Windows 10 IoT Enterprise 2019 - multi-kiosk mode

Introduction



Windows 10 IoT Enterprise 2019 is the marketing name for the next release of Windows 10. The release of this version was announced in September 2018, respectively, it has version 1809, 18 - year, 09 - month. Many articles have been written on the new release of Windows 10 1809, but most of them are devoted to various "bows", "beauties" and various functionalities that are in demand at home.

This article will focus only on the functionality that may be in demand among manufacturers of fixed-purpose devices. Namely, about the new features of the "Kiosk" mode. The topic of changing the names of service schemes for editions of Windows in the corporate segment will also be discussed.



Old service scheme with a new name



I'll start with a little explanation, in the corporate segment of Windows editions there are two service schemes according to which Windows receives updates. Service plans are designated by letter. The service branches are now called LTSC and SAC.



LTSC stands for Long Term Servicing Channel . Previously, such a channel was called LTSB - Long Term Servicing Branch, Microsoft simply changed the name of the service channel, the service itself remained the same.



Also, Microsoft changed the name of the CBB servicing branch - Current Branch for Business, now this servicing branch is called SAC - Semi-Annual Channel . Again, only the name has changed.



But it should be mentioned that the LTSC and SAC servicing branches use different Windows distributions.



SAC



, LTSC SAC . LTSC , SAC . , LTSC Edge, SAC . Edge, :





, .. . , «», EDGE .





, Windows 10 IoT Enterprise , . - . . «multi-app kiosk», «». .



«»



. «» , .



:





5. , , . .. AppLocker. , AppLocker’, AppLocker’ .



6 , «Downloads». . XML-, .













  1. , .
  2. XML
  3. :

    1. №1 — ICD, ADK. ADK
    2. №2 – PsExec.


– «!»



Windows 10 IoT Enterprise 1809 LTSC x32 , . .. . 32 , .



1 –



Win 10 IoT Enterprise Win 10 Enterprise, , .



, . .



, .



.. , . , «Let’s start with region. Is this right» «Ctrl+Shift+F3».



2 –



.. , - . . , « » – . «Sysprep», . , « ».



Sysprep.bat – .
@echo off
chcp 1251>nul

net session>nul 2>nul
if %errorLevel% neq 0 (powershell -command "Start-Process "%~s0" -Verb RunAs"&exit)

tasklist /fi "ImageName eq sysprep.exe" | find /i "sysprep.exe"
if %errorlevel% lss 1 (taskkill /im sysprep.exe)

set AdminName=Admin
net user %AdminName%>nul 2>nul
if %errorLevel% neq 0 (call :AddAdmin "%AdminName%")
if %errorLevel% neq 0 (call :ShowMessage "‡‡‡      "%AdminName%"‡‡      "&pause>nul&exit)

pushd "%~dp0"

cls
call :ShowMessage ‡‡‡‡‡‡‡‡‡‡
echo  1 -     
echo  2 -     
:Select
set /p Choice="   : "
if "%Choice%"=="1" (goto Audit)
if "%Choice%"=="2" (goto OOBE)
echo.&echo   .&goto Select

exit

:Audit
    call :ShowMessage "‡‡‡‡‡    "
    reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v KillSysprep /t REG_SZ /d "taskkill /im sysprep.exe" /f
    %SYSTEMROOT%\System32\Sysprep\sysprep.exe /audit /generalize /shutdown /quiet
goto :eof

:OOBE
    call :ShowMessage "‡‡‡‡‡    "
    reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v KillSysprep /f
    powershell -command "(Get-Content -path 'Unattend.xml' -Raw).Trim() -replace 'Architecture=""".+?"""','Architecture="""%PROCESSOR_ARCHITECTURE%"""' | Set-Content -path 'Unattend.xml'"
    %SYSTEMROOT%\System32\Sysprep\sysprep.exe /oobe /generalize /shutdown /quiet /unattend:Unattend.xml
goto :eof

