I am setting up a multi-app kiosk in audit mode on a fresh install of Win 10 IoT Ent LTSC 1809.
I've create an XML assigned access file based on: https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="https://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{75C4578C-D56D-402A-A946-CA3CCA60633A}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="C:\Windows\system32\mspaint.exe"/>
<App DesktopAppPath="C:\Windows\System32\notepad.exe"/>
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="httsp://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="4" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="4">
<start:Group Name="Group1">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Hello World"/>
<DefaultProfile Id="{75C4578C-D56D-402A-A946-CA3CCA60633A}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I've then used ICD to create a provisioning package using this XML file. When I try applying the package, I get an error and the following event log:
ProvXML category 'UxLockdown' failed with '0xC00CE223' at CSP node
'AssignedAccess/Configuration'. Provisioning failed
From researching this error online, there may be an error in my XML file. I've gone over it a few times and validated against the schema but still getting this error.
Can anyone provide help?
change
xmlns="https://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config"
to
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
its http not https, yes M$ had me running around in circles on this one
Related
I have a Windows desktop application build using Maui and installed using an MSIX installer. A key part of the desktop application is a Windows service which should be installed by the MSIX installer.
I've found that randomly however it does not install the service. The installer also does not throw any error causing end users to open up the app only for it to crash (because of a missing service).
What I've found:
On a system where the app has not been installed before the service gets installed without problems
At any point when updating the app with a newer version or simply reinstalling the app the service might be missing afterwards
Once you get in a state where the service is missing no amount of reboots or reinstalls can fix the problem with one exception: installing a completely new version can fix the problem (for example: upgrading from 1.6.0 to 1.7.0 can fix the problem, same for downgrading).
Windows event viewer does not report any errors or problems as far as I've found (checked the AppXDeployment-Server logs)
The installer does prompt for elevated rights
I'm sure I probably made a mistake in my appxmanifest but I don't see it. Any help would be appreciated.
Our appxmanifest looks like this
<?xml version="1.0" encoding="utf-8"?>
<Package
xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10"
xmlns:desktop6="http://schemas.microsoft.com/appx/manifest/desktop/windows10/6"
IgnorableNamespaces="uap rescap">
<Identity Name="NAME" Publisher="PUBLISHER" Version="0.0.0.0" />
<Properties>
<DisplayName>NAME</DisplayName>
<PublisherDisplayName>NAME</PublisherDisplayName>
<Logo>$placeholder$.png</Logo>
</Properties>
<Dependencies>
<TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.17763.0" MaxVersionTested="10.0.19041.0" />
<TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.17763.0" MaxVersionTested="10.0.19041.0" />
<PackageDependency Name="Microsoft.VCLibs.140.00.UWPDesktop" MinVersion="14.0.24217.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" />
</Dependencies>
<Resources>
<Resource Language="x-generate" />
</Resources>
<Applications>
<Application Id="App" Executable="$targetnametoken$.exe" EntryPoint="$targetentrypoint$">
<uap:VisualElements
DisplayName="$placeholder$"
Description="$placeholder$"
Square150x150Logo="$placeholder$.png"
Square44x44Logo="$placeholder$.png"
BackgroundColor="transparent">
<uap:DefaultTile Square71x71Logo="$placeholder$.png" Wide310x150Logo="$placeholder$.png" Square310x310Logo="$placeholder$.png" />
<uap:SplashScreen Image="$placeholder$.png" />
</uap:VisualElements>
<Extensions>
<desktop:Extension Category="windows.startupTask" Executable="NAME.exe" EntryPoint="MauiProgram.CreateMauiApp">
<desktop:StartupTask TaskId="NAME" Enabled="true" DisplayName="NAME" />
</desktop:Extension>
<desktop6:Extension
Category="windows.service"
Executable="SERVICE_EXECUTABLE.exe"
EntryPoint="SERVICE_NAMESPACE.Program">
<desktop6:Service
Name="SERVICE_NAME"
StartupType="auto"
StartAccount="localSystem"
Arguments="/manage"
>
</desktop6:Service>
</desktop6:Extension>
</Extensions>
</Application>
</Applications>
<Capabilities>
<rescap:Capability Name="runFullTrust" />
<rescap:Capability Name="allowElevation" />
<rescap:Capability Name="packagedServices" />
<rescap:Capability Name="packageManagement" />
<rescap:Capability Name="localSystemServices" />
</Capabilities>
</Package>
I’m trying to set up a Windows 10 multi-app kiosk configuration running a ClickOnce application. I’m following the Microsoft guide https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
It works until the ClickOnce application is updated after this it’s not possible run the application.
