deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20250225-security-book

Browse Source
This commit is contained in:
Paolo Matarazzo 2025-02-26 13:34:23 -05:00
commit a9247b03b4
12 changed files with 41 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/licensing/assigned-access.md
View File

@ -20,13 +20,3 @@ The following table lists the Windows editions that support Assigned Access:
|IoT Enterprise LTSC|✅|
|Pro Education|✅|
|Pro|✅|
<!--
Assigned Access license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|Yes|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
-->

12
includes/licensing/shell-launcher.md
View File

@ -20,14 +20,4 @@ The following table lists the Windows editions that support Shell Launcher:
|IoT Enterprise LTSC|✅|
|Pro Education|❌|
|Pro|❌|
<!--
Shell Launcher license entitlements are granted by the following licenses:
|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
|:---:|:---:|:---:|:---:|:---:|
|No|Yes|Yes|Yes|Yes|
For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).
-->
|Home|❌|

20
windows/configuration/shell-launcher/wedl-assignedaccess.md
View File

@ -1,14 +1,16 @@
---
title: WEDL\_AssignedAccess
description: WEDL\_AssignedAccess
ms.date: 05/20/2024
title: WEDL_AssignedAccess
description: WEDL_AssignedAccess
ms.date: 02/25/2025
ms.topic: reference
---
# WEDL\_AssignedAccess
# WEDL_AssignedAccess
This Windows Management Instrumentation (WMI) provider class configures settings for assigned access.
[!INCLUDE [shell-launcher](../../../includes/licensing/assigned-access.md)]
## Syntax
```powershell
@ -129,13 +131,3 @@ if ($AssignedAccessConfig) {
"Could not set up assigned access account."
}
```
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |

18
windows/configuration/shell-launcher/wesl-usersetting.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting
description: WESL_UserSetting
ms.date: 05/02/2017
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This class configures which application Shell Launcher starts based on the security identifier (SID) of the signed in user, and also configures the set of return codes and return actions that Shell Launcher performs when the application exits.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -158,17 +160,3 @@ $ShellLauncherClass.RemoveCustomShell($Admins_SID)
$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
```
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettinggetcustomshell.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.GetCustomShell
description: WESL_UserSetting.GetCustomShell
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettinggetdefaultshell.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.GetDefaultShell
description: WESL_UserSetting.GetDefaultShell
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves the default Shell Launcher configuration.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingisenabled.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.IsEnabled
description: WESL_UserSetting.IsEnabled
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method retrieves a value that indicates if Shell Launcher is enabled or disabled.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -24,18 +26,3 @@ This method retrieves a value that indicates if Shell Launcher is enabled or dis
## Return Value
Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-non-error-constants) or a [WMI error](/windows/win32/wmisdk/wmi-error-constants).
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingremovecustomshell.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.RemoveCustomShell
description: WESL_UserSetting.RemoveCustomShell
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method removes a Shell Launcher configuration for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -28,18 +30,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
You must restart your device for the changes to take effect.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetcustomshell.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetCustomShell
description: WESL_UserSetting.SetCustomShell
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method configures Shell Launcher for a specific user or group, based on the security identifier (SID).
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -60,18 +62,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
Shell Launcher uses the *CustomReturnCodes* and *CustomReturnCodesAction* arrays to determine the system behavior when the shell application exits, based on the return value of the shell application.
If the return value does not exist in *CustomReturnCodes*, or if the corresponding action defined in *CustomReturnCodesAction* is not a valid value, Shell Launcher uses *DefaultAction* to determine system behavior. If *DefaultAction* is not defined, or is not a valid value, Shell Launcher restarts the shell application.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetdefaultshell.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetDefaultShell
description: WESL_UserSetting.SetDefaultShell
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method sets the default Shell Launcher configuration.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -40,18 +42,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
## Remarks
Shell Launcher uses the default configuration when the security identifier (SID) of the user who is currently signed in does not match any custom defined Shell Launcher configurations.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

19
windows/configuration/shell-launcher/wesl-usersettingsetenabled.md
View File

@ -1,7 +1,7 @@
---
title: WESL_UserSetting.SetEnabled
description: WESL_UserSetting.SetEnabled
ms.date: 05/20/2024
ms.date: 02/25/2025
ms.topic: reference
---
@ -9,6 +9,8 @@ ms.topic: reference
This method enables or disables Shell Launcher.
[!INCLUDE [shell-launcher](../../../includes/licensing/shell-launcher.md)]
## Syntax
```powershell
@ -30,18 +32,3 @@ Returns an HRESULT value that indicates [WMI status](/windows/win32/wmisdk/wmi-n
This method enables or disables Shell Launcher by modifying the **Shell** value in the registry key `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`. If Unified Write Filter (UWF) is enabled, you may need to disable UWF or commit this registry key by using [UWF_RegistryFilter.CommitRegistry](../unified-write-filter/uwf-registryfiltercommitregistry.md) in order to enable or disable Shell Launcher.
Enabling or disabling Shell Launcher does not take effect until a user signs in.
## Requirements
| Windows Edition | Supported |
|:-----------------------|:---------:|
| Windows Home | No |
| Windows Pro | No |
| Windows Enterprise | Yes |
| Windows Education | Yes |
| Windows IoT Enterprise | Yes |
## Related topics
- [WESL_UserSetting](wesl-usersetting.md)
- [Shell Launcher](index.md)

17
windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
View File

@ -174,15 +174,18 @@ You can add the *Device configurations* permission with one or more rights to yo
### [Windows Enterprise E3+ and F3](#tab/windows-enterprise-e3-f3-intune-permissions)
Your account must be assigned an [Intune role-based access control](/mem/intune/fundamentals/role-based-access-control) (RBAC) role that includes the following permissions:
- **Device configurations**:
- Assign
- Create
- Delete
- View Reports
- Update
- Read
After you [activate Windows Autopatch features](../prepare/windows-autopatch-feature-activation.md#activate-windows-autopatch-features), use the Intune Service Administrator role to register devices, manage your update deployments, and reporting tasks.
If you want to assign less-privileged user accounts to perform specific tasks in the Windows Autopatch portal, such as register devices with the service, you can add these user accounts into one of the two Microsoft Entra groups created during the [Start using Windows Autopatch](../prepare/windows-autopatch-feature-activation.md) process:
| Microsoft Entra group name | Discover devices | Modify columns | Refresh device list | Export to .CSV | Device actions |
| --- | --- | --- | --- | --- | --- |
| Modern Workplace Roles - Service Administrator | Yes | Yes | Yes | Yes | Yes |
| Modern Workplace Roles - Service Reader | No | Yes | Yes | Yes | Yes |
For more information, see [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
> [!TIP]