Share via


Create a Prov.xml

August 13, 2015

The provisioning XML file (Prov.xml) for Windows Embedded 8.1 Handheld contains the configuration settings and lockdown information for the enterprise devices. It can be pushed to a device by using the mobile device management (MDM) service and then restarting the device. It can also be sideloaded by using a near field communication (NFC) tag, SD card, or other data source (such as a bar code scanner), and then applying during the out-of-box experience (OOBE).

The Prov.XML contains the following:

  • (Required) The requested certificates.

  • (Required) DM client configuration.

  • (Required) Wireless must be provisioned.

  • (Optional) An enterprise application token and an enterprise app download link to allow the enrollment client to download a Company Hub app or enterprise app at the end of enrollment.

  • (Optional) Assigned access XML.

The following table shows how you can use configuration service providers to configure devices.

Configuration Service Provider

Description

EnterpriseExt configuration service provider

Allows enterprise to use the MDM service to enroll devices to the MDM server in an enterprise environment, restart a device, and manage the maintenance window schedule for devices so that they can perform device updates and other management tasks.

EnterpriseAssignedAccess configuration service provider

Allows the enterprise to use Windows Embedded 8.1 Handheld features to configure custom layouts on a device. For example, the administrator can lock down a device so that only apps specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view.

EnterpriseExtFileSystem configuration service provider

Allows enterprise to add, retrieve, or change files in the file system through the MDM service. For example, you can use this configuration service provider to push a provisioning XML file or a new lock screen background image file to a device through the MDM service and retrieve logs from shared storage in the enterprise environment.

To create a Prov.xml file to configure devices

  1. Using a text or XML editor, copy the sample XML from this topic and save it to a new XML file.

  2. Using the examples in the Configuration service provider reference topics, change the values to the appropriate values for your organization.

  3. Make sure that the provisioning file is encoded as UTF-8 or UTF-16LE, including the byte order mark (BOM).

  4. (optional) Using MDM, encrypt Prov.xml. The encryption password will need to be provided during OOBE configuration. The encryption password can use only the following characters:

    • Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)

    • Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)

    • Base 10 digits (0 through 9)

    • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

  5. Do one of the following:

    • If you will push the Prov.xml to devices by using the MDM service, save the file to your development computer, and then push it to a device.

    • If you will use an SD card or other data source (such as a bar code scanner), save the Prov.xml file to the root directory of the data source so that you can sideload it, and then apply it during OOBE.

    • If you will use an NFC tag or device, make sure that you followed the components of an NFC tag as described in Enable near field communication. Save the Prov.xml file to the NFC tag or device so that the IT administrator can sideload it, and then apply it during OOBE.

Sample OMA Client Provisioning

The following example shows a provisioning XML file (Prov.xml) that is applied to a device during OOBE and that contains settings for a Wi-Fi connection, MDM enrollment, and profile lockdown.

Important noteImportant note

Formatting in this sample file uses escaped characters, such as &lt; in place of <, as a result of XML embedded in XML. Do not replace the escaped characters.