:AddAdmin
    setlocal
    set UserName=%~1
    if not defined UserName (echo    &endlocal&exit /b 1)

    call :GetGroupName "S-1-5-32-544" AdminGroup
    if not defined AdminGroup (endlocal&exit /b 2)

    call :GetGroupName "S-1-5-32-545" UserGroup
    if not defined UserGroup (endlocal&exit /b 3)

    net user %UserName% /add
    wmic useraccount where "Name='%UserName%'" set PasswordExpires=False>nul
    net localgroup %AdminGroup% %UserName% /add
    net localgroup %UserGroup% %UserName% /delete
    endlocal&exit /b 0
goto :eof

:GetGroupName
    if "%~1"=="" (echo   SID &goto :eof)
    set %2=
    for /f "tokens=2 delims=\ " %%i in ('whoami /groups /fo table^|find "%~1"') do set %2=%%i
    if not defined %2 (echo      SID' "%~1")
goto :eof

:ShowMessage
    setlocal enabledelayedexpansion
    set String=%~1
    if not defined String (echo.&setlocal disabledelayedexpansion&goto :eof)
    set /a ConCols=120 & set /a Num=1
    set "String[!Num!].str=%String:‡=" & set /a Num+=1 & set "String[!Num!].str=%"
    for /l %%a in (1,1,%Num%) do (
        for /l %%b in (0,1,%ConCols%) do if "!String[%%a].str:~%%b!" == "" (set "String[%%a].str= !String[%%a].str! "&set /a String[%%a].len-=1) else (set /a String[%%a].len+=0||set /a String[%%a].len=0)
        if not defined String[%%a].str (set String[%%a].str= )
        if not !String[%%a].len! equ 0 (call set String[%%a].str=%%String[%%a].str:~,!String[%%a].len!%%)
        if "!String[%%a].str: =!"=="" (echo.) else (echo !String[%%a].str!))
    setlocal disabledelayedexpansion
goto :eof


«Admin» . «».



Unattend.xml – sysprep’.
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v SetupDisplayedProductKey /t REG_DWORD /d 1 /f</Path>
                    <Order>1</Order>
                    <Description>Dont show key page</Description>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
                    <Order>2</Order>
                    <Description>Dont make account</Description>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Path>cmd.exe /c rd %systemdrive%\Sysprep /s /q</Path>
                    <Order>3</Order>
                    <Description>Del Folder</Description>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Enabled>true</Enabled>
                <Username>Admin</Username>
            </AutoLogon>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US; ru-RU</InputLocale>
            <SystemLocale>ru-RU</SystemLocale>
            <UILanguage>ru-RU</UILanguage>
            <UILanguageFallback></UILanguageFallback>
            <UserLocale>ru-RU</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
        </component>
    </settings>
</unattend>


«sysprep.exe» sysprep’ . . «Sysprep» .



«Sysprep.bat» . DISM’ . , , «Windows\System32\Recovery» «Recovery\WindowsRE» . .. «Windows\System32\Recovery» .



3 –



, . , , . . Windows 10 1809 Windows 10 1809.



– , . .



«», – «ms-settings:», , . , .



, .



.. , . . , , « ».



.



.



4 –



.. LTSB LTSC , «Microsoft Store» , – . «Adguard» – «Adguard Store», .



«Appx» «AppxBundle». . .



, . . «App Installer», , , «App Installer».



, . . .



5 –



– . . XML-, .



. XML- – .



«» , . «Win+s», , « ».



:



  • Internet Explorer
  • Paint
  • WordPad
  • Windows


.. LTSC . , . «» . , . , , – « » . «», «» « Windows». « », . , , , .



.. « Windows» , «». « ».



, PowerShell – «Export-StartLayout – path C:\Sysprep\StartLayout.xml».



, – «Copy», «MultiAppKiosk.xml». . «StartLayoutCollection» «StartLayout.xml» «MultiAppKiosk.xml». «AllowedApps» , , . , « > ». , ID «AppUserModelId», «DesktopAppPath». , IE x64, «Program Files\Internet Explorer\iexplore.exe» «Program Files (x86)\Internet Explorer\iexplore.exe».



