I’m trying to set up a Windows 10 multi-app kiosk configuration running a ClickOnce application. I’m following the Microsoft guide https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
It works until the ClickOnce application is updated after this it’s not possible run the application.
The problem is the path C:\Users\Musikspelare\AppData\Local\Apps\2.0\EBQ78BLC.1MN\0J3M24G5.KRQ\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe to the ClickOnce application under the section as this path changes after the application is updated.
Is there any other way of doing this for a ClickOnce application?
The XML configuration file for the multi-app kiosk setup looks as below:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}">
<AllAppsList>
<AllowedApps>
<App AppUserModelId="SpotifyAB.SpotifyMusic_zpdnekdrzrea0!Spotify"/>
<App DesktopAppPath="%ProgramFiles(x86)%\Google\Chrome\Application\chrome.exe"/>
<App DesktopAppPath="C:\Users\Musikspelare\AppData\Local\Apps\2.0\EBQ78BLC.1MN\0J3M24G5.KRQ\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe"/>
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="">
<start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="SpotifyAB.SpotifyMusic_zpdnekdrzrea0!Spotify" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="3" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\DancePlayer\DancePlayer.appref-ms" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<Account>Musikspelare</Account>
<DefaultProfile Id="{AFF9DA33-AE89-4039-B646-3A5706E92957}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I also ran into this issue. Fortunately, multi-app kiosk mode utilizes AppLocker to allow the apps listed under the "AllowedApps" tag. You can use an asterisk (*) as a wildcard in your filepaths to include arbitrary paths that are generated from ClickOnce applications. You would make the following adjustment to your code:
<App DesktopAppPath="%OSDrive%\Users\Musikspelare\AppData\Local\Apps\2.0\*\danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618\DancePlayer.exe"/>
You should also include the AMUID of the app as it's listed from the Get-StartApps cmdlet to the "AllowedApps" list.
I haven't been able to test whether the AMUID looking portion of that path, "danc..tion_57ca62a9d061b04b_0002.0000_6fffc994766df618" is generated as part of the install or if it's a GUID. It may also change when the ClickOnce apps updates, if that's the case, just remove that portion from the path and it should take care of it.
And for anybody using Intune, I wasn't able to include an asterisk in the path for a multi-app setup under the Kiosk Template. You will have to create a profile that includes the AssignedAccess policy and add your own XML.
https://learn.microsoft.com/en-us/windows/client-management/mdm/assignedaccess-csp
Related
I followed the following tutorial on how to register a UWP registration free WinRT component https://blogs.windows.com/windowsdeveloper/2019/04/30/enhancing-non-packaged-desktop-apps-using-windows-runtime-components/ but I continue to receive errors about the component not being registered.
I begin by creating a Propertysheet.props sheet, like in the tutorial:
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ImportGroup Label="PropertySheets" />
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<ItemDefinitionGroup />
<ItemGroup />
<ItemGroup>
<Reference Include="C:\Users\User\Solution\x64\Debug\Component\Component.winmd">
<IsWinmdFile>true</IsWinmdFile>
</Reference>
<ReferenceCopyLocationPaths Include="C:\Users\User\Solution\x64\Debug\Component\Component.dll">
<IsWinmdFile>false</IsWinmdFile>
</ReferenceCopyLocationPaths>
<!--<Reference Include="C:\Users\User\Solution\x64\Debug\Component2\Component2.winmd">
<IsWinmdFile>true</IsWinmdFile>
</Reference>
<ReferenceCopyLocationPaths Include="C:\Users\User\Solution\x64\Debug\Component2\Component2.dll">
<IsWinmdFile>false</IsWinmdFile>
</ReferenceCopyLocationPaths>-->
</ItemGroup>
</Project>
When the solution is compiled, the Winmd and the dll for Component are added to the DUALITY.exe folder, but only the Winmd for Component2 has been auto added so I remmed it out for now. I then add the Propertysheet.props to the Application project using the properties manager utility. This disabled the ability to add reference, but it still works as though it has been added. My app.manifest looks like this:
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="Application.app"/>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true/PM</dpiAware>
<dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2, PerMonitor</dpiAwareness>
</windowsSettings>
</application>
<file name="Component.dll">
<activatableClass
name="Component.SubNamespace.Class"
threadingModel="both"
xmlns="urn:schemas-microsoft-com:winrt.v1" />
</file>
<!--<file name="Component2.dll">
<activatableClass
name="Component.PeregrineX12"
threadingModel="both"
xmlns="urn:schemas-microsoft-com:winrt.v1" />
</file>-->
</assembly>
There were concerns about Namespace and I itterated through a few possibilities. I get an error in my Appmanifest.xml at line 39:
"DEP0700: Registration of the app failed. [0x80080204] error 0xC00CE012: App manifest validation error: The app manifest must be valid as per schema: Line 39, Column 8, Reason: Content for element '{http://schemas.microsoft.com/appx/manifest/foundation/windows10}InProcessServer' is incomplete according to the DTD/Schema. Expecting: {http://schemas.microsoft.com/appx/manifest/foundation/windows10}ActivatableClass."
