deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/shell-launcher/quickstart-kiosk.md
Paolo Matarazzo 6cc50d143e updates
2025-05-01 11:21:05 -04:00

3.6 KiB
Raw Blame History

title, description, ms.topic, ms.date
title description ms.topic ms.date
Quickstart: configure a single-app kiosk with Shell Launcher Learn how to configure a signle-app kiosk experience with Shell Launcher, using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO). quickstart 3/7/2025

Quickstart: configure a kiosk with Shell Launcher

This quickstart provides practical examples of how to configure a kiosk experience on Windows with Shell Launcher. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, and PowerShell. While different solutions are used, the configuration settings and results are the same.

The examples can be modified to fit your specific requirements. For example, you can change the app used, the URL specified when opening Microsoft Edge, or change the name of the user that automatically signs in to Windows.

Prerequisites

[!div class="checklist"] Here's a list of requirements to complete this quickstart:

  • A Windows Enterprise or Education device
  • Microsoft Intune, or a non-Microsoft MDM solution, if you want to configure the settings using MDM
  • Access to the psexec tool, if you want to test the configuration using Windows PowerShell

Configure a kiosk device

[!INCLUDE tab-intro]

:::image type="icon" source="../images/icons/intune.svg"::: Intune

Tip

Use the following Graph call to automatically create a custom policy in your Microsoft Intune tenant without assignments nor scope tags.

When using this call, authenticate to your tenant in the Graph Explorer window. If it's the first time using Graph Explorer, you may need to authorize the application to access your tenant or to modify the existing permissions. This graph call requires DeviceManagementConfiguration.ReadWrite.All permissions.

[!INCLUDE quickstart-intune]

Assign the policy to a group that contains as members the devices that you want to configure.

[!INCLUDE quickstart-xml]

:::image type="icon" source="../images/icons/csp.svg"::: CSP

You can configure devices using the AssignedAccess CSP.

Setting
- OMA-URI: ./Vendor/MSFT/AssignedAccess/ShellLauncher
- Data type: string
- Value: content of the following XML

[!INCLUDE quickstart-xml]

:::image type="icon" source="../images/icons/powershell.svg"::: PowerShell

[!INCLUDE powershell-wmi-bridge-1]

[!INCLUDE quickstart-ps]

[!INCLUDE powershell-wmi-bridge-2]

User experience

After the settings are applied, reboot the device. A local user account is automatically signed in, opening Microsoft Edge.

Remove Shell Launcher

Once you no longer need the kiosk configuration, you can remove it.

Here's a PowerShell example to remove the Shell Launcher configuration:

$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.ShellLauncher = $null
Set-CimInstance -CimInstance $obj

Next steps

[!div class="nextstepaction"] Learn more how to create a Shell Launcher configuration file:

Create a Shell Launcher configuration file