From f620ecee7fa1f4c3db71ca12ffdb7e91134e1d6f Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 13 Aug 2018 10:09:27 -0700 Subject: [PATCH] fix schema ref --- windows/configuration/kiosk-xml.md | 14 +++---- .../lock-down-windows-10-to-specific-apps.md | 40 +++++++++++++++++-- 2 files changed, 43 insertions(+), 11 deletions(-) diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index c6323caf72..4b5de3ee98 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -30,7 +30,7 @@ ms.topic: article @@ -147,7 +147,7 @@ ms.topic: article @@ -176,11 +176,11 @@ ms.topic: article xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config" - xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/2018/config" + xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config" > - + @@ -348,9 +348,9 @@ ms.topic: article diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index f42675ba7c..a630ac2137 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -29,7 +29,7 @@ The following table lists changes to multi-app kiosk in recent updates. New features and improvements | In update --- | --- - Configure [a single-app kiosk profile](#profile) in your XML file

- Assign [group accounts to a config profile](#config-for-group-accounts)

- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 -- Explicitly allow some known folders when user opens file dialog box

- Automatically launch an app when the user signs in

- Configure a display name for the autologon account | Windows 10, version 1809

**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/2018/config`. +- Explicitly allow some known folders when user opens file dialog box

- Automatically launch an app when the user signs in

- Configure a display name for the autologon account | Windows 10, version 1809

**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. @@ -143,6 +143,8 @@ A lockdown profile section in the XML has the following entries: - [**AllowedApps**](#allowedapps) +- [FileExplorerNamespaceRestrictions](#fileexplorernamespacerestrctions) + - [**StartLayout**](#startlayout) - [**Taskbar**](#taskbar) @@ -167,7 +169,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can ##### AllowedApps -**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure apps to run automatically. +**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. In Windows 10, version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in. Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps. When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. @@ -176,7 +178,7 @@ Based on the purpose of the kiosk device, define the list of applications that a - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%). -- To configure the app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. For an example, see [the AllowedApps sample XML](#apps-sample). +- To configure the app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample). Here are the predefined assigned access AppLocker rules for **UWP apps**: @@ -192,7 +194,7 @@ Here are the predefined assigned access AppLocker rules for **desktop apps**: 2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list that you defined in the multi-app configuration. 3. Enterprise-defined allowed desktop apps are added in the AppLocker allow list. -The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.. +The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in. ```xml @@ -209,6 +211,36 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula ``` +##### FileExplorerNamespaceRestrictions + +Starting in Windows 10, version 1809, you can explicitly allow some known folders to be accessed when the user tries to open the file dialog in multi-app assigned access. Currently, **Downloads** is the only folder supported. + +as an AllowedNamespace which maps to FOLDERID_Downloads. The following example shows how to allow user access to the Downloads folder in the common file dialog. + +```xml + + + + + + ... + + + + + + + ... + + + + + +``` + ##### StartLayout After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.