deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 23:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into apps-in-windows-10-update

Browse Source
This commit is contained in:
Heidi Lohr 2018-02-23 08:55:43 -08:00
commit c324154f69
8 changed files with 707 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
devices/surface/change-history-for-surface.md
View File

@ -16,6 +16,7 @@ This topic lists new and updated topics in the Surface documentation library.
|New or changed topic | Description | |New or changed topic | Description |
| --- | --- | | --- | --- |
|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.12.136.0 information |
|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information | |[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information |
## January 2018 ## January 2018

18
devices/surface/surface-dock-updater.md
View File

@ -9,7 +9,7 @@ ms.mktglfcycl: manage
ms.pagetype: surface, devices ms.pagetype: surface, devices
ms.sitesec: library ms.sitesec: library
author: brecords author: brecords
ms.date: 11/03/2017 ms.date: 02/23/2018
ms.author: jdecker ms.author: jdecker
--- ---
@ -116,6 +116,22 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
>[!Note] >[!Note]
>Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater. >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
### Version 2.12.136.0
*Release Date: 29 January 2018*
This version of Surface Dock Updater adds support for the following:
* Update for Surface Dock Main Chipset Firmware
* Update for Surface Dock DisplayPort Firmware
* Improved display stability for external displays when used with Surface Book or Surface Book 2
Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following:
* Update for Surface Book Base Firmware
* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices
>[!Note]
>Before the Surface Dock firmware update applied by Surface Dock Updater v2.12.136.0 will take effect on a Surface Book device, a firmware update for the Surface Book Base is required. If you install Surface Dock Updater v2.12.136.0 on a Surface Book and update an attached Surface Dock from that same device, the firmware of the Surface Book Base will automatically be updated when installing the Surface Dock Updater. However, if you update a Surface Dock using Surface Dock Updater v2.12.136.0 on different device, and then connect that Surface Dock to a Surface Book where Surface Dock Updater v2.12.136.0 has not been installed, the benefits of the updated Surface Dock will not be enabled. To enable the benefits of the updated Surface Dock on a Surface Book device, Surface Book Base firmware must also be updated by installing Surface Dock Updater v2.12.136.0 on the Surface Book device. Surface Book Base firmware update is not required on a Surface Book 2 device.
### Version 2.9.136.0 ### Version 2.9.136.0
*Release date: November 3, 2017* *Release date: November 3, 2017*

2
windows/client-management/mandatory-user-profile.md
View File

@ -89,7 +89,7 @@ First, you create a default user profile with the customizations that you want,
>![Microsoft Bing Translator package](images/sysprep-error.png) >![Microsoft Bing Translator package](images/sysprep-error.png)
>Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log. >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) and [Remove-AppxPackage -AllUsers](https://docs.microsoft.com/en-us/powershell/module/appx/remove-appxpackage?view=win10-ps) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.

597
windows/client-management/mdm/assignedaccess-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 11/03/2017 ms.date: 02/22/2018
--- ---
# AssignedAccess CSP # AssignedAccess CSP
@ -70,6 +70,53 @@ Supported operations are Add, Get, Delete, and Replace.
Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout). Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
<a href="" id="assignedaccess-status"></a>**./Device/Vendor/MSFT/AssignedAccess/Status**
Added in Windows 10, version 1803. This read only polling node allows MDM server to query the current KioskModeAppRuntimeStatus as long as the StatusConfiguration node is set to “On” or “OnWithAlerts”. If the StatusConfiguration is “Off”, a node not found error will be reported to the MDM server. Click [link](#status-example) to see an example SyncML. [Here](#assignedaccessalert-xsd) is the schema for the Status payload.
