deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2022-10-11 10:18:29 -04:00
parent b4deef6309
commit ef4b716444
2 changed files with 11 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -23,15 +23,9 @@ appliesto:
| Area Name | Setting name and description| | Area Name | Setting name and description|
|---|---| |---|---|
|Shared PC mode | **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**: when enabled, **Shared PC mode** is turned on and different settings are configured in the local GPO.<li>For a detailed list of settings enabled by Shared PC Mode, see the [Shared PC technical reference](shared-pc-technical.md#enablesharedpcmode-and-enablesharedpcmodewithonedrivesync)</li><li>This setting controls the API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings)</li>| |Shared PC mode | <li>**EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**: when enabled, **Shared PC mode** is turned on and different settings are configured in the local group policy object (LGPO).<ul><li>For a detailed list of settings enabled by Shared PC Mode in the LGO, see the [Shared PC technical reference](shared-pc-technical.md#enablesharedpcmode-and-enablesharedpcmodewithonedrivesync)</li><li>This setting controls the API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings)</li></ul>|
| Education policies | **SetEduPolicies**: when enabled, specific settings designed for Education devices are configured in the local GPO.<li>For a detailed list of settings enabled SetEduPolicies, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy)</li><li>This setting controls the API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings)| | Account management | <li>**EnableAccountManager**: when enabled, automatic account management is turned on. The following settings allow to define the behavior of *account manager*: <ul><li> **DeletionPolicy**: defines which thresholds to evaluate before deleting accounts</li><li>**DiskLevelDeletion** </li><li>**DiskLevelCaching**</li><li>**InactiveThreshold**</li></ul><li>**AccountModel**: this option controls which types of users can sign-in to the device, and can be used to enable the Guest and Kiosk accounts. For more information, see the [Shared PC CSP documentation][WIN-3]</li><li>**KioskModeAUMID**: configures an application (referred as Application User Model ID - AUMID) to automatically execute when the kiosk account is used to sign in. A new account will be created and will use assigned access to only run the app specified by the AUMID. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) </li><li>**KioskModeUserTileDisplayText**: sets the display text on the kiosk account if **KioskModeAUMID** has been set|
| Account models | **AccountModel**: this option controls which types of users can sign-in to the device, and can be used to enable the Guest and Kiosk accounts. | | Advanced customizations | **SetEduPolicies**: when enabled, specific settings designed for Education devices are configured in the LGPO.<li>For a detailed list of settings enabled by SetEduPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy)</li><li>This setting controls the API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings)<li>**SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the LGPO. This policy ensures that devices wake during the maintenance period.<li>For a detailed list of settings enabled by SetPowerPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies)</li><li>**SleepTimeout**: specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies</li><li>**SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep</li><li>**MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For a detailed list of settings enabled SetPowerPolicies, see [Shared PC technical reference](shared-pc-technical.md#MaintenanceStartTime)</li><li>**MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs</li><li> **RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.This setting controls the API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings)|
| Account management | **EnableAccountManager**: when enabled, automatic account management is turned on. The following settings allow to define the behavior of account manager: <li> **DeletionPolicy**</li><li>**DiskLevelDeletion**</li><li>**DiskLevelCaching**</li><li>**InactiveThreshold**</li>|
| Power Management | **SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the local GPO. This policy ensures that devices wake during the maintenance period.<li>For a detailed list of settings enabled SetPowerPolicies, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies)</li><li>**SleepTimeout**: specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.</li><li>**SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep.</li>|
| Kiosk mode | <li>**KioskModeAUMID**: configures an application (referred as Application User Model ID - AUMID) to automatically execute when the kiosk account is used to sign in. A new account will be created and will use assigned access to only run the app specified by the AUMID. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) </li><li>**KioskModeUserTileDisplayText**: sets the display text on the kiosk account if **KioskModeAUMID** has been set. |
| Maintenace | **MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value.<li>For a detailed list of settings enabled SetPowerPolicies, see [Shared PC technical reference](shared-pc-technical.md#MaintenanceStartTime)</li>|
| Page file size | **MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs. |
| Local storage | **RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.<li>This setting controls the API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings)</li>|
## Configure Shared PC mode ## Configure Shared PC mode
@ -53,26 +47,6 @@ Assign the policy to a security group that contains as members the devices or us
Alternatively, you can configure devices using the [SharedPC CSP][WIN-3]. Alternatively, you can configure devices using the [SharedPC CSP][WIN-3].
|OMA-URI|
|-|
|`./Vendor/MSFT/SharedPC/EnableSharedPCMode`|
|`./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`|
|`./Vendor/MSFT/SharedPC/SetEduPolicies`|
|`./Vendor/MSFT/SharedPC/SetPowerPolicies`|
|`./Vendor/MSFT/SharedPC/MaintenanceStartTime`|
|`./Vendor/MSFT/SharedPC/SignInOnResume`|
|`./Vendor/MSFT/SharedPC/SleepTimeout`|
|`./Vendor/MSFT/SharedPC/EnableAccountManager`|
|`./Vendor/MSFT/SharedPC/AccountModel`|
|`./Vendor/MSFT/SharedPC/DeletionPolicy`|
|`./Vendor/MSFT/SharedPC/DiskLevelDeletion`|
|`./Vendor/MSFT/SharedPC/DiskLevelCaching`|
|`./Vendor/MSFT/SharedPC/RestrictLocalStorage`|
|`./Vendor/MSFT/SharedPC/KioskModeAUMID`|
|`./Vendor/MSFT/SharedPC/KioskModeUserTileDisplayText`|
|`./Vendor/MSFT/SharedPC/InactiveThreshold`|
|`./Vendor/MSFT/SharedPC/MaxPageFileSizeMB`|
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) #### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
Shared PC can be configured using a provisioning package. Shared PC can be configured using a provisioning package.
@ -132,8 +106,7 @@ Set-CimInstance -CimInstance $cimObject
- Local accounts that already exist on a PC won't be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign-out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**. - Local accounts that already exist on a PC won't be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign-out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**.
- The account management service supports accounts that are exempt from deletion. An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`. - The account management service supports accounts that are exempt from deletion. An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`. To add the account SID to the registry key using PowerShell, use the following example as a reference:
- To add the account SID to the registry key using PowerShell:
```powershell ```powershell
$adminName = "LocalAdmin" $adminName = "LocalAdmin"

17
windows/configuration/wcd/wcd-sharedpc.md
View File

@ -1,6 +1,6 @@
--- ---
title: SharedPC (Windows 10) title: SharedPC
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer. description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
ms.prod: w10 ms.prod: w10
author: aczechowski author: aczechowski
ms.localizationpriority: medium ms.localizationpriority: medium
@ -13,8 +13,7 @@ manager: dougeby
# SharedPC (Windows Configuration Designer reference) # SharedPC (Windows Configuration Designer reference)
Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. Use SharedPC settings to optimize Windows devices for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.
## Applies to ## Applies to
@ -38,15 +37,13 @@ Use these settings to configure settings for accounts allowed on the shared PC.
| KioskModeUserTileDisplayText | String | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. | | KioskModeUserTileDisplayText | String | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. |
## EnableSharedPCMode ## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
Set as **True**. When set to **False**, shared PC mode isn't turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings). Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
Some of the remaining settings in SharedPC are optional, but we strongly recommend that you also set **EnableAccountManager** to **True**. ## AccountManagement
## PolicyCustomization Use these settings to configure account management policies for Shared PC
Use these settings to configure policies for shared PC mode.
| Setting | Value | Description | | Setting | Value | Description |
| --- | --- | --- | | --- | --- | --- |