout-xml-mobile.md b/windows/manage/start-layout-xml-mobile.md deleted file mode 100644 index c7815236c9..0000000000 --- a/windows/manage/start-layout-xml-mobile.md +++ /dev/null @@ -1,386 +0,0 @@ ---- -title: Start layout XML for mobile editions of Windows 10 (Windows 10) -description: This topic describes the options for customizing Start layout in LayoutModification.xml for Windows 10 mobile editions. -keywords: ["start screen"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Start layout XML for mobile editions of Windows 10 (reference) - - -**Applies to** - -- Windows 10 - ->**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630) - - -On Windows 10 Mobile, you can use the XML-based layout to modify the Start screen and provide the most robust and complete Start customization experience. - -On Windows 10 Mobile, the customized Start works by: - -- Windows 10 performs checks to determine the correct base default layout. The checks include the mobile edition, whether the device is dual SIM, the column width, and whether Cortana is supported for the country/region. -- Windows 10 ensures that it does not overwrite the layout that you have set and will sequence the level checks and read the file layout such that any multivariant settings that you have set is not overwritten. -- Windows 10 reads the LayoutModification.xml file and appends the group to the Start screen. - -## Default Start layouts - -The following diagrams show the default Windows 10, version 1607 Start layouts for single SIM and dual SIM devices with Cortana support, and single SIM and dual SIM devices with no Cortana support. - -![Start layout for Windows 10 Mobile](images\mobile-start-layout.png) - -The diagrams show: - -- Tile coordinates - These are determined by the row number and the column number. -- Fold - Tiles "above the fold" are visible when users first navigate to the Start screen. Tiles "below the fold" are visible after users scroll up. -- Partner-customizable tiles - OEM and mobile operator partners can customize these areas of the Start screen by prepinning content. The partner configurable slots are: - - Rows 6-9 - - Rows 16-19 - -## LayoutModification XML - -IT admins can provision the Start layout by creating a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles. - ->[!NOTE] ->To make sure the Start layout XML parser processes your file correctly, follow these guidelines when writing your LayoutModification.xml file: ->- Do not leave spaces or white lines in between each element. ->- Do not add comments inside the StartLayout node or any of its children elements. ->- Do not add multiple rows of comments. - -The following table lists the supported elements and attributes for the LayoutModification.xml file. - -| Element | Attributes | Description | -| --- | --- | --- | -| LayoutModificationTemplate | xmlns
xmlns:defaultlayout
xmlns:start
Version | Use to describe the changes to the default Start layout. | -| DefaultLayoutOverride

Parent:
LayoutModificationTemplate | n/a | Use to specify the customized Start layout for mobile devices. | -| StartLayoutCollection

Parent:
DefaultLayoutOverride | n/a | Use to contain a collection of Start layouts. | -| StartLayout

Parent:
StartLayoutCollection | n/a | Use to specify the tile groups that will be appended to the Start screen. | -| start:Group

Parent:
StartLayout | Name | Use to specify the tiles that need to be appended to the default Start layout. | -| start:Tile

Parent:
start:Group | AppUserModelID
Size
Row
Column | Use to specify any Universal Windows app that has a valid **AppUserModelID** attribute. | -| start:SecondaryTile

Parent:
start:Group | AppUserModelID
TileID
Arguments
DisplayName
Square150x150LogoUri
ShowNameOnSquare150x150Logo
ShowNameOnWide310x150Logo
Wide310x150LogoUri
BackgroundColor
ForegroundText
IsSuggestedApp
Size
Row
Column | Use to pin a Web link through a Microsoft Edge secondary tile. | -| start:PhoneLegacyTile

Parent:
start:Group | ProductID
Size
Row
Column | Use to add a mobile app that has a valid **ProductID** attribute. | -| start:Folder

Parent:
start:Group | Name
Size
Row
Column | Use to add a folder to the mobile device's Start screen. | -| RequiredStartTiles