In Windows 10, version 1803, Assigned Access runtime status only supports monitoring single app kiosk mode. Here are the possible status available for single app kiosk mode.
|Status |Description |
|---------|---------|---------|
| KioskModeAppRunning | This means the kiosk app is running normally. |
| KioskModeAppNotFound | This occurs when the kiosk app is not deployed to the machine. |
| KioskModeAppActivationFailure | This happens when the assigned access controller detects the process terminated unexpectedly after exceeding the max retry. |
Note that status codes available in the Status payload correspond to a specific KioskModeAppRuntimeStatus.
|Status code | KioskModeAppRuntimeStatus |
|---------|---------|
| 1 | KioskModeAppRunning |
| 2 | KioskModeAppNotFound |
| 3 | KioskModeAppActivationFailure |
Additionally, the status payload includes a profileId, which can be used by the MDM server to correlate which kiosk app caused the error.
Supported operation is Get.
<a href="" id="assignedaccess-shelllauncher"></a>**./Device/Vendor/MSFT/AssignedAccess/ShellLauncher**
Added in Windows 10,version 1803. This node accepts a ShellLauncherConfiguration xml as input. Click [link](#shelllauncherconfiguration-xsd) to see the schema.
<a href="" id="assignedaccess-statusconfiguration"></a>**./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration**
Added in Windows 10, version 1803. This node accepts a StatusConfiguration xml as input to configure the Kiosk App Health monitoring. There are three possible values for StatusEnabled node inside StatusConfiguration xml: On, OnWithAlerts, and Off. Click [link](#statusconfiguration-xsd) to see the StatusConfiguration schema.
By default the StatusConfiguration node does not exist, and it implies this feature is off. Once enabled via CSP, Assigned Access will check kiosk app status and wait for MDM server to query the latest status from the Status node.
Optionally, the MDM server can opt-in to the MDM alert so a MDM alert will be generated and sent immediately to the MDM server when the assigned access runtime status is changed. This MDM alert will contain the status payload that is available via the Status node.
This MDM alert header is defined as follows:
- MDMAlertMark: Critical
- MDMAlertType: "com.microsoft.mdm.assignedaccess.status"
- MDMAlertDataType: String
- Source: "./Vendor/MSFT/AssignedAccess"
- Target: N/A
> [!Note]
> MDM alert will only be sent for errors.
## KioskModeApp examples ## KioskModeApp examples
KioskModeApp Add KioskModeApp Add
@ -160,32 +207,29 @@ KioskModeApp Replace
elementFormDefault="qualified" elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config"
targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config" targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
> >
<xs:complexType name="profile_list_t"> <xs:complexType name="profile_list_t">
<xs:sequence minOccurs="1" > <xs:sequence minOccurs="1" >
<xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"> <xs:element name="Profile" type="profile_t" minOccurs="1" maxOccurs="unbounded"/>
<xs:unique name="duplicateRolesForbidden">
<xs:selector xpath="Profile"/>
<xs:field xpath="@Id"/>
</xs:unique>
</xs:element>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<xs:complexType name="kioskmodeapp_t">
<xs:attribute name="AppUserModelId" type="xs:string"/>
</xs:complexType>
<xs:complexType name="profile_t"> <xs:complexType name="profile_t">
<xs:choice>
<xs:sequence minOccurs="1" maxOccurs="1"> <xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"> <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
<xs:unique name="ForbidDupApps">
<xs:selector xpath="App"/>
<xs:field xpath="@AppUserModelId"/>
<xs:field xpath="@DesktopAppPath"/>
</xs:unique>