, «FileExplorerNamespaceRestrictions».



, «Taskbar» .



, , . .



«Configs» , , . .. , – «Config». «User».





MultiAppKiosk.xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration 
  xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
  xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
  >
  <Profiles>
      <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
          <AllAppsList>
              <AllowedApps>
                  <App AppUserModelId="WINDOWS.IMMERSIVECONTROLPANEL_CW5N1H2TXYEWY!MICROSOFT.WINDOWS.IMMERSIVECONTROLPANEL" />
                  <App AppUserModelId="Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI" />
                  <App DesktopAppPath="%windir%\system32\notepad.exe" />
                  <App DesktopAppPath="C:\Program Files\Internet Explorer\iexplore.exe" />
                  <App DesktopAppPath="%windir%\system32\win32calc.exe" />
                  <App DesktopAppPath="%windir%\system32\mspaint.exe" />
                  <App DesktopAppPath="%ProgramFiles%\Windows NT\Accessories\wordpad.exe" />
              </AllowedApps>
          </AllAppsList>
          <StartLayout>
              <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
                    <LayoutOptions StartTileGroupCellWidth="6" />
                    <DefaultLayoutOverride>
                      <StartLayoutCollection>
                        <defaultlayout:StartLayout GroupCellWidth="6">
                          <start:Group Name="">
                            <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="WINDOWS.IMMERSIVECONTROLPANEL_CW5N1H2TXYEWY!MICROSOFT.WINDOWS.IMMERSIVECONTROLPANEL" />
                            <start:Tile Size="4x2" Column="2" Row="0" AppUserModelID="Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI" />
                          </start:Group>
                          <start:Group Name=" ">
                            <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                          </start:Group>
                        </defaultlayout:StartLayout>
                      </StartLayoutCollection>
                    </DefaultLayoutOverride>
                  </LayoutModificationTemplate>
              ]]>
          </StartLayout>
          <Taskbar ShowTaskbar="true"/>
      </Profile>
  </Profiles>
  <Configs>
      <Config>
          <Account>User</Account>
          <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
      </Config>
  </Configs>
</AssignedAccessConfiguration>


XML- , ID, XML-, . .. , PowerShell «[guid]::NewGuid()». «UTF-8», «ANSI», XML- .



6 –



, . – , ICD. -, , . – «MDM Bridge WMI Provider», .



№1



ICD, ADK . ADK , .



ICD, « », «». « Windows » «». , «».



« », «AssignedAccess» «MultiAppAssignedAccessSettings». ICD «» XML- . «Ctrl+s». ICD «» « ». «-» , «» «» «».



«User», «» . « » .



. . : «», «», «». , - . « > > > ».



, , , .



№2



«MDM Bridge WMI Provider» . , . , . .



MiltiKiosk.bat –
@echo off
chcp 1251>nul

if not exist "%~dp0psexec.exe" call :ShowMessage "‡‡‡‡‡‡‡‡‡‡‡‡‡     psexec.exe‡‡      "&pause>nul&exit

net session>nul 2>nul
if %errorLevel% neq 0 (powershell -command "Start-Process "%~s0" -Verb RunAs"&exit)

for /f "tokens=2 delims==" %%i in ('wmic useraccount where "Name='%UserName%'" get SID /value^|find "SID"') do set SID=%%i
reg add HKU\%SID%\Software\Sysinternals\PsExec /v EulaAccepted /t REG_DWORD /d 1 /f

for /f %%i in ('dir "%~dp0%~n0*.ps1" /b /o:n') do set PSFilePath=%~dp0%%i
if not defined PSFilePath (echo   PS     - "%~n0"&pause&exit)
set PSFilePath=%PSFilePath: =` %
"%~dp0psexec.exe" -i -s powershell -command "Start-Process powershell.exe -ArgumentList '-ExecutionPolicy Unrestricted -Command %PSFilePath%'"

