From 9e8dd2e19c102490102287813ad081b5de70a1b8 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 5 Oct 2022 11:13:59 -0400
Subject: [PATCH] updates

---
 education/windows/TOC.yml                     |  8 +-
 education/windows/index.yml                   |  4 +-
 .../set-up-shared-or-guest-pc.md              | 17 +---
 windows/configuration/shared-pc-technical.md  | 83 +++++++++----------
 4 files changed, 51 insertions(+), 61 deletions(-)

diff --git a/education/windows/TOC.yml b/education/windows/TOC.yml
index 41370d1823..3d8a78a23f 100644
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@@ -22,8 +22,8 @@ items:
         href: enable-s-mode-on-surface-go-devices.md
     - name: Windows 10 editions for education customers
       href: windows-editions-for-education-customers.md
-    - name: Shared PC mode for school devices
-      href: set-up-school-pcs-shared-pc-mode.md
+    - name: Shared PC mode
+      href: ../../windows/configuration/shared-pc-mode-technical.md
     - name: Windows 10 configuration recommendations for education customers
       href: configure-windows-for-education.md
     - name: Take tests and assessments in Windows
@@ -36,6 +36,8 @@ items:
       href: edu-stickers.md
     - name: Configure Take a Test in kiosk mode
       href: edu-take-a-test-kiosk-mode.md
+    - name: Configure Shared PC mode
+      href: ../../windows/configuration/shared-pc-mode-technical.md
     - name: Use the Set up School PCs app
       href: use-set-up-school-pcs-app.md
     - name: Change Windows edition
@@ -94,4 +96,6 @@ items:
         href: set-up-school-pcs-whats-new.md
     - name: Take a Test technical reference
       href: take-a-test-app-technical.md
+    - name: Shared PC mode technical reference
+      href: ../../windows/configuration/shared-pc-mode-technical.md
       
diff --git a/education/windows/index.yml b/education/windows/index.yml
index 012096eecd..367c5febca 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -92,4 +92,6 @@ landingContent:
       - linkListType: how-to-guide
         links:
         - text: Configure Take a Test in kiosk mode
-          url: edu-take-a-test-kiosk-mode.md
\ No newline at end of file
+          url: edu-take-a-test-kiosk-mode.md
+        - text: Configure Shared PC mode
+          url: ../../windows/configuration/shared-pc-mode-technical.md
\ No newline at end of file
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index f58e50fd87..e56d04ae3c 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -21,6 +21,7 @@ appliesto:
 *Shared PC* is a Windows feature that optimizes Windows clients for shared use scenarios, such as touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
 
 ## Shared PC mode
+
 A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode allow sign in of one user at a time. When a device is locked, the signed in user can be signed out at the lock screen.
 
 ## Account models
@@ -161,25 +162,15 @@ Follow the steps in [Apply a provisioning package][WIN-2] to apply the package t
     New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
     ```
 
-## Shared PC APIs and app behavior
-
-Applications can take advantage of Shared PC mode with the following three APIs:  
-
-- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
-- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.  
-- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.  
-
 ## Technical reference
 
 - For a list of settings configured by the different options offered by Shared PC mode, see the [Shared PC technical reference](shared-pc-technical.md).
 - For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3].
+- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4].
 
 -----------
 
-[API-1]: /uwp/api/windows.system.profile.sharedmodesettings
-[API-2]: /uwp/api/windows.system.profile.sharedmodesettings
-[API-3]: /uwp/api/windows.system.profile.educationsettings
-
 [WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
 [WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
-[WIN-3]: /windows/client-management/mdm/sharedpc-csp
\ No newline at end of file
+[WIN-3]: /windows/client-management/mdm/sharedpc-csp
+[WIN-4]: /windows/configuration/wcd/wcd-sharedpc
\ No newline at end of file
diff --git a/windows/configuration/shared-pc-technical.md b/windows/configuration/shared-pc-technical.md
index fa85cb5d68..511ff34c40 100644
--- a/windows/configuration/shared-pc-technical.md
+++ b/windows/configuration/shared-pc-technical.md
@@ -19,12 +19,17 @@ appliesto:
 
 # Shared PC technical reference
 
-## Local group policy settings list
+This article details the settings configured on the devices by the different options in Shared PC.
 