</xs:element>
<xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/> <xs:element name="StartLayout" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/> <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence> </xs:sequence>
<xs:element name="KioskModeApp" type="kioskmodeapp_t" minOccurs="1" maxOccurs="1"/>
</xs:choice>
<xs:attribute name="Id" type="guid_t" use="required"/> <xs:attribute name="Id" type="guid_t" use="required"/>
<xs:attribute name="Name" type="xs:string" use="optional"/> <xs:attribute name="Name" type="xs:string" use="optional"/>
</xs:complexType> </xs:complexType>
@ -193,6 +237,10 @@ KioskModeApp Replace
<xs:complexType name="allappslist_t"> <xs:complexType name="allappslist_t">
<xs:sequence minOccurs="1" > <xs:sequence minOccurs="1" >
<xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1"> <xs:element name="AllowedApps" type="allowedapps_t" minOccurs="1" maxOccurs="1">
<xs:unique name="ForbidDupApps">
<xs:selector xpath="default:App"/>
<xs:field xpath="@AppUserModelId|@DesktopAppPath"/>
</xs:unique>
</xs:element> </xs:element>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
@ -235,22 +283,64 @@ KioskModeApp Replace
<xs:complexType name="config_t"> <xs:complexType name="config_t">
<xs:sequence minOccurs="1" maxOccurs="1"> <xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice>
<xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/> <xs:element name="Account" type="xs:string" minOccurs="1" maxOccurs="1"/>
<xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
<xs:element name="UserGroup" type="group_t" minOccurs="1" maxOccurs="1"/>
<xs:element name="SpecialGroup" type="specialGroup_t" minOccurs="1" maxOccurs="1" />
</xs:choice>
<xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/> <xs:element name="DefaultProfile" type="profileId_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<xs:complexType name="autologon_account_t">
<xs:attribute name="HiddenId" type="guid_t" fixed="{74331115-F68A-4DF9-8D2C-52BA2CE2ADB1}"/>
</xs:complexType>
<xs:complexType name="group_t">
<xs:attribute name="Name" type="xs:string" use="required"/>
<xs:attribute name="Type" type="groupType_t" use="required"/>
</xs:complexType>
<xs:complexType name="specialGroup_t">
<xs:attribute name="Name" type="specialGroupType_t" use="required"/>
</xs:complexType>
<xs:simpleType name="groupType_t">
<xs:restriction base="xs:string">
<xs:enumeration value="LocalGroup"/>
<xs:enumeration value="ActiveDirectoryGroup"/>
<xs:enumeration value="AzureActiveDirectoryGroup"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="specialGroupType_t">
<xs:restriction base="xs:string">
<xs:enumeration value="Visitor"/>
</xs:restriction>
</xs:simpleType>
<!--below is the definition of the config xml content--> <!--below is the definition of the config xml content-->
<xs:element name="AssignedAccessConfiguration"> <xs:element name="AssignedAccessConfiguration">
<xs:complexType> <xs:complexType>
<xs:all minOccurs="1"> <xs:all minOccurs="1">
<xs:element name="Profiles" type="profile_list_t"> <xs:element name="Profiles" type="profile_list_t">
<xs:unique name="duplicateRolesForbidden">
<xs:selector xpath="default:Profile"/>
<xs:field xpath="@Id"/>
</xs:unique>
</xs:element>
<xs:element name="Configs" type="config_list_t">
<xs:unique name="duplicateAutoLogonAccountForbidden">
<xs:selector xpath=".//default:AutoLogonAccount"/>
<xs:field xpath="@HiddenId"/>
</xs:unique>
</xs:element> </xs:element>
<xs:element name="Configs" type="config_list_t"/>
</xs:all> </xs:all>
</xs:complexType> </xs:complexType>
</xs:element> </xs:element>
</xs:schema> </xs:schema>
``` ```
## Example AssignedAccessConfiguration XML ## Example AssignedAccessConfiguration XML
@ -560,3 +650,480 @@ Example of the Delete command.