Parent:
LayoutModificationTemplate | n/a | Use to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore. | - -### start:Group - -**start:Group** tags specify a group of tiles that will be appended to Start. You can set the **Name** attribute to specify a name for the Start group. - ->[!NOTE] ->Windows 10 Mobile only supports one Start group. - - For Windows 10 Mobile, **start:Group** tags can contain the following tags or elements: - -- **start:Tile** -- **start:SecondaryTile** -- **start:PhoneLegacyTile** -- **start:Folder** - -### Specify Start tiles - -To pin tiles to Start, you must use the right kind of tile depending on what you want to pin. - -#### Tile size and coordinates - -All tile types require a size (**Size**) and coordinates (**Row** and **Column**) attributes regardless of the tile type that you use when prepinning items to Start. - -The following table describes the attributes that you must use to specify the size and location for the tile. - -| Attribute | Description | -| --- | --- | -| Size | Determines how large the tile will be.
- 1x1 - small tile
- 2x2 - medium tile
- 4x2 - wide tile
- 4x4 - large tile | -| Row | Specifies the row where the tile will appear. | -| Column | Specifies the column where the tile will appear. | - -For example, a tile with Size="2x2", Row="2", and Column="2" results in a tile located at (2,2) where (0,0) is the top-left corner of a group. - -#### start:Tile - -You can use the **start:Tile** tag to pin a Universal Windows app to Start. - -To specify an app, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app. - -The following example shows how to pin the Microsoft Edge Universal Windows app: - -```XML - -``` - -#### start:SecondaryTile - -You can use the **start:SecondaryTile** tag to pin a Web link through a Microsoft Edge secondary tile. - -The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile: - -```XML - -``` - -The following table describes the other attributes that you can use with the **start:SecondaryTile** tag in addition to **Size**, **Row**, and **Column**. - -| Attribute | Required/optional | Description | -| --- | --- | --- | -| AppUserModelID | Required | Must point to Microsoft Edge. | -| TileID | Required | Must uniquely identify your Web site tile. | -| Arguments | Required | Must contain the URL of your Web site. | -| DisplayName | Required | Must specify the text that you want users to see. | -| Square150x150LogoUri | Required | Specifies the logo to use on the 2x2 tile. | -| Wide310x150LogoUri | Optional | Specifies the logo to use on the 4x2 tile. | -| ShowNameOnSquare150x150Logo | Optional | Specifies whether the display name is shown on the 2x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. | -| ShowNameOnWide310x150Logo | Optional | Specifies whether the display name is shown on the 4x2 tile. You can set the value for this attribute to true or false. By default, this is set to false. | -| BackgroundColor | Optional | Specifies the color of the tile. You can specify the value in ARGB hexadecimal (for example, #FF112233) or specify "transparent". | -| ForegroundText | Optional | Specifies the color of the foreground text. Set the value to either "light" or "dark". | - - Secondary Microsoft Edge tiles have the same size and location behavior as a Universal Windows app. - -#### start:PhoneLegacyTile - -You can use the **start:PhoneLegacyTile** tag to add a mobile app that has a valid ProductID, which you can find in the app's manifest file. The **ProductID** attribute must be set to the GUID of the app. - -The following example shows how to add a mobile app with a valid ProductID using the start:PhoneLegacyTile tag: - -```XML - -``` - -#### start:Folder - -You can use the **start:Folder** tag to add a folder to the mobile device's Start screen. - -You must set these attributes to specify the size and location of the folder: **Size**, **Row**, and **Column**. - -Optionally, you can also specify a folder name by using the **Name** attribute. If you specify a name, set the value to a string. - -The position of the tiles inside a folder is relative to the folder. You can add any of the following tile types to the folder: - -- Tile - Use to pin a Universal Windows app to Start. -- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. -- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID. - -The following example shows how to add a medium folder that contains two apps inside it: - -```XML - - - - -``` - -#### RequiredStartTiles - -You can use the **RequiredStartTiles** tag to specify the tiles that will be pinned to the bottom of the Start screen even if a restored Start screen does not have the tiles during backup or restore. - ->[!NOTE] ->Enabling this Start customization may be disruptive to the user experience. - -For Windows 10 Mobile, **RequiredStartTiles** tags can contain the following tags or elements. These are similar to the tiles supported in **start:Group**. - -- Tile - Use to pin a Universal Windows app to Start. -- SecondaryTile - Use to pin a Web link through a Microsoft Edge secondary tile. -- PhoneLegacyTile - Use to pin a mobile app that has a valid ProductID. -- Folder - Use to pin a folder to the mobile device's Start screen. - -Tiles specified within the **RequiredStartTiles** tag have the following behavior: - -- The partner-pinned tiles will begin in a new row at the end of the user-restored Start screen. -- If