question

V4lmont-9932 avatar image
0 Votes"
V4lmont-9932 asked AlexisBurkeSoto-6971 published

Windows 10 Pro Multi App KIOSK Mode

Hello folks,

Szenario:

For HomeOffice- usage we are rolling out diffrent Windows 10 Pro devices (Build 1909 and higher). This devices should be restricted as much as they can but you should be able to use following functions:

  • RemoteDesktop

  • Browser to connect to 1 website

  • phone software

  • Choose WiFi


To make this possible I choose to use the KIOSK Mode of Windows 10 in combination with Microsoft Intune and the Multi App function.

Detail:

In Intune:

Create Profile:

Platform: Windows 10 and later
Profile type: KIOSK

Configuration:
Select a kiosk mode: Multi app kiosk
Target Windows 10 in S mode devices: No
User logon type: Local

Now I´m going to configure allowed Apps:

for example:

Name: RDP

Path: C:\Windows\System32\mstsc.exe

DesktopApplicationId/AUMID for the Win32-App: Microsoft.Windows.RemoteDesktop

Tile Size: Mittel

To get the AUMID I user Shell:Appsfolder

https://jcutrer.com/windows/find-aumid

To roll out the specific startlayout I configure one layout as I need and save this in xml

Powershell: Export-StartLayout -Path 'C:\StartLayout.xml' -UseDesktopApplicationID

https://docs.microsoft.com/de-de/windows/configuration/start-layout-xml-desktop#specify-start-tiles

After configuration I connect the profile to my specific AD group.

So far so good. Everything is fine and worked for my test- device

My Problem:

For HomeOffice my users must be able to choose their Wifi. To make this possible I followed the instructions of a blog post by Nathan Blasac

https://nathanblasac.com/deploy-a-multi-app-windows-10-kiosk-with-intune-e261cedf2a21

He uses a shortcut to show available networks and deploy it via script.

In my scenario I create it manualy and saved it in

C:\ProgramData\Microsoft\Windows\Start Menu

When you're saving the shortcut in there you'll see in the Appsfolder and get an Microsoft genereated AUMID.

After you've done so and create a new Startlayout xml you can configure this "APP" in intune to be useable in KIOSK- Mode.

This worked for my Test- Device but not for a second or a third one. The other devices show a 4th icon but it doesn't open the available networks.

I noticed that:

The MS generated AUMID sometimes differs on other devices.

When I get the script right of Nathan blasc it saved the shortcut in 3 directories but I don't know why.

I tried to do the following:

Make the available networks available on the Login screen via GPO. This works but when you synchronize the device and it gets its KIOSK configuration it overwirtes the GPO.

I searched for a simple user-friendly app/program to choose Wifi, so I can configure it in intune. I didn't find anything usefull instead of Wifi- Analytics, profile managers etc.

My questions:

Is there a scheme whehre Windows generates the AUMID and when... what parameters does have impact to it? directories?

Is someone seeing a bad mistake in my configuration or has any other ideas/ hints?

Thank You in advance for your help and please excuse my bad language.

regards from Germany

mem-intune-device-configurations
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

V4lmont-9932 avatar image
0 Votes"
V4lmont-9932 answered AlexisBurkeSoto-6971 published

Hey Crystal,

thanks for your reply and sorry for my late reply.

I do find a solution for my problem in an other way:

I don't try to deploy the "show available networks"- shortcut anymore.
To choose Wifi I allow the "settings" app in Kiosk Mode.

In detail:

To Allow the "Settings"- App you have to add following App- ID:

windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel

When you do so, you can create another configuration profile to reduce the available settings so that you can see only "network and internet"

Profiletyp: userdefinied

Name: Setting
Description: show Network
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Settings/PageVisibilityList
Value: showonly:network-wifi

Info: to add mor settings you can add diffrent values, separated by " ; " f.e. "display"

I think this is a much better solution because you can exactlx choose what you want to make available.

Thanks for your Thoughts and your help.

Regards from Germany

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@V4lmont-9932, Thanks for sharing the solution in details. I appreciate it. It sounds a good thought to accomplish what we want. Your highly technical skills make me impressed. We suggest Accept your Answer to help more and more people who have the same request.

Thanks for your time and have a nice day!

0 Votes 0 ·

Hello V4lmont,

I'm having this same issue you had. How do you call settings if you don't make a shortcut? I have made my taskbar visible but still can't lauch wifi connections even if I already added explrer.exe and Settings's App-ID. I just click on the network icon of the taskbar with no reply.

Thanks!

0 Votes 0 ·
Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT commented

@V4lmont-9932, From your description, I know when we try a shortcut to show available networks and deploy it via script. One test device is working. But others are not. If there's any misunderstanding, please let us know.

As this is Intune forum, we can check the script deployed status to see if it is deployed successfully. If it is failed, we can check the logs under \ProgramData\Microsoft\IntuneManagementExtension\Logs to see if there's any finding:

30190-image.png

Also as a test, we can manually run the script on the affected machine to identify if the problem is on the script.

For the questions related with AUMID, as I am not familiar with this. I have done some research, find some related articles for this:
https://docs.microsoft.com/en-us/windows/configuration/find-the-application-user-model-id-of-an-installed-app
https://docs.microsoft.com/en-us/windows/win32/shell/appids

As the AUMID is the identifier for Universal Apps (UWP) installed from the Windows Store. The AUMID is essentially the identifier and entry point for these applications. To know more details about AUMID, I suggest to post in the following link to get professional support:
https://docs.microsoft.com/en-us/answers/topics/windows-uwp.html

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (42.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@V4lmont-9932, How are things going? I am writing to see if there's any update on our issue? If there's anything else from Intune we can help, feel free to let us know.

0 Votes 0 ·