Lockdown XML
August 13, 2015
After you deploy your devices, you can still configure lockdown settings that were available in the Prov.xml file in one of the ways described in Locking down a device: by using assigned access on the device; by using an app that you write and a lockdown XML file; or by using a mobile device management (MDM) solution. This topic provides example XML that you can use in your own lockdown XML file or when using an MDM solution, such as System Center 2012 R2 Configuration Manager, to push lockdown settings to enrolled devices. Lockdown settings are escaped in the Prov.xml and when using a MDM solution. You do not use escape characters when using your own lockdown XML.
For more information about provisioned states, see Configure devices.
Order of lockdown settings
The configuration items must be in the following order when you lock down settings:
Default profile
ActionCenter
Apps
Application Product ID, as described in Product IDs in Handheld 8.1
PinToStart
Size
Location
Buttons
ButtonLockdownList
- Button name
ButtonRemapList
Button name
Button event name
- Application Product ID, as described in Product IDs in Handheld 8.1
CSPRunner
- SyncML
MenuItems
- Disable menu items
Settings
System name, as described in Settings that can be locked down
Application name, as described in Settings that can be locked down
Tiles
- Enable tile manipulation
StartScreenSize
RoleList
Role (repeat for each role)
ActionCenter
Apps
Application Product ID, as described in Product IDs in Handheld 8.1
PinToStart
Size
Location
Buttons
ButtonLockdownList
- Button name
ButtonRemapList
Button name
Button event name
- Application Product ID, as described in Product IDs in Handheld 8.1
CSPRunner
- SyncML
MenuItems
- Disable menu items
Settings
System name, as described in Settings that can be locked down
Application name, as described in Settings that can be locked down
Tiles
- Enable tile manipulation
Lockdown example to use in a Lockdown XML file
Lockdown settings are escaped in the Prov.xml and when using a MDM solution. You do not use escape characters when using your own lockdown XML. The following example shows the provisioning information that you can use to configure lockdown in your own lockdown XML file.
<?xml version="1.0" encoding="utf-8"?>
<HandheldLockdown version="1.0" >
<Default>
<ActionCenter enabled="true" />
<Apps>
<!-- Settings -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Calendar -->
<Application productId="{36F9FA1C-FDAD-4CF0-99EC-C03771ED741A}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Photos -->
<Application productId="{5b04b775-356b-4aa0-aaf8-6491ffea5632}">
<PinToStart>
<Size>Medium</Size>
<Location>
<LocationX>2</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
<!-- SystemInfo -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5604}" />
<!-- WEHLockApp -->
<Application productId="{3CA21ED6-2C66-4800-B065-0D55F3247AE4}" />
</Apps>
<Buttons>
<ButtonLockdownList>
<!-- Lockdown all buttons -->
<Button name="Search">
</Button>
<Button name="Camera">
</Button>
<Button name="Custom1">
</Button>
<Button name="Custom2">
</Button>
<Button name="Custom3">
</Button>
</ButtonLockdownList>
<ButtonRemapList>
<Button name="Search">
<ButtonEvent name="Press">
<!-- Alarms -->
<Application productId="{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}" parameters="" />
</ButtonEvent>
</Button>
</ButtonRemapList>
</Buttons>
<CSPRunner>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- zero based index of available theme colors -->
<Data>7</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- 0 for "light", 1 for "dark" -->
<Data>1</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>c:\windows\system32\lockscreen\480x800\Wallpaper_05.jpg</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
</CSPRunner>
<MenuItems>
<DisableMenuItems/>
</MenuItems>
<Settings>
<System name="Microsoft.About" />
<System name="Microsoft.NocenterSettings" />
<System name="Microsoft.CompanyAccount" />
<Application name="Microsoft.Maps" />
<Application name="Microsoft.Wallet" />
</Settings>
<Tiles>
<EnableTileManipulation/>
</Tiles>
<StartScreenSize>Small</StartScreenSize>
</Default>
<RoleList>
<Role guid="{88501844-3b51-4c9f-9da7-7ca745e7da6b}" name="Associate">
<ActionCenter enabled="0"/>
<Apps>
<!-- Settings -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Calendar -->
<Application productId="{36F9FA1C-FDAD-4CF0-99EC-C03771ED741A}">
<PinToStart>
<Size>Large</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
<!-- WEHLockApp -->
