deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20250225-security-book

Browse Source
This commit is contained in:
Paolo Matarazzo 2025-02-26 13:34:23 -05:00
commit a9247b03b4
12 changed files with 41 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/licensing/assigned-access.md
View File

@ -20,13 +20,3 @@ The following table lists the Windows editions that support Assigned Access:
|IoT Enterprise LTSC|✅| |IoT Enterprise LTSC|✅|
|Pro Education|✅| |Pro Education|✅|
|Pro|✅| |Pro|✅|
<!--
Assigned Access license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
-->

12
includes/licensing/shell-launcher.md
View File

@ -20,14 +20,4 @@ The following table lists the Windows editions that support Shell Launcher:
|IoT Enterprise LTSC|✅| |IoT Enterprise LTSC|✅|
|Pro Education|❌| |Pro Education|❌|
|Pro|❌| |Pro|❌|
|Home|❌|
<!--
Shell Launcher license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|No|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
-->

20
windows/configuration/shell-launcher/wedl-assignedaccess.md
View File

@ -1,14 +1,16 @@
--- ---
title: WEDL\_AssignedAccess title: WEDL_AssignedAccess
description: WEDL\_AssignedAccess description: WEDL_AssignedAccess
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
# WEDL\_AssignedAccess # WEDL_AssignedAccess
This Windows Management Instrumentation (WMI) provider class configures settings for assigned access. This Windows Management Instrumentation (WMI) provider class configures settings for assigned access.
[!INCLUDE [shell-launcher](../../../includes/licensing/assigned-access.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -129,13 +131,3 @@ if ($AssignedAccessConfig) {
"Could not set up assigned access account." "Could not set up assigned access account."
} }
``` ```
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |

18
windows/configuration/shell-launcher/wesl-usersetting.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting title: WESL_UserSetting
description: WESL_UserSetting description: WESL_UserSetting
ms.date: 05/02/2017 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This class configures which application Shell Launcher starts based on the security identifier (SID) of the signed in user, and also configures the set of return codes and return actions that Shell Launcher performs when the application exits. This class configures which application Shell Launcher starts based on the security identifier (SID) of the signed in user, and also configures the set of return codes and return actions that Shell Launcher performs when the application exits.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -158,17 +160,3 @@ $ShellLauncherClass.RemoveCustomShell($Admins_SID)
$ShellLauncherClass.RemoveCustomShell($Cashier_SID) $ShellLauncherClass.RemoveCustomShell($Cashier_SID)
``` ```
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.GetCustomShell title: WESL_UserSetting.GetCustomShell
description: WESL_UserSetting.GetCustomShell description: WESL_UserSetting.GetCustomShell
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the Shell Launcher configuration for a specific user or group, based on the security identifier (SID). This method retrieves the Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the application. Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application. If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.GetDefaultShell title: WESL_UserSetting.GetDefaultShell
description: WESL_UserSetting.GetDefaultShell description: WESL_UserSetting.GetDefaultShell
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the default Shell Launcher configuration. This method retrieves the default Shell Launcher configuration.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks ## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations. Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingisenabled.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.IsEnabled title: WESL_UserSetting.IsEnabled
description: WESL_UserSetting.IsEnabled description: WESL_UserSetting.IsEnabled
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves a value that indicates if Shell Launcher is enabled or disabled. This method retrieves a value that indicates if Shell Launcher is enabled or disabled.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -24,18 +26,3 @@ This method retrieves a value that indicates if Shell Launcher is enabled or dis
## Return Value ## Return Value
Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants). Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants).
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.RemoveCustomShell title: WESL_UserSetting.RemoveCustomShell
description: WESL_UserSetting.RemoveCustomShell description: WESL_UserSetting.RemoveCustomShell
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method removes a Shell Launcher configuration for a specific user or group, based on the security identifier (SID). This method removes a Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -28,18 +30,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks ## Remarks
You must restart your device for the changes to take effect. You must restart your device for the changes to take effect.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.SetCustomShell title: WESL_UserSetting.SetCustomShell
description: WESL_UserSetting.SetCustomShell description: WESL_UserSetting.SetCustomShell
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method configures Shell Launcher for a specific user or group, based on the security identifier (SID). This method configures Shell Launcher for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the shell application. Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the shell application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application. If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.SetDefaultShell title: WESL_UserSetting.SetDefaultShell
description: WESL_UserSetting.SetDefaultShell description: WESL_UserSetting.SetDefaultShell
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method sets the default Shell Launcher configuration. This method sets the default Shell Launcher configuration.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks ## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations. Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetenabled.md
View File

@ -1,7 +1,7 @@
--- ---
title: WESL_UserSetting.SetEnabled title: WESL_UserSetting.SetEnabled
description: WESL_UserSetting.SetEnabled description: WESL_UserSetting.SetEnabled
ms.date: 05/20/2024 ms.date: 02/25/2025
ms.topic: reference ms.topic: reference
--- ---
@ -9,6 +9,8 @@ ms.topic: reference
This method enables or disables Shell Launcher. This method enables or disables Shell Launcher.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax ## Syntax
```powershell ```powershell
@ -30,18 +32,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](../unified-write-filter/uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher. This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](../unified-write-filter/uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher.
Enabling or disabling Shell Launcher does not take effect until a user signs in. Enabling or disabling Shell Launcher does not take effect until a user signs in.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

17
windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
View File

@ -174,15 +174,18 @@ You can add the *Device configurations* permission with one or more rights to yo
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-intune-permissions) ### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-intune-permissions)
Your account must be assigned an [Intune role-based access control](/mem/intune/fundamentals/role-based-access-control) (RBAC) role that includes the following permissions:
- **Device configurations**:
- Assign
- Create
- Delete
- View Reports
- Update
- Read
After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md#activate-windows-autopatch-features), use the Intune Service Administrator role to register devices, manage your update deployments, and reporting tasks. After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md#activate-windows-autopatch-features), use the Intune Service Administrator role to register devices, manage your update deployments, and reporting tasks.
If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Microsoft Entra groups created during the [Start using Windows Autopatch](../prepare/windows-autopatch-feature-activation.md) process:
| Microsoft Entra group name | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
| --- | --- | --- | --- | --- | --- |
| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | Yes |
For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control). For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
> [!TIP] > [!TIP]