exit

:ShowMessage
    setlocal enabledelayedexpansion
    set String=%~1
    if not defined String (echo.&setlocal disabledelayedexpansion&goto :eof)
    set /a ConCols=120 & set /a Num=1
    set "String[!Num!].str=%String:‡=" & set /a Num+=1 & set "String[!Num!].str=%"
    for /l %%a in (1,1,%Num%) do (
        for /l %%b in (0,1,%ConCols%) do if "!String[%%a].str:~%%b!" == "" (set "String[%%a].str= !String[%%a].str! "&set /a String[%%a].len-=1) else (set /a String[%%a].len+=0||set /a String[%%a].len=0)
        if not defined String[%%a].str (set String[%%a].str= )
        if not !String[%%a].len! equ 0 (call set String[%%a].str=%%String[%%a].str:~,!String[%%a].len!%%)
        if "!String[%%a].str: =!"=="" (echo.) else (echo !String[%%a].str!))
    setlocal disabledelayedexpansion
goto :eof


MiltiKiosk_Ver.12.ps1 –
Function ConvertEncoding ([string]$From, [string]$To) {
    Begin{$encFrom = [System.Text.Encoding]::GetEncoding($From);$encTo = [System.Text.Encoding]::GetEncoding($To)}
    Process{$bytes = $encTo.GetBytes($_);$bytes = [System.Text.Encoding]::Convert($encFrom, $encTo, $bytes);$encTo.GetString($bytes) -replace [char]0, ''}
}

Function ShowMessage ($Message='', $Align=0) {
    Try {$Align = [decimal]$Align} Catch {Return '  Align     ' | ConvertEncoding 'windows-1251' -To 'UTF-16'}
    if ($Message -is [int]) {for ($i=1; $i -le $Message; $i++) {Write-Host}; Return}
    if ([System.Text.Encoding]::Default.WindowsCodePage -eq 1252) {$Message = $Message | ConvertEncoding 'windows-1251' -To 'UTF-16'}
    if ($Message -is [string]) {[array] $Message = $Message}
    foreach ($String in $Message) {
        Try {$String = [int]$String} Catch {}
        if ($String -is [int]) {for ($i=1; $i -le $String; $i++) {Write-Host}; continue}
        if ($Host.UI.RawUI.BufferSize.Width -gt $String.Length) {
            if ($Align -eq 0) {Write-Host $String
            } else {Write-Host ("{0}{1}" -f (' ' * (([Math]::Max(0, $Host.UI.RawUI.BufferSize.Width / $Align) - [Math]::Floor($String.Length / $Align)))), $String)}
        } else {Write-Host $String}
    } 
}

$script:NameSpace="root\cimv2\mdm\dmmap"
$script:ClassName="MDM_AssignedAccess"
$script:MultiAppKiosk = Get-CimInstance -Namespace $NameSpace -ClassName $ClassName
if (-not $MultiAppKiosk) {ShowMessage -Message (3, '   ', 2, ' "Enter"    ') -Align 2; Read-Host; Exit}

Function MainMenu() {
    ShowMessage (13, ' 0 - ', ' 1 -  XML-  ', ' 2 -    ', ' 3 -   ', 1)
    $local:PromptText = ' '
    if ([System.Text.Encoding]::Default.WindowsCodePage -eq 1252) {$PromptText = $PromptText | ConvertEncoding 'windows-1251' -To 'UTF-16'}

    $local:Selections = 1..2
    While ($true) {
        $Select = Read-Host -Prompt $PromptText
        Switch ($Select) {
            0 {exit}
            1 {XMLSelection}
            2 {ShowMessage -Message (1, ' ') -Align 2; Write-Host $MultiAppKiosk.Configuration; ShowMessage -Message (' ', 1, '     "Enter"', 1) -Align 2; Read-Host}
            3 {$MultiAppKiosk.Configuration = $Null; Set-CimInstance -CimInstance $MultiAppKiosk; ShowMessage -Message (1, '   ', 1) -Align 2}
            DEFAULT {ShowMessage '  '}
        }
        if ($Selections -contains $Select) {Clear-Host; ShowMessage (15, ' 0 - ', ' 1 -  XML-  ', ' 2 -    ', ' 3 -   ', 1)}
    }
}

