Windows-itpro-docs: Set-CimInstance fails

@officedocsbot assign @e0i

@illfated It seems like you have commented under the wrong issue.

Hello, @euphoric85

The issue is under investigation and you will be notified with any changes on the way.

Thank you for providing feedback.

@euphoric85 : Could you test if my corrected XML above works any better than the one currently on the Docs page? Or did you manage to sort that out yourself, making it look like my posted suggestion, before testing the XML in your environment?

@illfated I get the same error

That's a pity, sorry I don't know enough about this topic to help you.

@Dansimp or @lizap , are there any available options to have the page content tested in-house on Windows 10 Pro, version 1809, to confirm whether this issue is reproducible?

Same error here - even with the example code.

I have been able to get the configuration to apply only by escaping the XML:

<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
    <Profiles>
        <Profile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}">
      <AllAppsList> 
      <AllowedApps> 
        <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
        <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />

As an example - is this expected?

Is there a way we can confirm this encoding requirement? I am staging a project for a thin client replacement and want to use Powershell to set the kiosk mode / assigned access. Encoding to HTML \ Escaped characters does allow setting, but I am getting inconsistent results in my configuration.

Good question, wish I knew or could check that for you. Unfortunately, I don't have access to any of the required environment nor the spare hardware to download trial versions to test it. I can only hope someone will be able to follow up on your questions and check if your issues with HTML tags like < > in PowerShell can be confirmed.

Simple add:
$obj.Configuration = $obj.Configuration -replace "<", "<"
$obj.Configuration = $obj.Configuration -replace ">", ">"

before "Set-CimInstance -CimInstance $obj"

ah - this forum engine has converted the original code:
it should look like this:
https://i.imgur.com/NxDs8JC.png

Oh. So according to your experience, it should look like it originally was before the change I made in my PR https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3955 (Windows/Configuration: correct HTML code to XML tags) , based on the translation issue #3819 [LOC]"<"needs to be replaced with"<", ">"needs to be replaced with">"

Does it look like an incorrect decision to submit that change, that the XML actually needs < + > instead of the angle (HTML tag) brackets?

edit: Derp. Looks like I didn't pay attention to the preceding section, that the script is supposed to be PowerShell and not XML. Durr. 🙈

I'd prefer the the original XML syntax (clean, nice look), then "convert" it "on the fly" to for powershell syntax.

So... maybe a combination of both code forms (XML + PowerShell) in separate code blocks could be a plausible solution here?

I did this and I split this script into 3 files:

• launcher (to give admin and system rights) - lockdownuser.bat,
• main script - lockdownuser.ps1
• an xml file with config - lockdownuser.xml

I attached version for lockdown group (named "LockdownGroup").

Lockdown user.zip
Lockdown group.zip

PS: You have to create user/group, before launch this script.

PPS: When You want to clear/disable kiosk mode, run clear.bat
Lockdown clear.zip

Nice one cra3yk!

I have now implemented this in a StartUp script set by GPO for a RDS thin client project I am working on with the escaped charaters. So far it is working well. Eventually I would like to be able to compare the current config to the desired config XML and only re-set if need be. The compare doesn't see ever see them as the same, but re-setting on each start up seems not to be harmful.

Well done, @cra3yk. I must admit that I don't know the topic well enough to judge if this will be an acceptable solution to be added to the page in question, but I hope maybe @e0i or @martyav can suggest if it is usable or possibly ask one of the owners of the document to check if it is worth implementing on the page.

Please feel free and use/edit these scripts as You wish :-)

In my solution a Powershell Startup script worked without the requirement for the bat / psexe. I also enclosed the XML information in the PS script by assigning a variable @"XML content"@. In my project the workstation is domain joined but we are using the local autologon user created by the assigned access profile to launch the RDS session to function like a thin client. Interesting we do not have assigned access available to us in traditional GPO.

I needed one-click solution to set/clear policy with separated xml file (easy to change without messing script code) for standalone workstations, so this was the main reason for me to create 3-file solution for my needs :-)

Absolutely - it's excellent!

Dear @illfated, there is also a class in PowerShell (System.Web) for this kind of html encoding, like:

$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
Add-Type -AssemblyName System.Web
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
XML Body
"@)
Set-CimInstance -CimInstance $obj

it worked well with this "<" ">" issue.

Would it be OK to replace the example in this article with this solution?

Thank you

@MaratMussabekov : Thank you for asking, even though I am far from experienced in this topic. I believe @cra3yk & @NigelbrownIBM will be able to answer that question far better than me.

@MaratMussabekov : Your amending looks good to me, even though I don't know PowerShell syntax well enough to know that it works.

@euphoric85 & @Niglb : Could you take a look at the suggested change in the PR (#4805 ) to see if it solves this issue?

@euphoric85 @Niglb

The content has been updated with relevant changes accordingly with the PR #4805. Thanks.