deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2022-10-05 11:13:59 -04:00
parent 4e728aadc0
commit 9e8dd2e19c
4 changed files with 51 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
education/windows/TOC.yml
View File

@ -22,8 +22,8 @@ items:
href: enable-s-mode-on-surface-go-devices.md
- name: Windows 10 editions for education customers
href: windows-editions-for-education-customers.md
- name: Shared PC mode for school devices
href: set-up-school-pcs-shared-pc-mode.md
- name: Shared PC mode
href: ../../windows/configuration/shared-pc-mode-technical.md
- name: Windows 10 configuration recommendations for education customers
href: configure-windows-for-education.md
- name: Take tests and assessments in Windows
@ -36,6 +36,8 @@ items:
href: edu-stickers.md
- name: Configure Take a Test in kiosk mode
href: edu-take-a-test-kiosk-mode.md
- name: Configure Shared PC mode
href: ../../windows/configuration/shared-pc-mode-technical.md
- name: Use the Set up School PCs app
href: use-set-up-school-pcs-app.md
- name: Change Windows edition
@ -94,4 +96,6 @@ items:
href: set-up-school-pcs-whats-new.md
- name: Take a Test technical reference
href: take-a-test-app-technical.md
- name: Shared PC mode technical reference
href: ../../windows/configuration/shared-pc-mode-technical.md

4
education/windows/index.yml
View File

@ -92,4 +92,6 @@ landingContent:
- linkListType: how-to-guide
links:
- text: Configure Take a Test in kiosk mode
url: edu-take-a-test-kiosk-mode.md
url: edu-take-a-test-kiosk-mode.md
- text: Configure Shared PC mode
url: ../../windows/configuration/shared-pc-mode-technical.md

17
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -21,6 +21,7 @@ appliesto:
*Shared PC* is a Windows feature that optimizes Windows clients for shared use scenarios, such as touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
## Shared PC mode
A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode allow sign in of one user at a time. When a device is locked, the signed in user can be signed out at the lock screen.
## Account models
@ -161,25 +162,15 @@ Follow the steps in [Apply a provisioning package][WIN-2] to apply the package t
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
```
## Shared PC APIs and app behavior
Applications can take advantage of Shared PC mode with the following three APIs:
- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
## Technical reference
- For a list of settings configured by the different options offered by Shared PC mode, see the [Shared PC technical reference](shared-pc-technical.md).
- For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3].
- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4].
-----------
[API-1]: /uwp/api/windows.system.profile.sharedmodesettings
[API-2]: /uwp/api/windows.system.profile.sharedmodesettings
[API-3]: /uwp/api/windows.system.profile.educationsettings
[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
[WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
[WIN-3]: /windows/client-management/mdm/sharedpc-csp
[WIN-3]: /windows/client-management/mdm/sharedpc-csp
[WIN-4]: /windows/configuration/wcd/wcd-sharedpc

83
windows/configuration/shared-pc-technical.md
View File

@ -19,12 +19,17 @@ appliesto:
# Shared PC technical reference
## Local group policy settings list
This article details the settings configured on the devices by the different options in Shared PC.
The different options offered by Shared PC configure the local group policy object (LGPO) with different settings. The following tables list the settings configured by each Shared PC option.
> [!IMPORTANT]
> The behavior of certain Shared PC options have changed over time. This article describes the current settings applied by the Shared PC options.
## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it.
When enabling Shared PC mode, the following settings in the local GPO are configured:
| Policy setting | Status |
|--|--|
| Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
@ -41,11 +46,12 @@ The different options offered by Shared PC configure the local group policy obje
| Windows Components/Biometrics/Allow the use of biometrics | Disabled |
| Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
| Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
| Windows Components/Data Collection and Preview Builds/Disable pre-release features or settings | Disabled (all experimentations are turned off) |
| Windows Components/Data Collection and Preview Builds/Do not show feedback notifications | Enabled |
| Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds | Disabled |
| Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
| Windows Components/File History/Turn off File History | Enabled |
| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage | Enabled |
| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage |<li> **Enabled** if using EnableSharedPCMode</li><li>**Disabled** is using EnableSharedPCModeWithOneDriveSync</li> |
| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
@ -53,12 +59,11 @@ The different options offered by Shared PC configure the local group policy obje
| Extra registry setting | Status |
|-------------------------------------------------------------------------------------------------------------------|----------|
| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
| Software\Policies\Microsoft\Windows\PreviewBuilds\EnableConfigFlighting (Disable pre-release features or settings) | 0 |
| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
## SetEDUPolicy
SetEDUPolicy configures the following settings:
By enabling SetEDUPolicy, the following settings in the local GPO are configured:
| LGPO setting | Status |
|--|--|
@ -68,70 +73,58 @@ SetEDUPolicy configures the following settings:
## SetPowerPolicies
SetPowerPolicies configures the following settings:
By enabling SetPowerPolicies, the following settings in the local GPO are configured:
| LGPO setting | Status |
| Policy setting | Status|
|--|--|
| System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled --> Sleep |
| System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled --> Sleep |
| System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled --> Sleep |
| System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled --> Sleep |
| System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled --> Sleep |
| System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled --> Sleep |
| System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled --> 70% |
| System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled > Sleep |
| System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled > Sleep |
| System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled > Sleep |
| System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled > Sleep |
| System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled > Sleep |
| System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled > Sleep |
| System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled > 70% |
| System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (on battery) | Enabled |
| System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (plugged in) | Enabled |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Disables hibernation) |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Disables hibernation) |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled |
| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
## MaintenanceStartTime
| Policy setting | Status |
By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
| Policy setting | Status|
|--------------------------------------------------------------------------------------|--------------------------------|
| Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) |
| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay | Enabled PT2H |
| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay | Enabled PT2H (2 hours) |
| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled |
## SignInOnResume
SignInOnResume configures the following settings:
By enabling SignInOnResume, the following settings in the local GPO are configured:
| LGPO setting | Status |
| Policy setting | Status|
|--|--|
| System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled |
| System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled |
| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
## EnableAccountManager
By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`
## Enableaccountmanager
## Shared PC APIs and app behavior
Enables scheduled task:
\Microsoft\Windows\SharedPC\,"Account Cleanup"
Applications can take advantage of Shared PC mode with the following three APIs:
[SharedModeSettings.ShouldAvoidLocalStorage Property](/uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage)
- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
Account Model has been set to not configured --> no GPO changes --> removes Guest from login screen
Restrict Local Storage has been set to not configured --> no GPO changes
removed all diskleveldeletion, threshold --> no GPO changes
-----------
##### to check
### Windows Settings>Security Settings>Local Policies>Security Options
|Policy Name| Value|When set?|
|--- |--- |--- |
|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always|
|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always|
|Shutdown: Allow system to be shut down without having to log on|Disabled|Always|
|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always|
[API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled
[API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
[API-3]: /uwp/api/windows.system.profile.educationsettings