Hello folks,
Szenario:
For HomeOffice- usage we are rolling out diffrent Windows 10 Pro devices (Build 1909 and higher). This devices should be restricted as much as they can but you should be able to use following functions:
- RemoteDesktop
- Browser to connect to 1 website
- phone software
- Choose WiFi
To make this possible I choose to use the KIOSK Mode of Windows 10 in combination with Microsoft Intune and the Multi App function.
Detail:
In Intune:
Create Profile:
Platform: Windows 10 and later
Profile type: KIOSK
Configuration:
Select a kiosk mode: Multi app kiosk
Target Windows 10 in S mode devices: No
User logon type: Local
Now I´m going to configure allowed Apps:
for example:
Name: RDP
Path: C:\Windows\System32\mstsc.exe
DesktopApplicationId/AUMID for the Win32-App: Microsoft.Windows.RemoteDesktop
Tile Size: Mittel
To get the AUMID I user Shell:Appsfolder
https://jcutrer.com/windows/find-aumid
To roll out the specific startlayout I configure one layout as I need and save this in xml
Powershell: Export-StartLayout -Path 'C:\StartLayout.xml' -UseDesktopApplicationID
https://learn.microsoft.com/de-de/windows/configuration/start-layout-xml-desktop#specify-start-tiles
After configuration I connect the profile to my specific AD group.
So far so good. Everything is fine and worked for my test- device
My Problem:
For HomeOffice my users must be able to choose their Wifi. To make this possible I followed the instructions of a blog post by Nathan Blasac
https://nathanblasac.com/deploy-a-multi-app-windows-10-kiosk-with-intune-e261cedf2a21
He uses a shortcut to show available networks and deploy it via script.
In my scenario I create it manualy and saved it in
C:\ProgramData\Microsoft\Windows\Start Menu
When you're saving the shortcut in there you'll see in the Appsfolder and get an Microsoft genereated AUMID.
After you've done so and create a new Startlayout xml you can configure this "APP" in intune to be useable in KIOSK- Mode.
This worked for my Test- Device but not for a second or a third one. The other devices show a 4th icon but it doesn't open the available networks.
I noticed that:
The MS generated AUMID sometimes differs on other devices.
When I get the script right of Nathan blasc it saved the shortcut in 3 directories but I don't know why.
I tried to do the following:
Make the available networks available on the Login screen via GPO. This works but when you synchronize the device and it gets its KIOSK configuration it overwirtes the GPO.
I searched for a simple user-friendly app/program to choose Wifi, so I can configure it in intune. I didn't find anything usefull instead of Wifi- Analytics, profile managers etc.
My questions:
Is there a scheme whehre Windows generates the AUMID and when... what parameters does have impact to it? directories?
Is someone seeing a bad mistake in my configuration or has any other ideas/ hints?
Thank You in advance for your help and please excuse my bad language.
regards from Germany