and the Appmanifest.xml looks like this:
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" IgnorableNamespaces="uap rescap build" xmlns:build="http://schemas.microsoft.com/developer/appx/2015/build">
<Identity Name="837f0535-5d07-4290-983b-a49988c57b12" Publisher="CN=User" Version="1.0.0.0" ProcessorArchitecture="x64" />
<Properties>
<DisplayName>Application</DisplayName>
<PublisherDisplayName>User</PublisherDisplayName>
<Logo>Assets\StoreLogo.png</Logo>
</Properties>
<Dependencies>
<TargetDeviceFamily Name="Windows.Universal" MinVersion="10.0.22000.0" MaxVersionTested="10.0.22000.0" />
<TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.17763.0" MaxVersionTested="10.0.19041.0" />
<PackageDependency Name="Microsoft.WindowsAppRuntime.1.1" MinVersion="1001.524.1918.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" />
<PackageDependency Name="Microsoft.VCLibs.140.00.Debug" MinVersion="14.0.30704.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" />
<PackageDependency Name="Microsoft.VCLibs.140.00.Debug.UWPDesktop" MinVersion="14.0.30704.0" Publisher="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" />
</Dependencies>
<Resources>
<Resource Language="EN-US" />
</Resources>
<Applications>
<Application Id="App" Executable="Application.exe" EntryPoint="Windows.FullTrustApplication">
<uap:VisualElements DisplayName="Application" Description="DUALITY" BackgroundColor="transparent" Square150x150Logo="Assets\Square150x150Logo.png" Square44x44Logo="Assets\Square44x44Logo.png">
<uap:DefaultTile Wide310x150Logo="Assets\Wide310x150Logo.png" />
<uap:SplashScreen Image="Assets\SplashScreen.png" />
</uap:VisualElements>
</Application>
</Applications>
<Capabilities>
<rescap:Capability Name="runFullTrust" />
</Capabilities>
<Extensions>
<Extension Category="windows.activatableClass.inProcessServer">
<InProcessServer>
<Path>Component.dll</Path>
</InProcessServer>
</Extension>
</Extensions>
<build:Metadata>
<build:Item Name="cl.exe" Version="19.31.31107.0" />
<build:Item Name="OptimizingToolset" Value="None" />
<build:Item Name="TargetRuntime" Value="Native" />
<build:Item Name="Microsoft.UI.Xaml.Markup.Compiler.dll" Version="1.0.0.0" />
<build:Item Name="Microsoft.UniversalCRT.Debug" Version="10.0.22000.0" />
<build:Item Name="makepri.exe" Version="10.0.22621.1 (WinBuild.160101.0800)" />
</build:Metadata>
</Package>
At this point, this was the first time an attempt was made by the framework to register the dll. This is all of the information I have collected from documentation, at this time. As can be seen ActivatableClass was not added and I'm pretty sure it should have been.
I'm going to re-summarize here, based on what I have come to, going through more of the documentation.
When you create a WinUI App, you can create a Packaged app with a packaging project or without. Here was my first mistake. The second project template is still a Packaged App and not an Unpackaged App. So keep that in mind while choosing your approach. The above tutorial says that the tutorial is specific to Unpackaged Apps, but it is applicable to both Packaged and Unpackaged Apps.
The tutorial describes how to consume WinRT Components calling it Registration Free. But WinRT is a Registration Free framework. Calling it Registration Free was misleading. Registration Free simply meant that it uses a manifest and doesn't mean you can gain access to the component without registering it with the App. Unless late binding (calling plugins), you will have to follow the Registration Free in application registration.
When making a Packaged App I needed to include the NuGet package Microsoft.VCRTForwarders.140. The tutorial uses app.manifest to declare activatableClasses. This is a shortcut, and really, you need to use the Package.appxmanifest to acquire full framework functionality; like declaring Proxy-Stub Servers for Interfaces. I use the Propertysheet.props to include the winmds and move the dll's into the exe folder, instead of just making a reference to the winmd and manually copying the dll's.
Here I learned I wasn't actually making an Unpackaged App. To make an Unpackaged App, first I had to make a Packaged App with no packaging project. Then, WindowPackageType had to be set to None and AppxPackage to false in the project file. Package.appxmanifest had to be removed from the project. I no longer needed the NuGet. Instead I needed to install the required framework bits, and load the Bootstrapper. This enabled connectivity and started the winrt framework in the Unpackaged environment. When not late binding, I included the winmds and moved my dll's into the executable folder using the Propertysheet.props. In this way I was able to use winrt get_activation_factory to make Runtime Classes in WinUI Components. There was no single document that covered this.
I found the easiest way to late bind WinRT components was--in an unpackaged or packaged app--was to load the dll using WINRT_IMPL_LoadLibraryW from base.h and call the GetActivationFactory directly using WINRT_IMPL_GetProcAddress. The only problem with this was that the Xaml framework didn't just extend into the WinUI Component. Xaml content was unable to load in the loaded component dll. I believe there is a way to add Xaml functionality, but it looks like it mixes with legacy WRL code and Xaml islands.