there’s a duplicate tile between what the user has in their Start screen layout and what the OEM has pinned to the Start screen, only the app or tile shown in the user-restored Start screen layout will be shown and the duplicate tile will be omitted from the pinned partner tiles at the bottom of the Start screen. - -The lack of duplication only applies to pinned apps. Pinned Web links may be duplicated. - -- If partners have prepinned folders to the Start screen, Windows 10 treats these folders in the same way as appended apps on the Start screen. Duplicate folders will be removed. -- All partner tiles that are appended to the bottom of the user-restored Start screen will be medium-sized. There will be no gaps in the appended partner Start screen layout. Windows 10 will shift tiles accordingly to prevent gaps. - -## Sample LayoutModification.xml - -The following sample LayoutModification.xml shows how you can configure the Start layout for devices running Windows 10 Mobile: - -```XML - - - - - - - - - - - - - - - - - - - -``` - -## Use Windows Provisioning multivariant support - -The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see Create a provisioning package with multivariant settings. - -The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provsioning engine will always output "LayoutCustomization.xml" so that the OS has a consistent file name to query against. - -For example, if you want to ensure that there's a specific layout for a certain mobile operator in a certain country/region, you can: -1. Create a specific layout customization file and then name it LayoutCustomization1.xml. -2. Include the file as part of your provisioning package. -3. Create your multivariant target and reference the XML file within the target condition in the main customization XML file. - -The following example shows what the overall customization file might look like with multivariant support for Start: - -```XML - - - - {6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e} - My Provisioning Package - 1.0 - OEM - 50 - - - - - - - - - - - - - - - - - - - - - - - 1 - 1 - 1 - - - 1 - - - - - - - - - c:\users\\appdata\local\Microsoft\Windows\Shell\LayoutCustomization1.XML - - 1 - - - - - - -``` - -When the condition is met, the provisioning engine takes the XML file and places it in the location that Windows 10 has set and then the Start subsystem reads the file and applies the specific customized layout. - -You must repeat this process for all variants that you want to support so that each variant can have a distinct layout for each of the conditions and targets that need to be supported. For example, if you add a **Language** condition, you can create a Start layout that has it's own localized group or folder titles. - -## Add the LayoutModification.xml file to the image - -Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 Mobile, you can use Windows ICD to add the XML file to the device: - -1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** and then click the **StartLayout** setting. -2. In the middle pane, click **Browse** to open File Explorer. -3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file. -4. Select the file and then click **Open**. - -This should set the value of **StartLayout**. The setting appears in the **Selected customizations** pane. - - - - - - - - - - - - - - - - - - - -## Related topics - - -- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) - -  - - - - - diff --git a/windows/manage/windows-10-start-layout-options-and-policies.md b/windows/manage/windows-10-start-layout-options-and-policies.md deleted file mode 100644 index 3e70b23135..0000000000 --- a/windows/manage/windows-10-start-layout-options-and-policies.md +++ /dev/null @@ -1,173 +0,0 @@ ---- -title: Manage Windows 10 Start and taskbar layout (Windows 10) -description: Organizations might want to deploy a customized Start and taskbar layout to devices running Windows 10 (Pro, Enterprise, Education). -ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A -keywords: ["start screen", "start menu"] -ms.prod: w10 -ms.mktglfcycl: manage -ms.sitesec: library -author: jdeckerMS -localizationpriority: high ---- - -# Manage Windows 10 Start and taskbar layout - - -**Applies to** - -- Windows 10 - -> **Looking for consumer information?** See [Customize the Start menu](http://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu) - -Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default. - ->[!NOTE] ->Taskbar configuration is available starting in Windows 10, version 1607. -> ->Start and taskbar configuration are available for Windows 10 Pro in version 1703. - -## Start options - -![start layout sections](images/startannotated.png) - -Some areas of Start can be managed using Group Policy. The layout of Start tiles can be managed using either Group Policy or Mobile Device Management (MDM) policy. - -The following table lists the different parts of Start and any applicable policy settings or Settings options. Group Policy settings are in the **User Configuration**\\**Administrative Templates**\\**Start Menu and Taskbar** path except where a different path is listed in the table. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
StartPolicySetting
User tileGroup Policy: Remove Logoff on the Start menu
Most usedGroup Policy: Remove frequent programs from the Start menuSettings > Personalization > Start > Show most used apps