Function XMLSelection() {
    Clear-Host

    if (!(Test-Path -Path $PSScriptRoot'\XML')) {ShowMessage -Message (13, '  ', $('"'+$PSScriptRoot+'\XML"'), 1, ' "Enter"     ') -Align 2; Read-Host; Return}

    $local:XMLList = @()
    $XMLList += Get-ChildItem -Path $PSScriptRoot'\XML' -name -filter '*.xml'
    if ($XMLList.Count -eq  0) {ShowMessage -Message (13, '  XML-  ', $('"'+$PSScriptRoot+'\XML"'), 1, ' "Enter"     ') -Align 2; Read-Host; Return}

    [int]$local:Indent = 13 - $XMLList.Count / 2; if ($Indent -lt 1) {$Indent = 1}
    ShowMessage ($Indent, ' 0 -    ')
    for ($i=0; $i -le $XMLList.GetUpperBound(0); $i++) {Write-Host $(' '+($i+1)+' - '+$XMLList[$i])}
    Write-Host
    $local:PromptText = '   '
    if ([System.Text.Encoding]::Default.WindowsCodePage -eq 1252) {$PromptText = $PromptText | ConvertEncoding 'windows-1251' -To 'UTF-16'}

    $local:Selections = 1..$XMLList.Count
    $local:BackToPrevMenu = 0
    While ($BackToPrevMenu -eq 0) {
        $Select = Read-Host -Prompt $PromptText
        Switch ($Select) {
            0 {$BackToPrevMenu = 1}
            {$Selections -contains $Select} {ShowMessage $('       '+$XMLList[$Select-1]);
                $local:Config = (Get-Content -encoding UTF8 -path $($PSScriptRoot+'\XML\'+$XMLList[$Select-1]) -Raw).Trim()
                $local:GUIDs = [regex]::matches($Config, '{.+?}') | select -ExpandProperty Value | Get-Unique
                foreach ($GUID in $GUIDs) {$Config = $Config -replace $('\'+$GUID),$('{'+[guid]::NewGuid()+'}')}
                $Config = $Config -replace '&','&' -replace '<','<' -replace '>','>' -replace "'",''' -replace '"','"'
                $MultiAppKiosk.Configuration = $Config
                Set-CimInstance -CimInstance $MultiAppKiosk
            }
            DEFAULT {ShowMessage ('  ')} 
        }
    }
}

MainMenu


, «PsExec.exe». «XML» XML- . , .



MultiAppKiosk.xml
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration 
  xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
  xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
  >
  <Profiles>
      <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
          <AllAppsList>
              <AllowedApps>
                  <App AppUserModelId="WINDOWS.IMMERSIVECONTROLPANEL_CW5N1H2TXYEWY!MICROSOFT.WINDOWS.IMMERSIVECONTROLPANEL" />
                  <App AppUserModelId="Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI" />
                  <App DesktopAppPath="%windir%\system32\notepad.exe" />
                  <App DesktopAppPath="C:\Program Files\Internet Explorer\iexplore.exe" />
                  <App DesktopAppPath="%windir%\system32\win32calc.exe" />
                  <App DesktopAppPath="%windir%\system32\mspaint.exe" />
                  <App DesktopAppPath="%ProgramFiles%\Windows NT\Accessories\wordpad.exe" />
              </AllowedApps>
          </AllAppsList>
          <StartLayout>
              <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
                    <LayoutOptions StartTileGroupCellWidth="6" />
                    <DefaultLayoutOverride>
                      <StartLayoutCollection>
                        <defaultlayout:StartLayout GroupCellWidth="6">
                          <start:Group Name="">
                            <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="WINDOWS.IMMERSIVECONTROLPANEL_CW5N1H2TXYEWY!MICROSOFT.WINDOWS.IMMERSIVECONTROLPANEL" />
                            <start:Tile Size="4x2" Column="2" Row="0" AppUserModelID="Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI" />
                          </start:Group>
                          <start:Group Name=" ">
                            <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
                            <start:DesktopApplicationTile Size="2x2" Column="4" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                          </start:Group>
                        </defaultlayout:StartLayout>
                      </StartLayoutCollection>
                    </DefaultLayoutOverride>
                  </LayoutModificationTemplate>
              ]]>
          </StartLayout>
          <Taskbar ShowTaskbar="true"/>
      </Profile>
  </Profiles>
  <Configs>
      <Config>
          <Account>User</Account>
          <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
      </Config>
  </Configs>
</AssignedAccessConfiguration>


