Lab 5: Configure Shell Launcher or Assigned Access
Article
Applies to:
✅ Windows 11, ✅ Windows 10
Windows IoT Enterprise allows you to build fixed purpose devices such as ATM machines, point-of-sale terminals, medical devices, digital signs, or kiosks. Kiosk mode helps you create a dedicated and locked down user experience on these fixed purpose devices. Windows IoT Enterprise offers a set of different locked-down experiences for public or specialized use: assigned access single-app kiosks, assigned access multi-app kiosks, or shell launcher.
Complete Lab 4: You should have a basic image that's been sysprepped and ready to be captured.
Complete the OOBE process on the IoT device
In lab 4, we used Sysprep to get the system ready for capture and deployment. The following steps assume you're using the image from lab 4. The steps work on system that hasn't been Sysprepped, but the OOBE experience is completed.
Complete the OOBE process on the reference system
Turn on the reference IoT device and boot to the OS partition. The OS was in a Sysprep state and OOBE should begin.
Complete the OOBE experience. Choose the settings that match your device requirements.
Enable and configure Shell Launcher
Enable Shell Launcher
Once the device is booted to the desktop, enable the Shell Launcher. From an Administrative Command Prompt:
Configure Shell Launcher to run an OEM application
With Shell Launcher enabled, you can set an application as the Windows Shell. In the following steps, we show you how to use powershell.exe as the shell for the current user. In your device, you use a different application in place of PowerShell to configure the system to use the OEM application as the shell, but the steps are the same. See Shell launcher to learn more.
To set powershell.exe as your custom shell:
From an Administrative Windows PowerShell Prompt run:
The system reboots and Explorer starts as the default system shell.
Enable and configure Assigned Access
The following lab steps provide links on how to install a UWP application suitable for Assigned Access and to configure the system to launch the application automatically at startup. The UWP application must be able to run above the lock screen in order to work correctly with assigned access.
Sideload a UWP application and configure Assigned Access to run it
In this lab, you add a UWP app to your image by sideloading it onto the system. For production scenarios, follow the guidance on deploying signed UWP applications.
Compile the UWP application and build the APPX package following the steps at Packaging UWP apps.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.