deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-21 01:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/configuration/assigned-access/configure-multi-app-kiosk.md
Paolo Matarazzo 0d6f002e6f remove assigned access
2025-03-10 11:07:17 -04:00

97 lines
4.0 KiB
Markdown
Raw Blame History

---
title: Configure a Multi-App Kiosk With Assigned Access
description: Learn how to configure a multi-app kiosk with Assigned Access.
ms.date: 3/7/2025
ms.topic: overview
---
# Configure a restricted user experience (multi-app kiosk) with Assigned Access
An Assigned Access restricted user experience runs one or more apps from the desktop. People using the kiosk have a customized Start menu that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. A multi-app kiosk is appropriate for shared devices.
To configure a restricted user experience with Assigned Access, you must create an XML configuration file with the settings for the desired experience. The XML file is applied to the device via the [Assigned Access CSP](/windows/client-management/mdm/assignedaccess-csp#shelllauncher), using one of the following options:
- A Mobile Device Management (MDM) solution, like Microsoft Intune
- Provisioning packages
- PowerShell, with the MDM Bridge WMI Provider
To learn how to configure the Assigned Access XML file, see [Create an Assigned Access configuration file](configuration-file.md).
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
You can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3].
- **Setting:** `./Vendor/MSFT/AssignedAccess/Configuration`
- **Value:** content of the XML configuration file
Assign the policy to a group that contains as members the devices that you want to configure.
#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
[!INCLUDE [provisioning-package-1](../../../includes/configure/provisioning-package-1.md)]
- **Path:** `AssignedAccess/MultiAppAssignedAccessSettings`
- **Value:** content of the XML configuration file
[!INCLUDE [provisioning-package-2](../../../includes/configure/provisioning-package-2.md)]
#### [:::image type="icon" source="../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
[!INCLUDE [powershell-wmi-bridge-1](../../../includes/configure/powershell-wmi-bridge-1.md)]
```PowerShell
$assignedAccessConfiguration = @"
# content of the XML configuration file
"@
$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
$obj = Set-CimInstance -CimInstance $obj -ErrorVariable cimSetError -ErrorAction SilentlyContinue
if($cimSetError) {
Write-Output "An ERROR occurred. Displaying error record and attempting to retrieve error logs...`n"
Write-Error -ErrorRecord $cimSetError[0]
$timeout = New-TimeSpan -Seconds 30
$stopwatch = [System.Diagnostics.Stopwatch]::StartNew()
do{
$events = Get-WinEvent -FilterHashtable $eventLogFilterHashTable -ErrorAction Ignore
} until ($events.Count -or $stopwatch.Elapsed -gt $timeout) # wait for the log to be available
if($events.Count) {
$events | ForEach-Object {
Write-Output "$($_.TimeCreated) [$($_.LevelDisplayName.ToUpper())] $($_.Message -replace "`n|`r")"
}
} else {
Write-Warning "Timed-out attempting to retrieve event logs..."
}
Exit 1
}
Write-Output "Successfully applied Assigned Access configuration"
```
[!INCLUDE [powershell-wmi-bridge-2](../../../includes/configure/powershell-wmi-bridge-2.md)]
#### [:::image type="icon" source="../images/icons/settings-app.svg"::: **Settings**](#tab/settings)
This option isn't available using Settings.
---
> [!TIP]
> For practical examples, see the [Quickstart: Configure a restricted user experience with Assigned Access](quickstart-restricted-user-experience.md)
[!INCLUDE [user-experience](includes/user-experience.md)]
<!--links-->
[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
[WIN-3]: /windows/client-management/mdm/assignedaccess-csp
Reference in New Issue View Git Blame Copy Permalink