. XML- «UTF8», «ANSI», «encoding UTF8». «XML» XML- , . GUID’ , GUID’.



, . , . , .



, , . ( ), .



7 –



, , 




, - .



, . , «Sysprep.bat», 2, . , , . « » « ».



, .. – «  ». , . , - , « – ». .. .





. :



«Admin» – «»

«User» – «»

, – .



1



, « » «User» «User», , «User» – . «Admin», «User» «», «», «User» – . «Admin», , «User» – , .. .



2



– .



, «Win+r», .. sysprep’ «sysprep», «sysprep». sysprep’a : « (OOBE)», « », «». «» . : «Continue in selected language?» – «»; – ; – ; – ; « » – « »; – ; – ; « » – «Test»; – ; – ; – . , « » «User», . – .



3



– .



, , «gpedit.msc» « Windows» « », . « » , . . «sysprep» , «sysprep» . – .



4



– .



«sysprep» , 2. 2, .. . «User» . – . .. .



5



– .



« » «User», , «User», .



, «Admin». PowerShell , «Dism /online /Get-Intl» « : en-US».



WinPE, E. «Dism /image:E:\ /Set-UILang:ru-ru». , «Dism /image:E:\ /Get-Intl» «Default system UI language: ru-RU».



, «User», .



- .



WinPE, E. «Dism /image:E:\ /Set-UILang:en-us». , «Dism /image:E:\ /Get-Intl» «Default system UI language: en-US».



, «User», .



WinPE, E. «Dism /image:E:\ /Set-UILang:ru-ru». , «Dism /image:E:\ /Get-Intl» «Default system UI language: ru-RU».



, «User», .



.. . - , ?



6



. – .



«sysprep» , 2. : «Continue in selected language?» – «English (United States)»; – ; – . 2.



. «Dism /online /Get-Intl» «Default system UI language: en-US». « » «User», , «User», .



. «Test», «User», . «netplwiz», «Test», « » .



WinPE. «Dism /image:E:\ /Set-UILang:ru-ru». , «Dism /image:E:\ /Get-Intl» «Default system UI language: ru-RU».



, «User», . .. . ?



7



– .



«Sysprep.bat», 2. , « » «User», , «User», .



WinPE. «Dism /image:E:\ /Set-UILang:en-us». , «Dism /image:E:\ /Get-Intl» «Default system UI language: en-US».



, «User», .



, . , , , . . ?



8



– .



, «Language» «Add language», «», «Next», , «Install», , . , «Sysprep.bat», 2.



« » «User», , «User», .



9



, . .



