deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

added removal steps

Browse Source
This commit is contained in:
Paolo Matarazzo 2025-02-28 10:47:24 -05:00
parent 43f8184985
commit b483a3dd52
7 changed files with 118 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
windows/configuration/assigned-access/configure-multi-app-kiosk.md
View File

@ -88,45 +88,7 @@ This option isn't available using Settings.
> [!TIP]
> For practical examples, see the [Quickstart: Configure a restricted user experience with Assigned Access](quickstart-restricted-user-experience.md)
## User experience
To validate the kiosk or restricted user experience, sign in with the user account you specified in the configuration file.
The Assigned Access configuration takes effect the next time the targeted user signs in. If that user account is signed in when you apply the configuration, sign out and sign back in to validate the experience.
> [!NOTE]
> Starting in Windows 11, a restricted user experience supports the use of multiple monitors.
### Autotrigger touch keyboard
The touch keyboard is automatically triggered when there's an input needed and no physical keyboard is attached on touch-enabled devices. You don't need to configure any other setting to enforce this behavior.
> [!TIP]
> The touch keyboard is triggered only when tapping a textbox. Mouse clicks don't trigger the touch keyboard. If you're testing this feature, use a physical device instead of a virtual machine (VM), as the touch keyboard isn't triggered on VMs.
### Sign out of assigned access
By default, to exit the kiosk experience, press <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd>. The kiosk app exits automatically. If you sign in again as the Assigned Access account, or wait for the sign in screen time-out, the kiosk app relaunches. The default time-out is 30 seconds, but you can change the time-out with the registry key:
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
To change the default time for Assigned Access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
> [!NOTE]
> `IdleTimeOut` doesn't apply to the Microsoft Edge kiosk mode.
The Breakout Sequence of <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd> is the default, but this sequence can be configured to be a different sequence of keys. The breakout sequence uses the format **modifiers + keys**. An example breakout sequence is <kbd>CTRL</kbd> + <kbd>ALT</kbd> + <kbd>A</kbd>, where <kbd>CTRL</kbd> + <kbd>ALT</kbd> are the modifiers, and <kbd>A</kbd> is the key value. To learn more, see [Create an Assigned Access configuration XML file](configuration-file.md).
## Remove Assigned Access
Deleting the restricted user experience removes the policy settings associated with the users, but it can't revert all the configurations. For example, the Start menu configuration is maintained.
## Next steps
> [!div class="nextstepaction"]
> Review the recommendations before you deploy Assigned Access:
>
> [Assigned Access recommendations](recommendations.md)
[!INCLUDE [user-experience](includes/user-experience.md)]
<!--links-->

2
windows/configuration/assigned-access/configure-single-app-kiosk.md
View File

@ -163,5 +163,7 @@ When the device isn't joined to an Active Directory domain or Microsoft Entra ID
> [!TIP]
> For practical examples, see the [Quickstart: Configure a kiosk with Assigned Access](quickstart-kiosk.md).
[!INCLUDE [user-experience](includes/user-experience.md)]
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
[WIN-3]: /windows/client-management/mdm/assignedaccess-csp

55
windows/configuration/assigned-access/includes/user-experience.md Normal file
View File

@ -0,0 +1,55 @@
---
author: paolomatarazzo
ms.author: paoloma
ms.date: 02/05/2024
ms.topic: include
---
## User experience
To validate the kiosk configuration, sign in with the user account you specified in the configuration file.
The Assigned Access configuration takes effect the next time the targeted user signs in. If that user account is signed in when you apply the configuration, sign out and sign back in to validate the experience.
### Autotrigger touch keyboard
The touch keyboard is automatically triggered when there's an input needed and no physical keyboard is attached on touch-enabled devices. You don't need to configure any other setting to enforce this behavior.
> [!TIP]
> The touch keyboard is triggered only when tapping a textbox. Mouse clicks don't trigger the touch keyboard. If you're testing this feature, use a physical device instead of a virtual machine (VM), as the touch keyboard isn't triggered on VMs.
### Sign out of assigned access
By default, to exit the kiosk experience, press <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd>. The kiosk app exits automatically. If you sign in again as the Assigned Access account, or wait for the sign in screen time-out, the kiosk app relaunches. The default time-out is 30 seconds, but you can change the time-out with the registry key:
`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI`
To change the default time for Assigned Access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal.
> [!NOTE]
> `IdleTimeOut` doesn't apply to the Microsoft Edge kiosk mode.
The Breakout Sequence of <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd> is the default, but this sequence can be configured to be a different sequence of keys. The breakout sequence uses the format **modifiers + keys**. An example breakout sequence is <kbd>CTRL</kbd> + <kbd>ALT</kbd> + <kbd>A</kbd>, where <kbd>CTRL</kbd> + <kbd>ALT</kbd> are the modifiers, and <kbd>A</kbd> is the key value. To learn more, see [Create an Assigned Access configuration XML file](configuration-file.md).
## Remove Assigned Access
Deleting the Assigned Access configuration removes the policy settings associated with the users, but it can't revert all the changes. For example, in a multi-app kiosk scenario the Start menu configuration is maintained.
Here's a PowerShell example to remove the configuration:
```powershell
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = $null
Set-CimInstance -CimInstance $obj
```
Reboot the device to apply the changes.
## Next steps
> [!div class="nextstepaction"]
> Review the recommendations before you deploy Assigned Access:
>
> [Assigned Access recommendations](../recommendations.md)

16
windows/configuration/assigned-access/quickstart-kiosk.md
View File

@ -91,6 +91,22 @@ Here are the steps to configure a kiosk using the Settings app:
After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.
## Remove Assigned Access
Once you no longer need the kiosk configuration, you can remove it.
Here's a PowerShell example to remove the Assigned Access configuration:
```powershell
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = $null
Set-CimInstance -CimInstance $obj
```
Reboot the device to apply the changes.
## Next steps
> [!div class="nextstepaction"]

16
windows/configuration/assigned-access/quickstart-restricted-user-experience.md
View File

@ -80,6 +80,22 @@ After the settings are applied, reboot the device. A local user account is autom
::: zone-end
## Remove Assigned Access
Once you no longer need the restricted user experience, you can remove it. Deleting the Assigned Access configuration removes the policy settings associated with the users, but it can't revert all the changes. For example, the Start menu configuration is maintained.
Here's a PowerShell example to remove the configuration:
```powershell
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = $null
Set-CimInstance -CimInstance $obj
```
Reboot the device to apply the changes.
## Next steps
> [!div class="nextstepaction"]

14
windows/configuration/shell-launcher/configure.md
View File

@ -298,6 +298,20 @@ After the settings are applied, the users that are configured to use Shell Launc
Depending on your configuration, you can have a user to automatically sign in to the device.
## Remove Shell Launcher
Once you no longer need the kiosk configuration, you can remove it.
Here's a PowerShell example to remove the Shell Launcher configuration:
```powershell
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.ShellLauncher = $null
Set-CimInstance -CimInstance $obj
```
## Next steps
> [!div class="nextstepaction"]

14
windows/configuration/shell-launcher/quickstart-kiosk.md
View File

@ -56,6 +56,20 @@ Alternatively, you can configure devices using a [custom policy][MEM-1] with the
After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.
## Remove Shell Launcher
Once you no longer need the kiosk configuration, you can remove it.
Here's a PowerShell example to remove the Shell Launcher configuration:
```powershell
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.ShellLauncher = $null
Set-CimInstance -CimInstance $obj
```
## Next steps
> [!div class="nextstepaction"]