<Application productId="{3CA21ED6-2C66-4800-B065-0D55F3247AE4}" />
</Apps>
<Buttons />
<CSPRunner>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- zero based index of available theme colors -->
<Data>10</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- 0 for "light", 1 for "dark" -->
<Data>0</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>c:\windows\system32\lockscreen\480x800\Wallpaper_08.jpg</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
</CSPRunner>
<MenuItems>
<DisableMenuItems/>
</MenuItems>
<Settings>
<System name="Microsoft.Themes" />
<System name="Microsoft.About" />
<System name="Microsoft.TouchKeyboard" />
<System name="Microsoft.NocenterSettings" />
</Settings>
</Role>
<Role guid="{7bb62e8c-81ba-463c-b691-74af68230b42}" name="Manager">
<ActionCenter enabled="true" />
<Apps>
<!-- Alarm -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA560A}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Settings -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5601}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>1</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Calendar -->
<Application productId="{36F9FA1C-FDAD-4CF0-99EC-C03771ED741A}">
<PinToStart>
<Size>Medium</Size>
<Location>
<LocationX>2</LocationX>
<LocationY>0</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Calculator -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5603}" />
<!-- Photos -->
<Application productId="{5b04b775-356b-4aa0-aaf8-6491ffea5632}">
<PinToStart>
<Size>Small</Size>
<Location>
<LocationX>0</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
<!-- Store -->
<Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5633}">
<PinToStart>
<Size>Medium</Size>
<Location>
<LocationX>2</LocationX>
<LocationY>2</LocationY>
</Location>
</PinToStart>
</Application>
<!-- WEHLockApp -->
<Application productId="{3CA21ED6-2C66-4800-B065-0D55F3247AE4}" />
</Apps>
<Buttons />
<CSPRunner>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeAccentColorID</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- zero based index of available theme colors -->
<Data>2</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/Theme/ThemeBackground</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<!-- 0 for "light", 1 for "dark" -->
<Data>1</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/LockScreenWallpaper/BGFileName</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>c:\windows\system32\lockscreen\480x800\Wallpaper_015.jpg</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
</CSPRunner>
<MenuItems>
<DisableMenuItems/>
</MenuItems>
<Settings>
<System name="Microsoft.About" />
<System name="Microsoft.Accessibility" />
<System name="Microsoft.Accounts" />
<System name="Microsoft.BatterySaver" />
<System name="Microsoft.Bluetooth" />
<System name="Microsoft.CloudStorageCpl" />
<System name="Microsoft.CompanyAccount" />
<System name="Microsoft.Contacts" />
<System name="Microsoft.DateTime" />
<System name="Microsoft.Feedback" />
<System name="Microsoft.FindMyPhone" />
<System name="Microsoft.KidZone" />
<System name="Microsoft.Language" />
<System name="Microsoft.MusicVideo" />
<System name="Microsoft.NocenterSettings" />
<System name="Microsoft.PhoneLock" />
<System name="Microsoft.Photos" />
<System name="Microsoft.ProfileUpdate" />
<System name="Microsoft.Proximity" />
<System name="Microsoft.Regional" />
<System name="Microsoft.Sounds" />
<System name="Microsoft.Speech" />
<System name="Microsoft.StorageSettings" />
<System name="Microsoft.Themes" />
<System name="Microsoft.TouchKeyboard" />
<System name="Microsoft.Updates" />
<System name="Microsoft.WiFi" />
<Application name="Microsoft.Games" />
<Application name="Microsoft.IE" />
<Application name="Microsoft.Maps" />
<Application name="Microsoft.Marketplace" />
<Application name="Microsoft.Messaging" />
<Application name="Microsoft.OfficeMobile" />
<Application name="Microsoft.Phone" />
<Application name="Microsoft.Search" />
<Application name="Microsoft.Wallet" />
</Settings>
<Tiles>
<EnableTileManipulation/>
</Tiles>
</Role>
</RoleList>
</HandheldLockdown>
To use the lockdown example in a Prov.xml file or MDM solution
The XML example shown here cannot be used in the actual provisioning file that you use in your Prov.xml file or MDM solution. You must use escaped characters for lockdown (such as < in place of <) as a result of XML embedded in XML. Do not replace the escaped characters in the provisioning file. You can easily find an online escape tool to help you with this process.