Suggestions

-

-and-

-

Dynamically inserted app tile

MDM: Allow Windows Consumer Features

-

Group Policy: Computer Configuration\\Administrative Templates\\Windows Components\\Cloud Content\\Turn off Microsoft consumer experiences

-
-Note   -

This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu.

-
-
-  -
Settings > Personalization > Start > Occasionally show suggestions in Start
Recently addednot applicableSettings > Personalization > Start > Show recently added apps
Pinned foldersnot applicableSettings > Personalization > Start > Choose which folders appear on Start
PowerGroup Policy: Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commandsNone
Start layout

MDM: Start layout

-

Group Policy: Start layout

-

Group Policy: Prevent users from customizing their Start Screen

-
-Note   -

When a full Start screen layout is imported with Group Policy or MDM, the users cannot pin, unpin, or uninstall apps from the Start screen. Users can view and open all apps in the All Apps view, but they cannot pin any apps to the Start screen. When a partial Start screen layout is imported, users cannot change the tile groups applied by the partial layout, but can modify other tile groups and create their own.

Start layout policy can be used to pin apps to the taskbar based on an XML File that you provide. Users will be able to change the order of pinned apps, unpin apps, and pin additional apps to the taskbar. -

-
-  -
None
Jump listsGroup Policy: Do not keep history of recently opened documentsSettings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
Start size

MDM: Force Start size

-

Group Policy: Force Start to be either full screen size or menu size

Settings > Personalization > Start > Use Start full screen
All SettingsGroup Policy: Prevent changes to Taskbar and Start Menu SettingsNone
- - ## Taskbar options - -Starting in Windows 10, version 1607, you can pin additional apps to the taskbar and remove default pinned apps from the taskbar. You can specify different taskbar configurations based on device locale or region. - -There are three categories of apps that might be pinned to a taskbar: -* Apps pinned by the user -* Default Windows apps, pinned during operating system installation (Microsoft Edge, File Explorer, Store) -* Apps pinned by the enterprise, such as in an unattended Windows setup - - >[!NOTE] - >The earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607. - -The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square). - ->[!NOTE] ->In operating systems configured to use a right-to-left language, the taskbar order will be reversed. - -![Windows left, user center, enterprise to the right](images/taskbar-generic.png) - -Whether you apply the taskbar configuration to a clean install or an update, users will still be able to: -* Pin additional apps -* Change the order of pinned apps -* Unpin any app - -### Taskbar configuration applied to clean install of Windows 10 - -In a clean install, if you apply a taskbar layout, only the apps that you specify and default apps that you do not remove will be pinned to the taskbar. Users can pin additional apps to the taskbar after the layout is applied. - -### Taskbar configuration applied to Windows 10 upgrades - -When a device is upgraded to Windows 10, apps will be pinned to the taskbar already. Some apps may have been pinned to the taskbar by a user, and others may have been pinned to the taskbar through a customized base image or by using Windows Unattend setup. - -The new taskbar layout for upgrades to Windows 10, version 1607 or later, will apply the following behavior: -* If the user pinned the app to the taskbar, those pinned apps remain and new apps will be added to the right. -* If the user didn't pin the app (it was pinned during installation or by policy) and the app is not in updated layout file, the app will be unpinned. -* If the user didn't pin the app and the app is in the updated layout file, the app will be pinned to the right. -* New apps specified in updated layout file are pinned to right of user's pinned apps. - - - -## Related topics - -- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) -- [Customize and export Start layout](customize-and-export-start-layout.md) -- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md) -- [Start layout XML for mobile editions of Windows 10 (reference)](start-layout-xml-mobile.md) -- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) -- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) -- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) -  - - - - -