Forum Discussion
Windows 11 assigned access - setting kiosk mode over powershell and WMI
Fantastic. That really helps us narrow our focus onto the XML.
I keep saying this as I feel like I'm the blind leading the blind here, but I really know nothing about this MDM stuff - it's way outside my areas of expertise. But for now, we can rule out the PowerShell side entirely and just look a the XML.
This first change is just a tip - it won't change your current XML at all: use the single-quote text block style rather than the double-quote form.
So, instead of this:
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
...
"@)
Use this:
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@'
...
'@)
Why?
PowerShell will try and identify any variables inside of a double-quotes block and swap out the variable name for the localised value, whereas using the single quote preserves the exact format of the text (i.e. no variable substitutions). This can be quite important for text blocks featuring symbols - like XML.
Here's a simple illustration of both double and single quotes and how PowerShell parses both:
As I say though, in this specific case, it's not an issue for your XML. It's just something important to be aware of that isn't always obvious.
Focusing on your XML, you could try stripping it down to something really simple and then building it back up, but one thing that sticks out to my untrained eye is that the GUID used near the top:
<Profile Id="dca70007-6874-49b3-930f-26ead1d85918">
Doesn't match the GUID near the bottom:
<DefaultProfile Id="{c374b80f-6aea-4c02-b1db-7bb1dfc4fe84}"/>
And I'm wondering (aka guessing) should they not both be the same value, as they are in the Microsoft article you referenced earlier?
Cheers,
Lain
- MichaelWAug 16, 2023Brass ContributorYes I will also change that, but In the latest tries I didnt even include the whole XML and I still got an error
- MichaelWAug 16, 2023Brass Contributor
Hi Lain, unfortunately im getting the same error again with single quotes:
"A general error has occurred for which no more specific error code is available."
also tried it like that with the same result...
$nameSpaceName="root\cimv2\mdm\dmmap" $className="MDM_AssignedAccess" $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className Add-Type -AssemblyName System.Web $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@' '@) Set-CimInstance -CimInstance $obj
- MichaelWAug 16, 2023Brass Contributora colleague stated that It could have something todo with the OS language, because its a german OS client. I will switch the OS language to english (american)
- LainRobertsonAug 16, 2023Silver Contributor
No worries - I hope you had a good break!
Also, if you go back a couple of posts, I also mentioned that the GUIDs don't match across the profile definition on line 12 (of your previous post) versus the default profile selection on line 38.
I'm not sure if this matters, but since the example from the Microsoft post has both GUIDs matching, I thought I should mention it.
Cheers,
Lain
- MichaelWAug 16, 2023Brass Contributor
LainRobertson Hi Lain, unfortunately it changed nothing wiping the client and use english(US) as the OS language. Same problem general error.
Can please someone help who has a bit of experience with WMI? Its super frustrating that we are not able to use Multiapp Windows 11 kiosk devices...
- LainRobertsonAug 16, 2023Silver Contributor
Hi, Michael.
It might pay to post in an InTune forum, as this is related to the XML that feeds into the MDM agent, not your PowerShell or WMI.
You can also check the errors from the following Windows Event Log location for more specific guidance on what's wrong with the XML:
- Application and Services Logs/Microsoft/Windows/AssignedAccess/Admin
Example
Unfortunately, the XML configuration is well outside being relevant to PowerShell, so I might stop here.
Cheers,
Lain
- Mattia_NocerinoSep 22, 2023Copper ContributorHi MichaelW
I'm facing the exact same issue. It's super frustrating.
Have you managed to find a solution? - MichaelWSep 22, 2023Brass Contributor
Hi, no unfortunately not yet
- michael_moshkovichOct 18, 2023Brass Contributor
Hallo,
I'm having the same issue on Win11, and noticed that if you remove the rs5 tags from the XML, the configuration went trough. e.g. rs5:AutoLaunch in your example or rs5:DisplayName for me.
if someone have some info regarding this, will be much appreciated. - michael_moshkovichOct 18, 2023Brass ContributorOK found it..
so, to use the rs5 tag you should include the schema.... 🤕
xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config"
so the final result will include rs5 and win11:
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config" xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config">
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config" xmlns:rs5="https://schemas.microsoft.com/AssignedAccess/201810/config">
<Profiles>.......
</AssignedAccessConfiguration>