Forum Discussion

MichaelW's avatar
MichaelW
Brass Contributor
Aug 09, 2023

Windows 11 assigned access - setting kiosk mode over powershell and WMI

Hey guys,    so currently as this article states, kiosk multi app mode in Intune for windows 11 is on the roadmap, but there is no ETA, when it comes live. https://techcommunity.microsoft.com/t5/wi...
microsoft intune
powershell
wmi
MichaelW's avatar
MichaelW
Brass Contributor

Also tried it with powershell 7 and with another version of the script (also from an elevated cmd started with psexec)

$nameSpaceName = "root\cimv2\mdm\dmmap"
$className = "MDM_AssignedAccess"

# Schreiben Sie die XML-Konfiguration in eine Datei
$xmlContent = @"
<?xml version="1.0" encoding="utf-8"?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config">
    <!-- ... Ihre XML-Konfiguration hier ... -->
</AssignedAccessConfiguration>
"@
$xmlFilePath = "win11-kiosk-wmi.xml"
$xmlContent | Set-Content -Path $xmlFilePath -Encoding UTF8

# Get-CimInstance, um die Instanz zu erhalten
$obj = Get-CimInstance -Namespace $nameSpaceName -ClassName $className

# Setzen Sie die Konfigurationseigenschaft des $obj-Objekts
$obj.Configuration = $xmlFilePath

# Aktualisieren Sie die Instanz mit der neuen Konfiguration
Set-CimInstance -CimInstance $obj

 

but also getting an error 

MichaelW's avatar
MichaelW
Brass Contributor
Aug 11, 2023

also ran the command on the client to test if I can access this class 

  • LainRobertson's avatar
    LainRobertson
    Silver Contributor
    Aug 11, 2023

    MichaelW 

     

    Hi, Michael.

     

    Again, I have to apologies for needing to use a translator (where I hope the translation is accurate), which for the error of:

     

    Es ist ein allgemeiner fehler aufgetreten, fur den kein spezifischerer fehlercode verfugbar ist

     

    I got a translation of:

     

    A general error has occurred for which a more specific error code is not available

     

    If that's accurate, that makes things a little difficult to troubleshoot since the MDM WMI provider isn't giving us a meaningful error to work with.

     

    I do have to wonder though, if you run the following, do you get back a reference to your user account or the computer's account?

     

    whoami

     

    Here's an example of the command, which in my case shows my user account:

     

     

    If you've followed the instructions correctly on using psexec, what you should get is a reference to the computer's account.

     

    Cheers,

    Lain

    • MichaelW's avatar
      MichaelW
      Brass Contributor
      Aug 11, 2023

      LainRobertson Hi Lain, thank you for your response, here is the output 

      So powershell is using the system authority

      Unfortunately im not that deep into WMI and manipulating windows on that level

      • LainRobertson's avatar
        LainRobertson
        Silver Contributor
        Aug 11, 2023

        MichaelW 

         

        Okay, that actually looks good. The username is right and the earlier call you made above that to Get-CimInstance succeeded.

         

        So, I've gone back up and had a look at the script and it looks like a simple formatting issue.

         

        Line 6 should actually be part of line 5. So, this (your lines 5 and 6):

         

        $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode
(@"

         

        Should become this:

         

        $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"

         

        The issue putting the "(" on the next line creates is that the XML doesn't get assigned to $obj.Configuration. Instead, $obj.Configuration has the definition of the 

        [System.Web.HttpUtility]::HtmlEncode method assigned to it. It's not important to understand that, only that it will cause your Set-CimInstance to fail.

         

        So, make the simple change above and try again.

         

        Cheers,

        Lain

Resources