适用于 IT 专业人员的配置服务提供程序Configuration service providers for IT pros

适用范围Applies to

  • Windows 10Windows 10
  • Windows10 移动版Windows 10 Mobile

本文介绍 IT 专业人员和系统管理员如何利用配置服务提供程序 (CSP) 提供的许多设置来配置组织中运行 Windows 10 和 Windows 10 移动版 的设备。This article explains how IT pros and system administrators can take advantage of many settings available through configuration service providers (CSPs) to configure devices running Windows 10 and Windows 10 Mobile in their organizations. CSP 在设备上公开设备Windows 10。CSPs expose device configuration settings in Windows 10. 这些 CSP 由移动设备管理 (MDM) 使用,并记录在 硬件开发人员中心The CSPs are used by mobile device management (MDM) service providers and are documented in the Hardware Dev Center.

备注

此处提供的有关 CSP 和 CSP 文档的信息也适用于 Windows Mobile 5、Windows Mobile 6、Windows Phone 7 和 Windows Phone 8,但指向当前 CSP 的链接适用于 Windows 10 和 Windows 10 移动版。The information provided here about CSPs and CSP documentation also applies to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.

请参阅版本 1809 中适用于 WINDOWS 10 的新增功能。See what's new for CSPs in Windows 10, version 1809.

什么是 CSP?What is a CSP?

在客户端操作系统中,CSP 是预配文档中指定的配置设置与设备上配置设置之间的接口。In the client operating system, a CSP is the interface between configuration settings that are specified in a provisioning document and configuration settings that are on the device. CSP 类似于组策略客户端扩展,因为它们提供了一个接口,用于读取、设置、修改或删除给定功能的配置设置。CSPs are similar to Group Policy client-side extensions in that they provide an interface to read, set, modify, or delete configuration settings for a given feature. 通常,这些设置映射到注册表项、文件或权限。Typically, these settings map to registry keys, files, or permissions. 其中一些设置是可配置的,有些是只读的。Some of these settings are configurable, and some are read-only.

从 Windows Mobile 5.0 开始,使用 WINDOWS移动设备进行管理。Starting with Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. 在 Windows 10 平台上,桌面和移动设备的管理方法融合在一起,利用同一个 CSP 配置和管理所有运行 Windows 10。On the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.

每个 CSP 都提供对特定设置的访问权限。Each CSP provides access to specific settings. 例如,WLAN CSP 包含该设置以创建 WLAN 配置文件。For example, the Wi-Fi CSP contains the settings to create a Wi-Fi profile.

CSP 支持许多管理任务和策略,Windows 10在 Microsoft Intune 和非 Microsoft MDM 服务提供商中。CSPs are behind many of the management tasks and policies for Windows 10, both in Microsoft Intune and in non-Microsoft MDM service providers. 例如,在 Intune 中,允许在 Microsoft Edge 地址栏中搜索建议的策略在策略 CSP 中使用 Browser/AllowSearchSuggestionsinAddressBarFor example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses Browser/AllowSearchSuggestionsinAddressBar in the Policy CSP.

Intune 映射到 CSP 的方式

CSP 接收基于 XML 的同步标记语言 (SyncML) 格式的配置策略,这些策略从 MDM 兼容的管理服务器(如 Microsoft Intune)推送。CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. 传统企业管理系统(如 Microsoft Endpoint Configuration Manager)还可使用客户端 Windows Management Instrumentation (WMI) 到 CSP 桥面向 CSP。Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.

同步标记语言 (SyncML)Synchronization Markup Language (SyncML)

开放移动联盟设备 (OMA-DM) 协议使用基于 XML 的 SyncML 在兼容服务器和客户端之间交换数据。The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based SyncML for data exchange between compliant servers and clients. SyncML 提供了一种开放的标准,可用作特定于供应商的管理解决方案(例如 WMI)的替代方法。SyncML offers an open standard to use as an alternative to vendor-specific management solutions (such as WMI). 对于采用行业标准管理协议的企业,其价值在于它允许使用单个平台(如 Microsoft Intune)来管理一组更加广泛的供应商设备。The value for enterprises adopting industry standard management protocols is that it allows the management of a broader set of vendor devices using a single platform (such as Microsoft Intune). 包括 VPN 连接配置文件在内的设备策略将传递到格式化为 SyncML 的客户端设备。Device policies, including VPN connection profiles, are delivered to client devices formatted as in SyncML. 目标 CSP 会读取此信息并应用必要的配置。The target CSP reads this information and applies the necessary configurations.

WMI 到 CSP 桥The WMI-to-CSP Bridge

WMI 到 CSP 桥是允许使用脚本Windows 10传统企业管理软件(如使用 WMI 的 Configuration Manager)配置云解决方案提供商的组件。The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs using scripts and traditional enterprise management software, such as Configuration Manager using WMI. 该桥负责读取 WMI 命令,并通过被称为常用设备配置器的组件将它们传递到设备上适用于应用程序的 CSP。The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.

