Forum Discussion

Artemis230000's avatar
Artemis230000
Copper Contributor
Nov 06, 2024

Windows Restricted User Experience Set-CimInstance Error

So I'm trying to set up a restricted user experience that allows the usage of only one application. However, I keep running into this weird error message that provides no useful information:

I've been successful in getting the boilerplate example from the official Windows guide to work, so I'm fairly certain the error lies in how I've set up the Allowed Apps and PinnedList. Perhaps in the path to the app? But I'm not sure how I'd go about changing that since I got the pathway from the task manager. Any help is appreciated!

Full code below:

psexec.exe -i -s powershell.exe

$assignedAccessConfiguration = @"
<?xml version="1.0" encoding="utf-8"?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config" xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">
  <Profiles>
    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}">
      <AllAppsList>
        <AllowedApps>
          <App AppUserModelId="Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe" />
        </AllowedApps>
      </AllAppsList>
      <v5:StartPins><![CDATA[{
                    "pinnedList":[
                        {"packagedAppId":"Microsoft.RemoteDesktop_10.2.3012.0_x64__8wekyb3d8bbwe"},
                    ]
                }]]></v5:StartPins>
      <Taskbar ShowTaskbar="true" />
    </Profile>
  </Profiles>
  <Configs>
    <Config>
      <AutoLogonAccount rs5:DisplayName="RDUSER" />
      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C24}" />
    </Config>
  </Configs>
</AssignedAccessConfiguration>
"@

$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
Set-CimInstance -CimInstance $obj

 

  • LainRobertson's avatar
    LainRobertson
    Silver Contributor

    Hi Artemis230000 ,

    This topic has come up before but it's not actually related to PowerShell.

     

    I'd suggest posting on an Intune forum instead as the issue is with the XML structure, for which you can get feedback from the event logs as noted in my previous exchange on this topic.

     

    • https://techcommunity.microsoft.com/discussions/windowspowershell/windows-11-assigned-access---setting-kiosk-mode-over-powershell-and-wmi/3895122/replies/3901097

     

    The event log detail provides granular instruction on what is wrong and what is expected.

     

    Cheers,
    Lain

  • DarkStar's avatar
    DarkStar
    Copper Contributor

    Artemis230000I have seen this type of problem with "Set-" in various conditions.  What I discovered over much trial and error is sometimes you cannot SET all objects in one go. You have to do part of the SET and then do another SET for more objects. The problem seems to be something has to be SET first before you can SET something else. Simple Example: SET the creation of the user name and you want to set an attribute for them. You have to create the user first then SET the attribute so you cannot use one SET. You create the user with all the objects you can then SET then attribute after with another SET. Hope that makes sense.

Resources