Configuring Multi-App Kiosk Mode in Windows
A Step-by-Step Guide to Implementing UWP and Win32 Apps
Key Takeaways
- Comprehensive XML Configuration: Incorporate both UWP and Win32 applications to ensure a versatile kiosk environment.
- Start Menu Customization: Properly configure the Start layout to display all necessary applications for end-users.
- Deployment via OMA-URI: Utilize Microsoft Intune's OMA-URI settings to seamlessly apply the kiosk configuration across devices.
Introduction to Windows Kiosk Mode
Windows Kiosk Mode is a specialized configuration that allows a device to run in a locked-down state, restricting user access to only specific applications. This setup is ideal for public-facing environments such as retail stores, information kiosks, or educational settings, where controlling the user experience is paramount.
Understanding UWP and Win32 Applications
Universal Windows Platform (UWP) Apps
UWP apps are designed to run across all Windows devices, including desktops, tablets, and phones. They are distributed via the Microsoft Store and use App User Model IDs (AUMIDs) to identify and launch applications.
Win32 Applications
Win32 apps are traditional desktop applications that have been a part of the Windows ecosystem for decades. These applications are typically installed via executable files and can be pinned to the Start menu using their executable paths or shortcut links (.lnk files).
Example XML Configuration for Multi-App Kiosk Mode
The XML configuration below is a comprehensive example that includes both UWP and Win32 applications. This configuration ensures that each application is accessible and visible in the Start menu, providing a seamless user experience in kiosk mode.
XML Configuration Structure
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
<Profiles>
<Profile Id="MultiAppKioskProfile">
<AllAppsList>
<AllowedApps>
<!-- UWP Applications -->
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
<App AppUserModelId="Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim" />
<!-- Win32 Applications -->
<App DesktopAppPath="C:\Program Files\Mozilla Firefox\firefox.exe" />
<App DesktopAppPath="C:\Program Files\Notepad++\notepad++.exe" />
<App DesktopAppPath="C:\Program Files\MyApp\MyApp.exe" />
</AllowedApps>
</AllAppsList>
<StartLayout>
<![CDATA[
<LayoutModificationTemplate xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
Version="1">
<LayoutOptions StartTileGroupCellWidth="6" />
<DefaultLayoutOverride>
<StartLayoutCollection>
<defaultlayout:StartLayout GroupCellWidth="6">
<start:Group Name="Kiosk Applications">
<start:DesktopApplicationTile
Size="2x2"
Column="0"
Row="0"
DesktopApplicationID="C:\Program Files\Mozilla Firefox\firefox.exe" />
<start:DesktopApplicationTile
Size="2x2"
Column="2"
Row="0"
DesktopApplicationID="C:\Program Files\Notepad++\notepad++.exe" />
<start:DesktopApplicationTile
Size="2x2"
Column="4"
Row="0"
DesktopApplicationID="C:\Program Files\MyApp\MyApp.exe" />
<start:Tile
Size="2x2"
Column="0"
Row="2"
AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
<start:Tile
Size="2x2"
Column="2"
Row="2"
AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
<start:Tile
Size="2x2"
Column="4"
Row="2"
AppUserModelID="Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim" />
</start:Group>
</defaultlayout:StartLayout>
</StartLayoutCollection>
</DefaultLayoutOverride>
</LayoutModificationTemplate>
]]>
</StartLayout>
</Profile>
</Profiles>
<Configs>
<Config>
<Account>KioskUser</Account>
<DefaultProfile Id="MultiAppKioskProfile" />
</Config>
</Configs>
</AssignedAccessConfiguration>
Explanation of XML Elements
| Element | Description |
|---|---|
<Profile Id="..."></Profile> |
Defines a unique profile for kiosk mode settings. |
<AllowedApps></AllowedApps> |
Lists all applications permitted to run in kiosk mode, including both UWP and Win32 apps. |
<App AppUserModelId="..."/> |
Specifies a UWP application using its App User Model ID. |
<App DesktopAppPath="..."/> |
Specifies a Win32 application using its executable path. |
<StartLayout></StartLayout> |
Defines the layout of the Start menu, organizing apps into groups and specifying their positions. |
<Configs></Configs> |
Associates the defined profile with a specific user account intended for kiosk mode. |
Applying the XML Configuration via OMA-URI
Deploying the kiosk configuration across devices involves utilizing the Open Mobile Alliance Uniform Resource Identifier (OMA-URI) within a Mobile Device Management (MDM) solution like Microsoft Intune. Below are the detailed steps to apply the XML configuration:
Step 1: Access Microsoft Intune Admin Center
Navigate to the Microsoft Intune admin center. Ensure you have the necessary administrative privileges to create and assign configuration profiles.