了解如何与 PowerShell 结合使用 WMI 桥提供程序。Learn how to use the WMI Bridge Provider with PowerShell.

为什么应该了解 CSP?Why should you learn about CSPs?

通常情况下,企业依赖组策略或 MDM 来配置和管理设备。Generally, enterprises rely on Group Policy or MDM to configure and manage devices. 对于运行 Windows 的设备,MDM 服务使用 CSP 配置你的设备。For devices running Windows, MDM services use CSPs to configure your devices.

此外,你可能拥有非托管设备,或者你想要在管理中注册设备之前配置大量设备。In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management. 你可能还需要应用无法通过 MDM 服务提供的自定义设置。You may also want to apply custom settings that aren't available through your MDM service. CSP 文档可以帮助你了解可进行配置或查询的设置。The CSP documentation can help you understand the settings that can be configured or queried.

Technet 上的 Windows 10 和Windows 10 移动版库中的一些文章包含指向适用的云解决方案提供商参考主题的链接,例如链接到策略 CSP 的业务或企业中的Cortana集成Some of the articles in the Windows 10 and Windows 10 Mobile library on Technet include links to applicable CSP reference topics, such as Cortana integration in your business or enterprise, which links to the Policy CSP. 在 CSP 主题中,你可以了解所有可用的配置设置。In the CSP topics, you can learn about all of the available configuration settings.

Windows 配置设计器中的 CSPCSPs in Windows Configuration Designer

可以使用 Windows 配置设计器创建预配包,以在开箱即用体验 (OOBE) 和设置设备后将设置应用到设备。You can use Windows Configuration Designer to create provisioning packages to apply settings to devices during the out-of-box-experience (OOBE), and after the devices are set up. 还可使用预配包配置设备连接,在 MDM 中注册设备。You can also use provisioning packages to configure a device's connectivity and enroll the device in MDM. Windows 配置设计器中的许多运行时设置都基于 CSP。Many of the runtime settings in Windows Configuration Designer are based on CSPs.

Windows 配置设计器中的许多设置将在中心窗格中显示有关该设置的文档,如果该设置使用 CSP,还将包括对该 CSP 的引用,如下图所示。Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.

帮助内容在 ICD 中的显示方式

Windows 10 中的预配包说明了如何使用 Windows 配置设计器工具创建运行时预配包。Provisioning packages in Windows 10 explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.

MDM 中的 CSPCSPs in MDM

大多数(如果并非全部)CSP 均通过你的 MDM 服务显示。Most, if not all, CSPs are surfaced through your MDM service. 如果你看到的 CSP 可提供要使用的功能,并且无法在你的 MDM 服务中找到该功能,请联系你的 MDM 提供商以寻求帮助。If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. 其命名方式可能不同于您预期的名称。It might be named differently than you expected. 你可以在配置服务提供程序参考中看到 MDM 支持的 CSP。You can see the CSPs supported by MDM in the Configuration service provider reference.

当某个 CSP 可用但是未显式包含在你的 MDM 解决方案中时,你可以通过 OMA-URI 设置来使用该 CSP。When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. 例如,在 Intune 中,你可以使用 自定义策略设置 来部署设置。In Intune, for example, you can use custom policy settings to deploy settings. Intune 会记录你可以在自定义策略的OMA URI 设置 部分中输入的 设置的部分列表 ,前提是你的 MDM 服务提供该扩展。Intune documents a partial list of settings that you can enter in the OMA-URI Settings section of a custom policy, if your MDM service provides that extension. 你将注意到,该列表不会解释允许值和默认值的含义,因此使用 CSP 参考文档 来找到该信息。You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the CSP reference documentation to locate that information.

锁定 XML 中的 CSPCSPs in Lockdown XML

锁定 XML 可用于配置运行 Windows10 移动版的设备。Lockdown XML can be used to configure devices running Windows 10 Mobile. 你可以手动编写锁定 XML 文件以使用通过 EnterpriseAssignedAccess 配置服务提供程序 (CSP) 提供的配置设置。You can manually author a Lockdown XML file to make use of the configuration settings available through the EnterpriseAssignedAccess configuration service provider (CSP). 在 Windows 10 版本 1703 中,还可以使用新的锁定设计器应用配置锁定 XML。In Windows 10, version 1703, you can also use the new Lockdown Designer app to configure your Lockdown XML.

如何使用 CSP 文档?How do you use the CSP documentation?

Windows10 中的所有 CSP 都记录在配置服务提供程序参考中。All CSPs in Windows 10 are documented in the Configuration service provider reference.

主 CSP 主题向你介绍每个 Windows10 版本上所支持的 CSP,并链接到每个单独 CSP 的文档。The main CSP topic tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.

