mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
9.5 KiB
9.5 KiB
author, ms.author, ms.date, ms.topic
| author | ms.author | ms.date | ms.topic |
|---|---|---|---|
| paolomatarazzo | paoloma | 02/05/2024 | include |
::: zone pivot="windows-10"
$assignedAccessConfiguration = @"
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
>
<Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<App DesktopAppPath="%windir%\System32\cmd.exe" />
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
<rs5:AllowedNamespace Name="Downloads"/>
<v3:AllowRemovableDrives/>
</rs5:FileExplorerNamespaceRestrictions>
<StartLayout>
<![CDATA[
<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="">
<start:Tile Size="2x2" Column="0" Row="4" AppUserModelID="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="4" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk" />
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<start:DesktopApplicationTile Size="2x2" Column="4" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk" />
<start:Tile Size="2x2" Column="2" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="MS Learn Example"/>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
"@
$eventLogFilterHashTable = @{
ProviderName = "Microsoft-Windows-AssignedAccess";
StartTime = Get-Date -Millisecond 0
}
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue
if($cimSetError) {
Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n"
Write-Error -ErrorRecord $cimSetError[0]
$timeout = New-TimeSpan -Seconds 30
$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
do{
$events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore
} until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available
if($events.Count) {
$events | ForEach-Object {
Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")"
}
} else {
Write-Warning "Timed-out attempting to retrieve event logs..."
}
Exit 1
}
Write-Output "Successfully applied Assigned Access configuration"
::: zone-end
::: zone pivot="windows-11"
$assignedAccessConfiguration = @"
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"
>
<Profiles>
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
<App DesktopAppPath="%windir%\System32\cmd.exe" />
<App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
<App DesktopAppPath="%windir%\explorer.exe" />
<App AppUserModelId="windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel" />
<App AppUserModelId="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
<rs5:AllowedNamespace Name="Downloads"/>
<v3:AllowRemovableDrives/>
</rs5:FileExplorerNamespaceRestrictions>
<v5:StartPins>
<![CDATA[{
"pinnedList":[
{"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},
{"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"},
{"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"},
{"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk"},
{"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk"},
{"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"},
{"packagedAppId": "windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel"},
{"desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"}
]
}]]>
</v5:StartPins>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="MS Learn Example"/>
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
"@
$eventLogFilterHashTable = @{
ProviderName = "Microsoft-Windows-AssignedAccess";
StartTime = Get-Date -Millisecond 0
}
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue
if($cimSetError) {
Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n"
Write-Error -ErrorRecord $cimSetError[0]
$timeout = New-TimeSpan -Seconds 30
$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
do{
$events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore
} until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available
if($events.Count) {
$events | ForEach-Object {
Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")"
}
} else {
Write-Warning "Timed-out attempting to retrieve event logs..."
}
Exit 1
}
Write-Output "Successfully applied Assigned Access configuration"
::: zone-end