<!--
Copyright (c) Microsoft Corporation.  All rights reserved.
-->
<wap-provisioningdoc>
    <characteristic type="WiFi">
        <characteristic type="Profile">
            <characteristic type="Open">
                <parm name="WlanXml" datatype="string" value="&lt;?xml version=&quot;1.0&quot;?&gt;&lt;WLANProfile xmlns=&quot;https://www.microsoft.com/networking/WLAN/profile/v1&quot;&gt;&lt;name&gt;WIFI_OPEN&lt;/name&gt;&lt;SSIDConfig&gt;&lt;SSID&gt;&lt;name&gt;WIFI_OPEN&lt;/name&gt;&lt;/SSID&gt;&lt;/SSIDConfig&gt;&lt;connectionType&gt;ESS&lt;/connectionType&gt;&lt;connectionMode&gt;auto&lt;/connectionMode&gt;&lt;MSM&gt;&lt;security&gt;&lt;authEncryption&gt;&lt;authentication&gt;open&lt;/authentication&gt;&lt;encryption&gt;none&lt;/encryption&gt;&lt;/authEncryption&gt;&lt;/security&gt;&lt;/MSM&gt;&lt;/WLANProfile&gt;" />
            </characteristic>
        </characteristic>
    </characteristic>
    <characteristic type="EnterpriseExt">
        <characteristic type="MDM">
            <parm name="Server" value="https://localhost:443" />
            <parm name="Username" value="name@contoso.com" />
            <parm name="Password" value="password" />
            <parm name="EnableDeviceEnrollment" value="false" datatype="boolean" />
        </characteristic>
    </characteristic>
    <characteristic type="EnterpriseAssignedAccess">
        <characteristic type="AssignedAccess">
            <parm name="AssignedAccessXml" datatype="string" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
                &lt;HandheldLockdown version=&quot;1.0&quot;&gt;
                    &lt;Default&gt;
                        &lt;ActionCenter enabled=&quot;true&quot; /&gt;
                            &lt;Apps&gt;
                                &lt;!-- Phone App --&gt;
                                    &lt;Application productId=&quot;{5B04B775-356B-4AA0-AAF8-6491FFEA5611}&quot;&gt;
                                        &lt;PinToStart&gt;
                                            &lt;Size&gt;Medium&lt;/Size&gt;
                                            &lt;Location&gt;
                                                &lt;LocationX&gt;0&lt;/LocationX&gt;
                                                &lt;LocationY&gt;0&lt;/LocationY&gt;
                                            &lt;/Location&gt;
                                        &lt;/PinToStart&gt;
                                    &lt;/Application&gt;
                                    &lt;!-- Settings --&gt;
                                    &lt;Application productId=&quot;{5B04B775-356B-4AA0-AAF8-6491FFEA5601}&quot;&gt;
                                        &lt;PinToStart&gt;
                                            &lt;Size&gt;Medium&lt;/Size&gt;
                                            &lt;Location&gt;
                                                &lt;LocationX&gt;2&lt;/LocationX&gt;
                                                &lt;LocationY&gt;0&lt;/LocationY&gt;
                                            &lt;/Location&gt;
                                        &lt;/PinToStart&gt;
                                    &lt;/Application&gt;
                            &lt;/Apps&gt;
                            &lt;Buttons&gt;
                                &lt;ButtonLockdownList&gt;
                                    &lt;!-- Lockdown all buttons except Search --&gt;
                                    &lt;Button name=&quot;Search&quot;&gt;
                                    &lt;/Button&gt;
                                    &lt;Button name=&quot;Camera&quot;&gt;
                                        &lt;ButtonEvent name=&quot;Press&quot; /&gt;
                                        &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
                                    &lt;/Button&gt;
                                    &lt;Button name=&quot;Custom1&quot;&gt;
                                        &lt;ButtonEvent name=&quot;Press&quot; /&gt;
                                        &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
                                    &lt;/Button&gt;
                                    &lt;Button name=&quot;Custom2&quot;&gt;
                                        &lt;ButtonEvent name=&quot;Press&quot; /&gt;
                                        &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
                                    &lt;/Button&gt;
                                    &lt;Button name=&quot;Custom3&quot;&gt;
                                        &lt;ButtonEvent name=&quot;Press&quot; /&gt;
                                        &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
                                    &lt;/Button&gt;
                                &lt;/ButtonLockdownList&gt;
                                &lt;ButtonRemapList&gt;
                                    &lt;Button name=&quot;Search&quot;&gt;
                                        &lt;ButtonEvent name=&quot;Press&quot;&gt;
                                            &lt;!-- TicTapToe --&gt;
                                            &lt;Application productId=&quot;{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}&quot; parameters=&quot;&quot; /&gt;
                                        &lt;/ButtonEvent&gt;
                                    &lt;/Button&gt;
                                &lt;/ButtonRemapList&gt;
                            &lt;/Buttons&gt;
                            &lt;MenuItems&gt;
                                &lt;DisableMenuItems /&gt;
                            &lt;/MenuItems&gt;
                            &lt;Settings&gt;
                                &lt;System name=&quot;Microsoft.About&quot; /&gt;
                                &lt;System name=&quot;Microsoft.NocenterSettings&quot; /&gt;
                                &lt;System name=&quot;Microsoft.CompanyAccount&quot; /&gt;
                            &lt;/Settings&gt;
                            &lt;StartScreenSize&gt;Small&lt;/StartScreenSize&gt;
                    &lt;/Default&gt;
                    &lt;RoleList&gt;
                        &lt;Role guid=&quot;{88501844-3B51-4C9F-9DA7-7CA745E7DA6B}&quot; name=&quot;Associate&quot;&gt;
                            &lt;ActionCenter enabled=&quot;false&quot; /&gt;
                                &lt;Apps&gt;
                                    &lt;!-- Settings --&gt;
                                    &lt;Application productId=&quot;{5B04B775-356B-4AA0-AAF8-6491FFEA5601}&quot;&gt;
                                        &lt;PinToStart&gt;
                                            &lt;Size&gt;Medium&lt;/Size&gt;
                                            &lt;Location&gt;
                                                &lt;LocationX&gt;0&lt;/LocationX&gt;
                                                &lt;LocationY&gt;0&lt;/LocationY&gt;
                                            &lt;/Location&gt;
                                        &lt;/PinToStart&gt;
                                    &lt;/Application&gt;
                                &lt;/Apps&gt;
                                &lt;Buttons&gt;
                                    &lt;ButtonLockdownList&gt;
                                    &lt;/ButtonLockdownList&gt;
                                &lt;/Buttons&gt;
                                &lt;MenuItems&gt;
                                    &lt;DisableMenuItems /&gt;
                                &lt;/MenuItems&gt;
                                &lt;Settings&gt;
                                    &lt;System name=&quot;Microsoft.About&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Accessibility&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Accounts&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.AdvertisingId&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.AirplaneMode&quot; /&gt;
                                    