– X21-96381. «E». : «c:\Mount\Install», «c:\Mount\Winre», «c:\Mount\Boot». – X21-87814. «c:\Mount» : «Microsoft-Windows-Client-Language-Pack_x86_ru-ru.cab», «lp.cab», «WinPE-Setup_ru-ru.cab». . , .



cd c:\mount
dism /Mount-Wim /WimFile:e:\sources\install.wim /index:1 /MountDir:Installcode
dism /Image:Install /Add-Package /PackagePath:Microsoft-Windows-Client-Language-Pack_x86_ru-ru.cabcode
dism /Image:Installcode /Set-AllIntl:ru-ru
dism /Image:Install /Set-TimeZone:"Russian Standard Time"code

dism /Mount-Wim /WimFile:Install\Windows\System32\Recovery\Winre.wim /index:1 /MountDir:Winrecode
dism /Image:Winre /Add-Package /PackagePath:lp.cabcode
dism /Image:Winrecode /Set-AllIntl:ru-ru
dism /Image:Winre /Set-TimeZone:"Russian Standard Time"code
dism /Unmount-Image /MountDir:Winre /Commitcode

dism /Image:Install /Gen-LangINI /distribution:E:\ /Set-AllIntl:ru-RUcode
dism /image:Install /Set-SetupUILang:RU-ru /distribution:E:\code
dism /Unmount-Image /MountDir:Install /Commitcode

dism /mount-wim /wimfile:e:\sources\boot.wim /index:1 /mountdir:Bootcode
dism /Image:Boot /Add-Package /PackagePath:lp.cabcode
dism /Image:Bootcode /Set-AllIntl:ru-ru
copy e:\sources\lang.ini Boot\sources\lang.inicode
dism /Unmount-Image /MountDir:Boot /Commitcode

dism /mount-wim /wimfile:e:\sources\boot.wim /index:2 /mountdir:Bootcode
dism /Image:Boot /Add-Package /PackagePath:lp.cabcode
dism /Image:Boot /Add-Package /PackagePath:WinPE-Setup_ru-ru.cabcode
dism /Image:Bootcode /Set-AllIntl:ru-ru
copy e:\sources\lang.ini Boot\sources\lang.ini /ycode
dism /Unmount-Image /MountDir:Boot /Commit


, . «Ctrl+Shift+F3». « » «User», , «User», .



WinPE. «Dism /image:E:\ /Set-UILang:en-us».



, «User», .



, .



10



, .



«Feat on Demand» – X21-87815. «c:\Mount» : «Microsoft-Windows-LanguageFeatures-Basic-ru-ru-Package~31bf3856ad364e35~x86~~.cab», «Microsoft-Windows-LanguageFeatures-OCR-ru-ru-Package~31bf3856ad364e35~x86~~.cab», «Microsoft-Windows-LanguageFeatures-Handwriting-ru-ru-Package~31bf3856ad364e35~x86~ ~.cab», «Microsoft-Windows-LanguageFeatures-TextToSpeech-ru-ru-Package~31bf3856ad364e35~x86~~.cab».



«Feat on Demand RDX Updt» – X21-99781. «c:\Mount» : «Microsoft-Windows-RetailDemo-OfflineContent-Content-Package~31bf3856ad364e35~x86~~.cab», « Microsoft-Windows-RetailDemo-OfflineContent-Content-ru-ru-Package~31bf3856ad364e35~x86~~.cab».



:



cd c:\mount
dism /Mount-Wim /WimFile:e:\sources\install.wim /index:1 /MountDir:Install
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-LanguageFeatures-Basic-ru-ru-Package~31bf3856ad364e35~x86~~.cab
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-LanguageFeatures-OCR-ru-ru-Package~31bf3856ad364e35~x86~~.cab
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-LanguageFeatures-Handwriting-ru-ru-Package~31bf3856ad364e35~x86~~.cab
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-LanguageFeatures-TextToSpeech-ru-ru-Package~31bf3856ad364e35~x86~~.cab
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-RetailDemo-OfflineContent-Content-Package~31bf3856ad364e35~x86~~.cab
dism /Add-Package /Image:Install /PackagePath:Microsoft-Windows-RetailDemo-OfflineContent-Content-ru-ru-Package~31bf3856ad364e35~x86~~.cab
dism /Unmount-Image /MountDir:Install /Commit


, . «Ctrl+Shift+F3». « » «User», , «User». , , .



, «User», , , .



WinPE. «Dism /image:E:\ /Set-UILang:en-us».



, «User», .





. !



, «en-us», .



– .



