Forum Discussion
Windows Imaging and Configuration Designer and Assigned Access xml Bug
Hello everybody. So, my goal is to get this bug in front of the eyes that need to see it in order for the issue to get resolved, so if this is not the place to do that (it was the only place that I could find that seemed even remotely possible) then let me know where to move this post to so that the issue can be resolved. Now that that is out of the way, the issue that I want to report involves Assigned Access configuration file. As you may know, the "&" character cannot be present in an xml element attribute value, as it is a special character, and must be replaced with the escape string "&" instead. If there are any "&" characters in your assigned access configuration file, Windows Imaging and Configuration Designer will not allow you to compile the package. So, consider the Assigned Access Configuration file that I created with all of the "&" characters replaced with the appropriate "&" escape:
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration
xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
>
<Profiles>
<Profile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}">
<AllAppsList>
<AllowedApps>
<App DesktopAppPath="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Google\Update\GoogleUpdate\GoogleUpdate.exe" />
<App DesktopAppPath="C:\Tableau\Store Okta Login.exe" />
<App DesktopAppPath="C:\Tableau\Manager Okta Login.exe" />
<App DesktopAppPath="C:\Windows\explorer.exe" />
<App DesktopAppPath="C:\Windows\Splwow64.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\ScannerUtility\BrScUtil.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\HttpToUsbBridge\HttpToUsbBridge.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrotheriPrint&Scan.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\BrScanKeyEventMgr.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe" />
<App DesktopAppPath="C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe" />
<App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUi.exe" />
<App DesktopAppPath="C:\Windows\twain_32\Brimm22a\Common\TwDsUiLauncher.exe" />
</AllowedApps>
</AllAppsList>
<rs5:FileExplorerNamespaceRestrictions>
<rs5:AllowedNamespace Name="Downloads"/>
</rs5:FileExplorerNamespaceRestrictions>
<StartLayout>
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="Apps">
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Manager Okta Login.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Learning Hub.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\My Documents.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Altametrics Schedules.lnk" />
<start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Brother iPrintScan.lnk" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
<Taskbar ShowTaskbar="true" />
</Profile>
</Profiles>
<Configs>
<Config>
<AutoLogonAccount rs5:DisplayName="Manager Workstation"/>
<DefaultProfile Id="{aed4127d-7fe0-435f-bdda-e384815099ec}"/>
</Config>
</Configs>
</AssignedAccessConfiguration>
I apologize for formatting the contents of the file as a code block, but when I tried placing the text in a code sample, it would automatically substitute the "&" for an "&" character. In any event, importing the above assigned access configuration file in Windows Imaging and Configuration Designer does not produce an error, and allows for the application to compile the ppkg file, but when this ppkg is applied to a system during deployment, it results in an endless boot loop after the system restarts. It would seem that the provisioning package that Windows Image and Configuration Designer creates results (at least in my case) a boot loop on the target system if the assigned access xml that is imported contains any element attributes that contain an "&" character. And I am not the only person who has run into this problem either. While investigating this issue, I found the below thread detailing the exact same issue:
https://www.reddit.com/r/Intune/comments/1enlwwe/assigned_access_xml_with_ampersand_usage_fails_to/