</SyncBody> </SyncBody>
</SyncML> </SyncML>
``` ```
## StatusConfiguration XSD
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration"
>
<xs:simpleType name="status_enabled_t">
<xs:restriction base="xs:string">
<xs:enumeration value="Off"/>
<xs:enumeration value="On"/>
<xs:enumeration value="OnWithAlerts"/>
</xs:restriction>
</xs:simpleType>
<!--below is the definition of the config xml content-->
<xs:element name="StatusConfiguration">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="StatusEnabled" type="status_enabled_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
```
## StatusConfiguration example
StatusConfiguration Add OnWithAlerts
``` syntax
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<![CDATA[
<?xml version="1.0" encoding="utf-8" ?>
<StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration">
<StatusEnabled>OnWithAlerts</StatusEnabled>
</StatusConfiguration>
]]>
</Data>
</Item>
</Add>
<Final />
</SyncBody>
</SyncML>
```
StatusConfiguration Delete
``` syntax
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Delete>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>
</Target>
</Item>
</Delete>
<Final />
</SyncBody>
</SyncML>
```
StatusConfiguration Get
``` syntax
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>
</Target>
</Item>
</Get>
<Final />
</SyncBody>
</SyncML>
```
StatusConfiguration Replace On
```syntax
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/StatusConfiguration</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<![CDATA[
<?xml version="1.0" encoding="utf-8" ?>
<StatusConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2018/StatusConfiguration">
<StatusEnabled>On</StatusEnabled>
</StatusConfiguration>
]]>
</Data>
</Item>
</Replace>
<Final />
</SyncBody>
</SyncML>
```
## Status example
Status Get
``` syntax
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/Status</LocURI>
</Target>
</Item>
</Get>
<Final />
</SyncBody>
</SyncML>
```
## ShellLauncherConfiguration XSD
``` syntax
<?xml version="1.0" encoding="utf-8"?>
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
xmlns:default="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
targetNamespace="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"
>
<xs:complexType name="profile_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="DefaultProfile" type="default_profile_t"/>
<xs:element name="Profile" type="profile_t"/>
</xs:choice>
<xs:element name="Profile" type="profile_t" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="default_profile_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Shell" type="default_shell_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="default_shell_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Shell" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="custom_shell_t">
<xs:all minOccurs="1" maxOccurs="1">
<xs:element name="ReturnCodeActions" type="return_code_action_list_t" minOccurs="0" maxOccurs="1">
<xs:unique name="ForbidDuplicatedReturnCodes">
<xs:selector xpath="default:ReturnCodeAction"/>
<xs:field xpath="@ReturnCode"/>
</xs:unique>
</xs:element>
<!--if "DefaultAction" is not supplied, pre-defined default action is "restart the shell"-->
<xs:element name="DefaultAction" type="default_action_t" minOccurs="0" maxOccurs="1"/>
</xs:all>
<xs:attribute name="Shell" type="xs:string" use="required"/>
</xs:complexType>
<xs:complexType name="default_action_t">
<xs:attribute name="Action" type="system_action_t" use="required"/>
</xs:complexType>
<xs:simpleType name="system_action_t">
<xs:restriction base="xs:string">
<xs:enumeration value="RestartShell" />
<xs:enumeration value="RestartDevice" />
<xs:enumeration value="ShutdownDevice" />
</xs:restriction>
</xs:simpleType>
<xs:complexType name="profile_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Shell" type="custom_shell_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Id" type="guid_t" use="required"/>
<xs:attribute name="Name" type="xs:string" use="optional"/>
</xs:complexType>
<xs:simpleType name="guid_t">
<xs:restriction base="xs:string">
<xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="return_code_action_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="ReturnCodeAction" type="return_code_action_t" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="return_code_action_t">
<xs:attribute name="ReturnCode" type="xs:integer" use="required"/>
<xs:attribute name="Action" type="system_action_t" use="required"/>
</xs:complexType>
<xs:complexType name="config_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Config" type="config_t" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="config_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="Account" type="account_t" minOccurs="1" maxOccurs="1">
<xs:key name="mutexNameOrSID">
<xs:selector xpath="."/>
<xs:field xpath="@Name|@Sid"/>
</xs:key>
</xs:element>
<xs:element name="AutoLogonAccount" type="autologon_account_t" minOccurs="1" maxOccurs="1"/>
</xs:choice>
<xs:element name="Profile" type="profile_id_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="account_t">
<xs:attribute name="Name" type="xs:string" use="optional"/>
<xs:attribute name="Sid" type="xs:string" use="optional"/>
</xs:complexType>
<xs:complexType name="autologon_account_t">
<xs:attribute name="HiddenId" type="guid_t" fixed="{50021E57-1CE4-49DF-99A9-8DB659E2C2DD}"/>
</xs:complexType>
<xs:complexType name="profile_id_t">
<xs:attribute name="Id" type="guid_t" use="required"/>
</xs:complexType>