The problem is the path C:\Users\Musikspelare\AppData\Local\Apps\2.0\EBQ78BLC.1MN\0J3M24G5.KRQ\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe to the ClickOnce application under the section as this path changes after the application is updated.
Is there any other way of doing this for a ClickOnce application?
The XML configuration file for the multi-app kiosk setup looks as below:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="SpotifyAB.SpotifyMusic_zpdnekdrzrea0!Spotify"/>
<App DesktopAppPath="%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe"/>
<App DesktopAppPath="C:\Users\Musikspelare\AppData\Local\Apps\2.0\EBQ78BLC.1MN\0J3M24G5.KRQ\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe"/>
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="">
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="SpotifyAB.SpotifyMusic_zpdnekdrzrea0!Spotify" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="3" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\DancePlayer\DancePlayer.appref-ms" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<Account>Musikspelare</Account>
<DefaultProfile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I also ran into this issue. Fortunately, multi-app kiosk mode utilizes AppLocker to allow the apps listed under the "AllowedApps" tag. You can use an asterisk (*) as a wildcard in your filepaths to include arbitrary paths that are generated from ClickOnce applications. You would make the following adjustment to your code:
<App DesktopAppPath="%OSDrive%\Users\Musikspelare\AppData\Local\Apps\2.0\*\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe"/>
You should also include the AMUID of the app as it's listed from the Get-StartApps cmdlet to the "AllowedApps" list.
I haven't been able to test whether the AMUID looking portion of that path, "danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618" is generated as part of the install or if it's a GUID. It may also change when the ClickOnce apps updates, if that's the case, just remove that portion from the path and it should take care of it.
And for anybody using Intune, I wasn't able to include an asterisk in the path for a multi-app setup under the Kiosk Template. You will have to create a profile that includes the AssignedAccess policy and add your own XML.
https://learn.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp
I'm trying to create multi-app kiosk for one of our computer in the office running Windows 10 pro.
It works with Microsoft apps such as Calculator, Internet Explorer, but I'm trying to create one for one of our in-house app and it didn't work. When in kiosk mode, it came up with the app button but with a text of the location to the app itself (eg: W~C:\path\to\app\app.exe - I don't know what W~ means). And when I click on it, nothing happens. With multi-app kiosk, you have to write an XML file to allow which app to run:
<Profiles>
<Profile Id="{some id}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="C:\path\to\app\app.exe" />
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="TAS">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="C:\path\to\app\app.exe" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
</Profile>
</Profiles>
I was just wondering if there's something that you need to set in the <App> tag to specify the library path/working folder? Is there any documentation about on how to write XML files for multi-app kiosk? I found this on the Microsoft website but not in details:
https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
I generated the app package for my UWP project via sideload and installed it with the Powershell script that was made. Although the app installed and a folder was made in WindowsApps I cannot launch the app because it is not in the Start Menu. Any ideas on how to fix this?
