Scripts/Set-SharedPCMode.ps1
<#
.SYNOPSIS Configures Shared PC Mode on Windows 10 .DESCRIPTION The typical approach for configuring Shared PC Mode is to use an MDM solution which interacts with the SharedPC CSP. Alternatively, configuration can be performed by using the MDM Bridge WMI Provider to interact with the CSP via WMI. This script eases configuration when using the latter approach by providing a simple command to set available settings. For details on parameters consult the Shared PC Mode documentation (see the NOTES section of this command for links). .PARAMETER PassThru Return an instance of the MDM_SharedPC class after applying the requested configuration. .EXAMPLE Set-SharedPCMode -EnableSharedPCMode $true -EnableAccountManager $true -RestrictLocalStorage $true Enables Shared PC Mode with automatic account management and local storage restrictions. .NOTES The MDM Bridge WMI Provider can only be interacted with from the NT AUTHORITY\SYSTEM account. Typically this script would be run non-interactively by a service running in the SYSTEM context (e.g. Group Policy Client). To run this script interactively you should use a tool like Sysinternals PsExec to run it under the SYSTEM account. For example, the following PsExec command will launch PowerShell under the SYSTEM account: psexec -s -i powershell Set up a shared or guest PC with Windows 10 https://docs.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc SharedPC CSP https://docs.microsoft.com/en-us/windows/client-management/mdm/sharedpc-csp .LINK https://github.com/ralish/PSWinGlue #> #Requires -Version 3.0 [CmdletBinding()] Param( [Bool]$EnableSharedPCMode, [Bool]$SetEduPolicies, [Bool]$SetPowerPolicies, [Int]$MaintenanceStartTime, [Bool]$SignInOnResume, [Int]$SleepTimeout, [Bool]$EnableAccountManager, [Int16]$AccountModel, [Int16]$DeletionPolicy, [Int16]$DiskLevelDeletion, [Int16]$DiskLevelCaching, [Bool]$RestrictLocalStorage, [String]$KioskModeAUMID, [String]$KioskModeUserTileDisplayText, [Int16]$InactiveThreshold, [Int16]$MaxPageFileSizeMB, [Switch]$PassThru ) $OSBuild = [Environment]::OSVersion.Version.Build $OSType = (Get-CimInstance -ClassName Win32_OperatingSystem).ProductType if ($OSBuild -lt 14393 -or $OSType -ne 1) { throw 'Shared PC Mode is only available on Windows 10 1607 and newer.' } $SystemSid = 'S-1-5-18' $CurrentSid = ([Security.Principal.WindowsIdentity]::GetCurrent()).User.Value if ($CurrentSid -ne $SystemSid) { throw 'Must be running as SYSTEM to interact with MDM Bridge WMI Provider.' } $WmiNamespace = 'root\cimv2\mdm\dmmap' $WmiClassName = 'MDM_SharedPC' $MdmSharedPC = Get-CimInstance -Namespace $WmiNamespace -ClassName $WmiClassName -ErrorAction Stop $MdmCspProperties = $MdmSharedPC.get_CimInstanceProperties().Name $IgnoredParameters = [Management.Automation.Cmdlet]::CommonParameters + 'PassThru' foreach ($Parameter in $PSBoundParameters.GetEnumerator()) { if ($Parameter.Key -notin $IgnoredParameters) { if ($Parameter.Key -notin $MdmCspProperties) { throw ('Parameter not supported on this Windows 10 version: {0}' -f $Parameter.Key) } $MdmSharedPC.($Parameter.Key) = $Parameter.Value } } Set-CimInstance -CimInstance $MdmSharedPC -ErrorAction Stop if ($PassThru) { Get-CimInstance -Namespace $WmiNamespace -ClassName $WmiClassName } |