-The different options offered by Shared PC configure the local group policy object (LGPO) with different settings. The following tables list the settings configured by each Shared PC option.
+> [!IMPORTANT]
+> The behavior of certain Shared PC options have changed over time. This article describes the current settings applied by the Shared PC options.
 
 ## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
 
+EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it.
+
+When enabling Shared PC mode, the following settings in the local GPO are configured:
+
 | Policy setting | Status |
 |--|--|
 | Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
@@ -41,11 +46,12 @@ The different options offered by Shared PC configure the local group policy obje
 | Windows Components/Biometrics/Allow the use of biometrics | Disabled |
 | Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
 | Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
+| Windows Components/Data Collection and Preview Builds/Disable pre-release features or settings | Disabled (all experimentations are turned off) |
 | Windows Components/Data Collection and Preview Builds/Do not show feedback notifications | Enabled |
 | Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds | Disabled |
 | Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
 | Windows Components/File History/Turn off File History | Enabled |
-| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
+| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage |<li> **Enabled** if using EnableSharedPCMode</li><li>**Disabled** is using EnableSharedPCModeWithOneDriveSync</li> |
 | Windows Components/Windows Hello for Business/Use biometrics | Disabled |
 | Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
 | Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
@@ -53,12 +59,11 @@ The different options offered by Shared PC configure the local group policy obje
 | Extra registry setting  | Status |
 |-------------------------------------------------------------------------------------------------------------------|----------|
 | Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
-| Software\Policies\Microsoft\Windows\PreviewBuilds\EnableConfigFlighting (Disable pre-release features or settings) | 0 |
 | Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
 
 ## SetEDUPolicy
 
-SetEDUPolicy configures the following settings:
+By enabling SetEDUPolicy, the following settings in the local GPO are configured:
 
 | LGPO setting | Status |
 |--|--|
@@ -68,70 +73,58 @@ SetEDUPolicy configures the following settings:
 
 ## SetPowerPolicies
 
-SetPowerPolicies configures the following settings:
+By enabling SetPowerPolicies, the following settings in the local GPO are configured:
 
-| LGPO setting | Status |
+| Policy setting | Status|
 |--|--|
-| System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled --> Sleep |
-| System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled --> Sleep |
-| System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled --> Sleep |
-| System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled --> Sleep |
-| System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled --> Sleep |
-| System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled --> Sleep |
-| System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled --> 70% |
+| System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled > Sleep |
+| System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled > Sleep |
+| System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled > Sleep |
+| System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled > Sleep |
+| System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled > Sleep |
+| System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled > Sleep |
+| System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled > 70% |
 | System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (plugged in) | Enabled |
-| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Disables hibernation) |
-| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Disables hibernation) |
+| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) |
+| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) |
 | System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
 
 ## MaintenanceStartTime
 
-| Policy setting | Status |
+By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
+
+| Policy setting | Status|
 |--------------------------------------------------------------------------------------|--------------------------------|
 | Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) |
-| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay  | Enabled PT2H |
+| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay  | Enabled PT2H (2 hours) |
 | Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled  |
 
 ## SignInOnResume
 
-SignInOnResume configures the following settings:
+By enabling SignInOnResume, the following settings in the local GPO are configured:
 
-| LGPO setting | Status |
+| Policy setting | Status|
 |--|--|
 | System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled |
 | System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
 
+## EnableAccountManager
 
+By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`
 
-## Enableaccountmanager
+## Shared PC APIs and app behavior
 
-Enables scheduled task:
-\Microsoft\Windows\SharedPC\,"Account Cleanup"
+Applications can take advantage of Shared PC mode with the following three APIs:  
 
-[SharedModeSettings.ShouldAvoidLocalStorage Property](/uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage)
+- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
+- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.  
+- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.  
 
-Account Model has been set to not configured --> no GPO changes --> removes Guest from login screen
-Restrict Local Storage has been set to not configured --> no GPO changes
-removed all diskleveldeletion, threshold --> no GPO changes
+-----------
 
-
-
-
-
-
-
-
-
-##### to check
-
-### Windows Settings>Security Settings>Local Policies>Security Options
-
-|Policy Name| Value|When set?|
-|--- |--- |--- |
-|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always|
-|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always|
-|Shutdown: Allow system to be shut down without having to log on|Disabled|Always|
-|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always|
+[API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled
+[API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
+[API-3]: /uwp/api/windows.system.profile.educationsettings
\ No newline at end of file