Edit:
Applications tag in WAP Package Manifest:
<Applications>
<Application Id="App"
Executable="$targetnametoken$.exe"
EntryPoint="$targetentrypoint$">
<uap:VisualElements
DisplayName="WorksPackage2"
Description="Package"
BackgroundColor="transparent"
Square150x150Logo="Images\Square150x150Logo.png"
Square44x44Logo="Images\Square44x44Logo.png"
AppListEntry="none">
<uap:DefaultTile Wide310x150Logo="Images\Wide310x150Logo.png" />
<uap:SplashScreen Image="Images\SplashScreen.png" />
</uap:VisualElements>
<Extensions>
<uap:Extension Category="windows.appService">
<uap:AppService Name="iTunesConnection" />
</uap:Extension>
<desktop:Extension
xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10"
Category="windows.fullTrustProcess"
Executable="iTunesConsole\iTunesConsole.exe">
</desktop:Extension>
</Extensions>
</Application>
Applications tag in UWP Manifest:
<Applications>
<Application Id="App"
Executable="$targetnametoken$.exe"
EntryPoint="Works.App">
<uap:VisualElements
DisplayName="Works"
Square150x150Logo="Assets\Square150x150Logo.png"
Square44x44Logo="Assets\Square44x44Logo.png"
Description="Works"
BackgroundColor="transparent">
<uap:DefaultTile Wide310x150Logo="Assets\Wide310x150Logo.png"/>
<uap:SplashScreen Image="Assets\SplashScreen.png" />
</uap:VisualElements>
<Extensions>
<uap3:Extension Category="windows.appExtension">
<uap3:AppExtension Name="microsoft.gameBarUIExtension"
Id="YourUniqueIdHere"
DisplayName="iTunes Controller"
Description="desc"
PublicFolder="GameBar">
<uap3:Properties>
<GameBarWidget Type="Standard">
<HomeMenuVisible>true</HomeMenuVisible>
<PinningSupported>true</PinningSupported>
<Window>
<Size>
<Height>300</Height>
<Width>400</Width>
<MinHeight>150</MinHeight>
<MinWidth>200</MinWidth>
<MaxHeight>1000</MaxHeight>
<MaxWidth>1000</MaxWidth>
</Size>
<ResizeSupported>
<Horizontal>true</Horizontal>
<Vertical>true</Vertical>
</ResizeSupported>
</Window>
</GameBarWidget>
</uap3:Properties>
</uap3:AppExtension>
</uap3:Extension>
</Extensions>
</Application>
The problem is that you have:
AppListEntry="none"
which says "please don't add an entry to the Start menu."
We are trying to add iot capabilities to our Package.appxmanifest for a cordova project. Visual studio complains that the capability we are trying to use cannot be found nor is it a child of the foundation name space.
The underlined iot:Capability shows the following when hovered over:
The element 'BackgroundTasks' in namespace 'http://schemas.microsoft.com/appx/manifest/foundation/winows10' has invalid child element 'Capabilities' in namespace 'http://schemas.microsoft.com/appx/manifest/iot/windows10'. List of possible elements expected: '...
The thing is I created this as a new project and let vs do all the work yet it cannot resolve it's own entries it's creating. We see this with both a new C# and JS project that VS generated. Can anyone help us? (Yes we added the references "Windows IoT Extensions for the UWP" 10.0.10586.0 to the project as well.). FYI We get the same error when adding as well.
Here's the package.appxmanifest:
<?xml version='1.0' encoding='utf-8'?>
<Package IgnorableNamespaces="uap mp iot" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:iot="http://schemas.microsoft.com/appx/manifest/iot/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10">
<Identity Name="com.project.syndication.sitepad" Publisher="CN=$username$" Version="2.0.0.0" />
<mp:PhoneIdentity PhoneProductId="a885d1d0-453e-11e6-a59d-550bfa336405" PhonePublisherId="00000000-0000-0000-0000-000000000000" />
<Properties>
<DisplayName>SitePad App</DisplayName>
<PublisherDisplayName>ERT</PublisherDisplayName>
<Logo>images\StoreLogo.png</Logo>
</Properties>
<Dependencies>
<TargetDeviceFamily MaxVersionTested="10.0.10586.0" MinVersion="10.0.10586.0" Name="Windows.Universal" />
</Dependencies>
<Resources>
<Resource Language="x-generate" />
</Resources>
<Applications>
<Application Id="com.project.syndication.sitepad" StartPage="ms-appx-web:///www/index.html">
<uap:VisualElements BackgroundColor="#464646" Description="CordovaApp" DisplayName="SitePad App" Square150x150Logo="images\Square150x150Logo.png" Square44x44Logo="images\Square44x44Logo.png">
<uap:SplashScreen Image="images\splashscreen.png" />
<uap:DefaultTile ShortName="SitePad App" Square310x310Logo="images\Square310x310Logo.png" Square71x71Logo="images\Square71x71Logo.png" Wide310x150Logo="images\Wide310x150Logo.png" />
</uap:VisualElements>
<uap:ApplicationContentUriRules>
<uap:Rule Match="ms-appx-web:///" Type="include" WindowsRuntimeAccess="all" />
</uap:ApplicationContentUriRules>
</Application>
</Applications>
<Capabilities>
<Capability Name="internetClient" />
<uap:Capability Name="picturesLibrary" />
<iot:Capability Name="systemManagement" />
</Capabilities>
</Package>
The hovering error looks like a bug with something(VS?), I'm seeing it multiple times, yet my code still compiles and runs OK.
No worries on this.