<!--below is the definition of the config xml content-->
<xs:element name="ShellLauncherConfiguration">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Profiles" type="profile_list_t" minOccurs="1" maxOccurs="1">
<xs:unique name="ForbidDuplicatedProfiles">
<xs:selector xpath="default:Profile"/>
<xs:field xpath="@Id"/>
</xs:unique>
</xs:element>
<xs:element name="Configs" type="config_list_t" minOccurs="0" maxOccurs="1">
<xs:unique name="ForbidDuplicatedConfigs_Name">
<xs:selector xpath="default:Config/default:Account"/>
<xs:field xpath="@Name"/>
</xs:unique>
<xs:unique name="ForbidDuplicatedConfigs_Sid">
<xs:selector xpath="default:Config/default:Account"/>
<xs:field xpath="@Sid"/>
</xs:unique>
<xs:unique name="ForbidDuplicatedAutoLogonAccount">
<xs:selector xpath="default:Config/default:AutoLogonAccount"/>
<xs:field xpath="@HiddenId"/>
</xs:unique>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
```
## ShellLauncherConfiguration examples
ShellLauncherConfiguration Add
```
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<![CDATA[
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
<Profiles>
<!--default profile defines default shell and action for general purposes, should NOT be bound to any account-->
<DefaultProfile>
<Shell Shell="%SystemRoot%\explorer.exe">
<!--DefaultAction is optional; if not defined, the pre-defined default action is "restart shell"-->
<DefaultAction Action="RestartShell"/>
</Shell>
</DefaultProfile>
<Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
<Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
<!--ReturnCodeActions is optional, when none is provided, will always execute default action-->
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
</ReturnCodeActions>
<!--restart device after shell exits, if its return code does not match any of the above-->
<DefaultAction Action="RestartDevice"/>
</Shell>
</Profile>
<Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}">
<Shell Shell="%SystemRoot%\System32\cmd.exe"/>
<!--DefaultAction is optional, if none is supplied, will use DefaultAction defined in DefaultProfile-->
</Profile>
</Profiles>
<Configs>
<Config>
<!--AutoLogon account-->
<AutoLogonAccount/>
<Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
</Config>
<Config>
<!--BUILTIN\Administrators SID-->
<Account Sid="S-1-5-32-544"/>
<Profile Id="{24A73092-4F3F-44CC-8375-53F13FE213F7}"/>
</Config>
<Config>
<!--local account-->
<Account Name="sluser1"/>
<Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
</Config>
</Configs>
</ShellLauncherConfiguration>
]]>
</Data>
</Item>
</Add>
<Final />
</SyncBody>
</SyncML>
```
ShellLauncherConfiguration Add AutoLogon
```
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<![CDATA[
<?xml version="1.0" encoding="utf-8"?>
<ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration">
<Profiles>
<DefaultProfile>
<Shell Shell="%SystemRoot%\explorer.exe"/>
</DefaultProfile>
<Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}">
<Shell Shell="%ProgramFiles%\Internet Explorer\iexplore.exe -k www.bing.com">
<ReturnCodeActions>
<ReturnCodeAction ReturnCode="0" Action="RestartShell"/>
<ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/>
<ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/>
</ReturnCodeActions>
<DefaultAction Action="RestartDevice"/>
</Shell>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount/>
<Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/>
</Config>
</Configs>
</ShellLauncherConfiguration>
]]>
</Data>
</Item>
</Add>
<Final />
</SyncBody>
</SyncML>
```
ShellLauncherConfiguration Get
```
<SyncML xmlns='SYNCML:SYNCML1.2'>
<SyncBody>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI>
</Target>
</Item>
</Get>
<Final />
</SyncBody>
</SyncML>
```
## AssignedAccessAlert XSD
```syntax
<?xml version="1.0" encoding="utf-8"?>
<xs:schema
elementFormDefault="qualified"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
xmlns:default="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
targetNamespace="http://schemas.microsoft.com/AssignedAccess/2018/AssignedAccessAlert"
>
<xs:simpleType name="status_t">
<xs:restriction base="xs:int">
<xs:enumeration value="0"/>
<xs:enumeration value="1"/>
<xs:enumeration value="2"/>
<xs:enumeration value="3"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="guid_t">
<xs:restriction base="xs:string">
<xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="event_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="status" type="status_t" minOccurs="1" maxOccurs="1"/>
<xs:element name="profileId" type="guid_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="Name" type="xs:string" fixed="KioskModeAppRuntimeStatus" use="required"/>
</xs:complexType>
<xs:element name="Events">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Event" type="event_t" minOccurs="1" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
```

87
windows/client-management/mdm/assignedaccess-ddf.md
View File

@ -7,12 +7,15 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 11/01/2017 ms.date: 02/22/2018
--- ---
# AssignedAccess DDF # AssignedAccess DDF
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML. This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
You can download the DDF files from the links below: You can download the DDF files from the links below:
@ -20,7 +23,7 @@ You can download the DDF files from the links below:
- [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
The XML below is for Windows 10, version 1709. The XML below is for Windows 10, version 1803.
