Forum Discussion
Windows 11 assigned access - setting kiosk mode over powershell and WMI
Hey guys, so currently as this article states, kiosk multi app mode in Intune for windows 11 is on the roadmap, but there is no ETA, when it comes live. https://techcommunity.microsoft.com/t5/wi...
LainRobertson Hi Lain, thank you for your response, here is the output
So powershell is using the system authority
Unfortunately im not that deep into WMI and manipulating windows on that level
Okay, that actually looks good. The username is right and the earlier call you made above that to Get-CimInstance succeeded.
So, I've gone back up and had a look at the script and it looks like a simple formatting issue.
Line 6 should actually be part of line 5. So, this (your lines 5 and 6):
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode
(@"
Should become this:
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
The issue putting the "(" on the next line creates is that the XML doesn't get assigned to $obj.Configuration. Instead, $obj.Configuration has the definition of the
[System.Web.HttpUtility]::HtmlEncode method assigned to it. It's not important to understand that, only that it will cause your Set-CimInstance to fail.
So, make the simple change above and try again.
Cheers,
Lain
LainRobertson Hi Lain, I understand unfortunately I got another error, I double checked the script on synthax errors, and wrote exactly as in the example stated on this page (https://learn.microsoft.com/en-us/windows/configuration/lock-down-windows-11-to-specific-apps)
$nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className Add-Type -AssemblyName System.Web $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@" <?xml version="1.0" encoding="utf-8" ?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config"> <Profiles> <Profile Id="dca70007-6874-49b3-930f-26ead1d85918"> <AllAppsList> <AllowedApps> <App AppUserModelId="Citrix.Workspace" rs5:AutoLaunch="true"> <App AppUserModelId="MSEdge" /> <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> <App AppUserModelId="Microsoft.Windows.Explorer" /> </AllowedApps> </AllAppsList> <win11:StartPins> <![CDATA[ {"pinnedList": [ {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Citrix Workspace.lnk"}, {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk"}, {"packagedAppId":"windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel"}, {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"}, {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"} ]} ]]> <win11:StartPins/> <Taskbar ShowTaskbar="true"/><Taskbar/> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount/> <DefaultProfile Id="{c374b80f-6aea-4c02-b1db-7bb1dfc4fe84}"/> </Config> </Configs> </AssignedAccessConfiguration> "@) Set-CimInstance -CimInstance $objThat's okay. It still looks like you're making progress, and it doesn't help that this is more about InTune than PowerShell, as all I can do is guess when it comes to InTune.
Because I don't understand the MDM's XML, could you leave out the XML and run just the following script skeleton for me as a test, and see if you still get an error?
$nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className Add-Type -AssemblyName System.Web Set-CimInstance -CimInstance $objIf you don't get an error, then we know something is wrong with the XML. If we do get an error, then it's due to something other than the XML.
With all the previous issues taken care of, I'm expecting there should be no error.
Cheers,
Lain
- No errors with the skeleton