«Unattend.xml» «en-US», «Sysprep.bat», 2 , . , – . «Unattend.xml» . «control intl.cpl,,/f:» , . .



<gs:GlobalizationServices xmlns:gs="urn:longhornGlobalizationUnattend">
      <gs:UserList>
        <gs:User UserID="Current" CopySettingsToSystemAcct="true"/> 
    </gs:UserList>
</gs:GlobalizationServices>


.. , , , . «», . , . — «Unattend.xml». , . , «echo» «cmd», . .. .



echo ^<gs:GlobalizationServices xmlns:gs="urn:longhornGlobalizationUnattend"^>^<gs:UserList^>^<gs:User UserID="Current" CopySettingsToSystemAcct="true"/^>^</gs:UserList^>^</gs:GlobalizationServices^>>Config.xml


XML, :



> &gt;
< &lt;
& &amp;
‘ &apos;
“ &quot;


«FirstLogonCommands».



cmd.exe /c echo ^&lt;gs:GlobalizationServices xmlns:gs=&quot;urn:longhornGlobalizationUnattend&quot;^&gt;^&lt;gs:UserList^&gt;^&lt;gs:User UserID=&quot;Current&quot; CopySettingsToSystemAcct=&quot;true&quot;/^&gt;^&lt;/gs:UserList^&gt;^&lt;/gs:GlobalizationServices^&gt;&gt;&quot;%TMP%\Config.xml&quot;


.



control intl.cpl,,/f:&quot;%TMP%\Config.xml&quot;


.. .



cmd.exe /c del &quot;%TMP%\Config.xml&quot; /q&amp;shutdown /r /f /t 00


sysprep’.



Unattend.xml
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="specialize">
        <component name="Microsoft-Windows-Deployment" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <RunSynchronous>
                <RunSynchronousCommand wcm:action="add">
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v SetupDisplayedProductKey /t REG_DWORD /d 1 /f</Path>
                    <Order>1</Order>
                    <Description>Dont show key page</Description>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Path>reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\OOBE /v UnattendCreatedUser /t REG_DWORD /d 1 /f</Path>
                    <Order>2</Order>
                    <Description>Dont make account</Description>
                </RunSynchronousCommand>
                <RunSynchronousCommand wcm:action="add">
                    <Path>cmd.exe /c rd %systemdrive%\Sysprep /s /q</Path>
                    <Order>3</Order>
                    <Description>Del Folder</Description>
                </RunSynchronousCommand>
            </RunSynchronous>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <AutoLogon>
                <Enabled>true</Enabled>
                <Username>Admin</Username>
            </AutoLogon>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US; ru-RU</InputLocale>
            <SystemLocale>ru-RU</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback></UILanguageFallback>
            <UserLocale>ru-RU</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c echo ^&lt;gs:GlobalizationServices xmlns:gs=&quot;urn:longhornGlobalizationUnattend&quot;^&gt;^&lt;gs:UserList^&gt;^&lt;gs:User UserID=&quot;Current&quot; CopySettingsToSystemAcct=&quot;true&quot;/^&gt;^&lt;/gs:UserList^&gt;^&lt;/gs:GlobalizationServices^&gt;&gt;&quot;%TMP%\Config.xml&quot;</CommandLine>
                    <Description>CreateConfig</Description>
                    <Order>1</Order>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>control intl.cpl,,/f:&quot;%TMP%\Config.xml&quot;</CommandLine>
                    <Description>UseConfig</Description>
                    <Order>2</Order>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c del &quot;%TMP%\Config.xml&quot; /q&amp;shutdown /r /f /t 00</CommandLine>
                    <Description>DelConfig</Description>
                    <Order>3</Order>
                </SynchronousCommand>
            </FirstLogonCommands>
        </component>
    </settings>







– .



Unattend.xml , «Sysprep.bat», 2 , . , . , .



Windows 10 IoT Enterprise, mse@quarta.ru quarta-embedded.ru.

YouTube-



: , .




All Articles