``` syntax ``` syntax
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
@ -48,7 +51,7 @@ The XML below is for Windows 10, version 1709.
<Permanent /> <Permanent />
</Scope> </Scope>
<DFType> <DFType>
<MIME>com.microsoft/1.1/MDM/AssignedAccess</MIME> <MIME>com.microsoft/2.0/MDM/AssignedAccess</MIME>
</DFType> </DFType>
</DFProperties> </DFProperties>
<Node> <Node>
@ -111,6 +114,84 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
</DFType> </DFType>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>Status</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<Description>This read only node contains kiosk health event xml</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ShellLauncher</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>This node accepts a ShellLauncherConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>StatusConfiguration</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<Description>This node accepts a StatusConfiguration xml as input. Please check out samples and required xsd on MSDN.</Description>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<CaseSense>
<CIS />
</CaseSense>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node> </Node>
</MgmtTree> </MgmtTree>
``` ```

BIN
windows/client-management/mdm/images/provisioning-csp-assignedaccess.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 9.6 KiB

22
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1416,6 +1416,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td> <td style="vertical-align:top">[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)</td>
<td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p> <td style="vertical-align:top"><p>Updated the XSD and Plug-in profile example for VPNv2 CSP.</p>
</td></tr> </td></tr>
<tr class="odd">
<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
<td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
<ul>
<li>Status</li>
<li>ShellLauncher</li>
<li>StatusConfiguration</li>
</ul>
<p>Updated the AssigneAccessConfiguration schema.</p>
</td></tr>
</tbody> </tbody>
</table> </table>
@ -1435,7 +1445,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<tbody> <tbody>
<tr> <tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td> <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, next major update:</p> <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1803:</p>
<ul> <ul>
<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li> <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
<li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li> <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
@ -1548,11 +1558,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td> <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p> <td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td> <td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
<td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, next major update:</p> <td style="vertical-align:top"><p>Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:</p>
<ul> <ul>
<li>AADSendDeviceToken</li> <li>AADSendDeviceToken</li>
<li>BlockInStatusPage</li> <li>BlockInStatusPage</li>
@ -1564,7 +1574,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td> <td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
<td style="vertical-align:top"><p>Added the following nodes in Windows 10, next major update:</p> <td style="vertical-align:top"><p>Added the following nodes in Windows 10, version 1803:</p>
<ul> <ul>
<li>AutomaticRedeployment</li> <li>AutomaticRedeployment</li>
<li>doAutomaticRedeployment</li> <li>doAutomaticRedeployment</li>
@ -1574,11 +1584,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td> <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p> <td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, version 1803.</p>
</td></tr> </td></tr>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td> <td style="vertical-align:top">[UEFI CSP](uefi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, next major update.</p> <td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
</td></tr> </td></tr>
</tbody> </tbody>
</table> </table>

2
windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
View File

@ -442,7 +442,7 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
3. Click **Edit Bootstrap.ini** and modify using the following information: 3. Click **Edit Bootstrap.ini** and modify using the following information:
``` syntax ``` syntax
Settings] [Settings]
Priority=Default Priority=Default
[Default] [Default]
DeployRoot=\\MDT01\MDTBuildLab$ DeployRoot=\\MDT01\MDTBuildLab$