My solution to this last problem was to start another WinUI process. I Loaded a sub App from an App as a driver for the code behind. Other than to have a call up application, I don't see why I'd personally use controls defined in WinUI component dll's, and will simply use the main processes to drive behind UI logic in modular WinRT dll's. Especially with my Desktop Application already being so modular. Need new UI functionality, make a new one off of a template. For my purposes this makes the most sense. WinUI, WinRT, and Windows::Foundation all work without Xaml. I even passed a SwapChainPanel to a WinUI Component dll to make late binding DirectX12 graphics pipelines, so we're doing good.
I am setting up a multi-app kiosk in audit mode on a fresh install of Win 10 IoT Ent LTSC 1809.
I've create an XML assigned access file based on: https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="https://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{75C4578C-D56D-402A-A946-CA3CCA60633A}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="C:\Windows\system32\mspaint.exe"/>
<App DesktopAppPath="C:\Windows\System32\notepad.exe"/>
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="https://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="https://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="httsp://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="4" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="4">
<start:Group Name="Group1">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true"/>
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Hello World"/>
<DefaultProfile Id="{75C4578C-D56D-402A-A946-CA3CCA60633A}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I've then used ICD to create a provisioning package using this XML file. When I try applying the package, I get an error and the following event log:
ProvXML category 'UxLockdown' failed with '0xC00CE223' at CSP node
'AssignedAccess/Configuration'. Provisioning failed
From researching this error online, there may be an error in my XML file. I've gone over it a few times and validated against the schema but still getting this error.
Can anyone provide help?
change
xmlns="https://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config"
to
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
its http not https, yes M$ had me running around in circles on this one
I'm trying to create multi-app kiosk for one of our computer in the office running Windows 10 pro.
It works with Microsoft apps such as Calculator, Internet Explorer, but I'm trying to create one for one of our in-house app and it didn't work. When in kiosk mode, it came up with the app button but with a text of the location to the app itself (eg: W~C:\path\to\app\app.exe - I don't know what W~ means). And when I click on it, nothing happens. With multi-app kiosk, you have to write an XML file to allow which app to run:
<Profiles>
<Profile Id="{some id}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="C:\path\to\app\app.exe" />
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="TAS">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="C:\path\to\app\app.exe" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
</Profile>
</Profiles>
I was just wondering if there's something that you need to set in the <App> tag to specify the library path/working folder? Is there any documentation about on how to write XML files for multi-app kiosk? I found this on the Microsoft website but not in details:
https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps
I am trying to set up an AppxManifest.xml to launch a Win32 application as a full trust application. Using the snippet below, I am able to Add-AppxPackage -Register AppxManifest.xml and then use Debug > Other Debugging Tools > Debug Installed Application to debug the application in Visual Studio 2017.
However, I want to pass some arguments to the application when launching it. How can I acomplish this? I don't mind listing them in the AppxManifest.xml if that is easiest, I just need to know how.
...
<Applications>
<Application Id="App" Executable="SomeExecutable.exe" EntryPoint="Windows.FullTrustApplication">
<uap:VisualElements DisplayName="Wrap" Description="Wrap" BackgroundColor="transparent" Square150x150Logo="Assets\Square150x150Logo.png" Square44x44Logo="Assets\Square44x44Logo.png">
<uap:DefaultTile Wide310x150Logo="Assets\Wide310x150Logo.png" />
</uap:VisualElements>
</Application>
</Applications>
...
Protocol associations is what you look for:
Protocol associations can enable other programs and system components
to interoperate with your packaged app. When your packaged application
is started by using a protocol, you can specify specific parameters to
pass to its activation event arguments so it can behave accordingly.
Parameters are supported only for packaged, full-trust apps.
<Package
xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3"
xmlns:desktop="http://schemas.microsoft.com/appx/manifest/desktop/windows10"
IgnorableNamespaces="uap3, desktop">
<Applications>
<Application>
<Extensions>
<uap3:Extension
Category="windows.protocol">
<uap3:Protocol
Name="myapp-cmd"
Parameters="/p " />
</uap3:Extension>
</Extensions>
</Application>
</Applications>
</Package>
Just like WiX installer, I wanna distribute a small setup.exe, while installing, the setup.exe can download the demanded msis from a specified server.
If anyone know how to do, code sample is better.
The below codes can be compiled successfully, but the WixBA UI doesn't display.
<?xml version="1.0" encoding="UTF-8"?>
<BootstrapperApplicationRef Id='ManagedBootstrapperApplicationHost'>
<Payload Name='BootstrapperCore.config' SourceFile='WixBA.BootstrapperCore.config' />
<Payload SourceFile='WixBA.dll' />
<Payload SourceFile='License.htm' />
</BootstrapperApplicationRef>
<Variable Name='InstallFolder' Type='string' Value='[ProgramFilesFolder]Test' />
<Chain>
<MsiPackage Id='sevenz' Vital='yes' Name='data\7z.msi' SourceFile='data\7z.msi' >
<MsiProperty Name='INSTALLFOLDER' Value='[InstallFolder]' />
</MsiPackage>
</Chain>
</Bundle>
The WiX toolset supports this using the Burn engine. The source code is all available in src\burn\engine (in particular, you'll want to look at downloadengine.cpp).