                                    &lt;System name=&quot;Microsoft.BatterySaver&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Bluetooth&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Brightness&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.CellularConn&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.CloudStorageCpl&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.CompanyAccount&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.DateTime&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.DoNotDisturb&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.DrivingMode&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Feedback&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.FindMyPhone&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.FlashAppSetting&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.KidZone&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Language&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Location&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.MirrorUX&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.NocenterSettings&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.PhoneLock&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.ProfileUpdate&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Proximity&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Regional&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.RoamingCpl&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.RotationLock&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.SoftAP&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Sounds&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Speech&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.StorageSettings&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Themes&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.TouchKeyboard&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.Updates&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.USB&quot; /&gt;
                                    &lt;System name=&quot;Microsoft.VPN&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.AssistUX&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Contacts&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.IE&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Maps&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Marketplace&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Messaging&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.OfficeMobile&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Phone&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Photos&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Search&quot; /&gt;
                                    &lt;Application name=&quot;Microsoft.Wallet&quot; /&gt;
                                &lt;/Settings&gt;
                        &lt;/Role&gt;
                    &lt;/RoleList&gt;
                &lt;/HandheldLockdown&gt;" />
    </characteristic>
  </characteristic>
</wap-provisioningdoc>

The following example shows how to install a certificate.

<?xml version="1.0" encoding="utf-8"?>
<wap-provisioningdoc version="1.1">
  <characteristic type="EnterpriseExt">
    <characteristic type="MDM">
      <parm name="Server" value="HTTPS://PrimarySite.SCCM.CORP.MICROSOFT.COM:443/EnrollmentServer/DeviceBulkEnrollmentWebService.svc" />
      <parm name="Username" value="bulkenroll" />
      <parm name="Password" value="cb6d4e6d-d2e9-428b-b115-d3f9ec4bd7bb" />
      <parm name="EnableDeviceEnrollment" value="true" datatype="boolean" />
    </characteristic>
  </characteristic>
  <characteristic type="WiFi">
    <characteristic type="Profile">
      <characteristic type="Open-WEP">
        <parm name="WlanXml" datatype="string" value="&lt;?xml version=&quot;1.0&quot;?&gt;&#x000D;&#x000A;&lt;WLANProfile xmlns=&quot;https://www.microsoft.com/networking/WLAN/profile/v1&quot;&gt;&#x000D;&#x000A;&#x0009;&lt;name&gt;Open-WEP&lt;/name&gt;&#x000D;&#x000A;&#x0009;&lt;SSIDConfig&gt;&#x000D;&#x000A;&#x0009;&#x0009;&lt;SSID&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&lt;hex&gt;4E455753534944283229&lt;/hex&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&lt;name&gt;NEWSSID(2)&lt;/name&gt;&#x000D;&#x000A;&#x0009;&#x0009;&lt;/SSID&gt;&#x000D;&#x000A;&#x0009;&#x0009;&lt;nonBroadcast&gt;false&lt;/nonBroadcast&gt;&#x000D;&#x000A;&#x0009;&lt;/SSIDConfig&gt;&#x000D;&#x000A;&#x0009;&lt;connectionType&gt;ESS&lt;/connectionType&gt;&#x000D;&#x000A;&#x0009;&lt;connectionMode&gt;auto&lt;/connectionMode&gt;&#x000D;&#x000A;&#x0009;&lt;autoSwitch&gt;true&lt;/autoSwitch&gt;&#x000D;&#x000A;&#x0009;&lt;MSM&gt;&#x000D;&#x000A;&#x0009;&#x0009;&lt;security&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&lt;authEncryption&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&#x0009;&lt;authentication&gt;open&lt;/authentication&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&#x0009;&lt;encryption&gt;WEP&lt;/encryption&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&#x0009;&lt;useOneX&gt;false&lt;/useOneX&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&lt;/authEncryption&gt;&#x000D;&#x000A;&#x0009;&#x0009;&#x0009;&lt;preAuthThrottle&gt;3&lt;/preAuthThrottle&gt;&#x000D;&#x000A;&#x0009;&#x0009;&lt;/security&gt;&#x000D;&#x000A;&#x0009;&lt;/MSM&gt;&#x000D;&#x000A;&lt;/WLANProfile&gt;&#x000D;&#x000A;" />
        <parm name="Proxy" datatype="string" value="" />
      </characteristic>
    </characteristic>
  </characteristic>
  <characteristic type="CertificateStore">
    <characteristic type="Root">
      <characteristic type="System">
        <characteristic type="92F6A5FF349A519F26C8D863758904380FB97F97">
          <parm name="EncodedCertificate" value="MIIDzz...aEk/A==" />
        </characteristic>
      </characteristic>
    </characteristic>
  </characteristic>
</wap-provisioningdoc>

Troubleshooting

A setting didn’t provision properly during OOBE. Make sure that you followed the format guidelines for each characteristic node in the Prov.xml file. An incorrect format could cause a step to be skipped during the provisioning process with no error occurring. For information about correct formatting, see the correct configuration service provider under Configuration service provider reference.