Step 2: Create a Custom Configuration Profile
-
Navigate to Devices: In the left-hand menu, select Devices.
-
Create Profile: Go to Configuration profiles > Create profile.
-
Profile Settings:
- Platform: Select Windows 10 and later.
- Profile Type: Choose Custom.
Step 3: Configure OMA-URI Settings
-
Add OMA-URI Setting: Click on Add to create a new OMA-URI setting.
-
Enter Details:
- Name: Multi-App Kiosk Configuration
- OMA-URI:
./Device/Vendor/MSFT/AssignedAccess/Configuration - Data type: String (XML file)
- Value: Paste the complete XML configuration provided above.
Step 4: Assign the Profile
-
Select Target Devices: Choose the device groups that should receive the kiosk configuration.
-
Assign: Complete the assignment by following the prompts, ensuring the profile is correctly linked to the intended devices.
Step 5: Deploy and Verify
-
Deploy Profile: Initiate the deployment process within Intune and monitor the status to ensure successful rollout.
-
Verify Configuration: On the target devices, log in using the specified kiosk account (e.g.,
KioskUser) to confirm that all designated applications appear in the Start menu and operate as intended.
Sample Deployment Table
| Step | Action | Details |
|---|---|---|
| 1 | Access Intune Admin Center | Navigate to Microsoft Intune admin center |
| 2 | Create Configuration Profile | Select Windows 10 and later > Custom profile |
| 3 | Configure OMA-URI | Use ./Device/Vendor/MSFT/AssignedAccess/Configuration with XML content |
| 4 | Assign Profile | Target relevant device groups |
| 5 | Deploy and Verify | Ensure apps are visible and functional in Start menu |
Common Troubleshooting Tips
1. Verify XML Syntax
Ensure that the XML file is well-formed and free of syntax errors. Even minor mistakes, such as missing closing tags or incorrect attribute names, can prevent the configuration from applying correctly.
2. Check App Paths and AUMIDs
Double-check the executable paths for Win32 applications and the App User Model IDs for UWP applications. Incorrect paths or IDs will result in applications not appearing or launching properly.
3. Validate OMA-URI Configuration
Ensure that the OMA-URI path is correctly specified as ./Device/Vendor/MSFT/AssignedAccess/Configuration and that the XML content is accurately pasted into the Value field.
4. Assign to Correct User Account
Confirm that the configuration is linked to the appropriate user account intended for kiosk mode. Misassigning profiles can lead to configurations not applying as expected.
5. Monitor Deployment Status
Use the Intune admin center to monitor the deployment status of the configuration profile. Look for any errors or failed deployments that may need attention.
6. Restart Devices
After applying the configuration, restart the target devices to ensure that all settings are correctly loaded and enforced.
Final Considerations
Implementing a multi-app kiosk mode in Windows requires meticulous planning and precise configuration. By carefully crafting the XML configuration to include both UWP and Win32 applications and deploying it via OMA-URI using Microsoft Intune, administrators can ensure a controlled and efficient kiosk environment. Regular monitoring and adherence to best practices will help maintain the integrity and functionality of the kiosk setup.
References
- Create an Assigned Access configuration XML file - Microsoft Learn
- Configuring multi-app kiosk mode on Windows 11 - Peter van der Woude
- Create a custom XML for Multi-App Kiosk Mode in Microsoft Intune - Cloud Wisdom
- Introduction to multi-app kiosks on Windows devices - Microsoft
- Multi-App Kiosk Policy with a Custom XML - Microsoft Learn
These resources offer in-depth guidance and additional examples to assist in configuring and troubleshooting multi-app kiosk modes in Windows environments.
Last updated January 19, 2025