每个 Windows 版本的 CSP

每个 CSP 的文档都遵循相同的结构。The documentation for each CSP follows the same structure. 在说明 CSP 用途的简介之后,提供可采用树格式显示 CSP 的各个部分的图表。After an introduction that explains the purpose of the CSP, a diagram shows the parts of the CSP in tree format.

特定配置设置的完整路径由它的开放移动联盟 - 统一资源标识符 (OMA-URI) 来表示。The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). 该 URI 与设备的根节点(例如 MSFT)相关。The URI is relative to the devices’ root node (MSFT, for example). 受特定 CSP 支持的功能可以通过寻址完整的 OMA-URI 路径进行设置。Features supported by a particular CSP can be set by addressing the complete OMA-URI path.

以下示例将显示 AssignedAccess CSP 的图表。The following example shows the diagram for the AssignedAccess CSP. 此图表将映射到该 CSP 的 XML 中。The diagram maps to the XML for that CSP. 请注意图表中的不同形状:圆角元素为节点,矩形元素是必须提供值的设置或策略。Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.

分配的访问 CSP 树

树图表中位于根节点后的元素指示 CSP 的名称。The element in the tree diagram after the root node tells you the name of the CSP. 通过了解此结构,你将在 XML 中识别该 CSP 的 URI 路径部分,如果你已在 XML 中看到它,则会知道要查找的 CSP 引用。Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. 例如,在展台模式应用设置的以下 OMS-URI 路径中,你可以看到它使用 AssignedAccess CSPFor example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the AssignedAccess CSP.

./Vendor/MSFT/AssignedAccess/KioskModeApp

当图表中的某个元素使用 italic 字体时,它指示特定信息的占位符,如以下示例中的租户 ID。When an element in the diagram uses italic font, it indicates a placeholder for specific information, such as the tenant ID in the following example.

CSP 树中的占位符

此图表后的文档介绍了每个元素。After the diagram, the documentation describes each element. 针对每个策略或设置,列出有效值。For each policy or setting, the valid values are listed.

例如,在 AssignedAccess CSP中,该设置为 KioskModeAppFor example, in the AssignedAccess CSP, the setting is KioskModeApp. 该文档向你介绍 KioskModeApp 的值为 JSON 字符串,其中包含用户帐户名称和展台模式应用的应用程序用户模型 ID (AUMID)。The documentation tells you that the value for KioskModeApp is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.

大多数 CSP 的文档还将包括一个 XML 示例。The documentation for most CSPs will also include an XML example.

CSP 示例CSP examples

CSP 提供对可用于企业的大量设置的访问权限。CSPs provide access to a number of settings useful to enterprises. 本节介绍企业可能会发现有用的 CSP。This section introduces the CSPs that an enterprise might find useful.

  • EnterpriseAssignedAccess 云解决方案提供商EnterpriseAssignedAccess CSP

    EnterpriseAssignedAccess CSP 允许 IT 管理员在设备上配置Windows 10 移动版设置。The EnterpriseAssignedAccess CSP lets IT administrators configure settings on a Windows 10 Mobile device. 企业可以利用此 CSP 来创建单独使用或限制使用的移动设备,例如仅运行价格检查应用的手持设备。An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.

    除了锁屏界面墙纸、主题、时区和语言之外,EnterpriseAssignedAccess CSP 还包括 AssignedAccessXml,可用于通过以下设置锁定设备:In addition to lock screen wallpaper, theme, time zone, and language, the EnterpriseAssignedAccess CSP includes AssignedAccessXml that can be used to lock down the device through the following settings:

    • 启用或禁用操作中心。Enabling or disabling the Action Center.
    • 在“开始”屏幕布局中配置磁贴列数。Configuring the number of tile columns in the Start layout.
    • 限制将在设备上可用的应用。Restricting the apps that will be available on the device.
    • 限制用户可以访问的设置。Restricting the settings that the user can access.
    • 限制将可操作的硬件按钮。Restricting the hardware buttons that will be operable.
    • 阻止访问上下文菜单。Restricting access to the context menu.
    • 启用或禁用磁贴操作。Enabling or disabling tile manipulation.
    • 创建特定于角色的配置。Creating role-specific configurations.
  • 策略 CSPPolicy CSP

    策略 CSP 使企业能够在策略和策略Windows 10 Windows 10 移动版。The Policy CSP enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. 其中某些设置也可使用组策略进行应用,CSP 将列出等效的组策略设置。Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.

    策略 CSP 中提供的某些设置包括以下内容:Some of the settings available in the Policy CSP include the following:

    • 帐户,例如是否可以将非 Microsoft 帐户添加到设备。Accounts, such as whether a non-Microsoft account can be added to the device.
    • 应用程序管理,例如是否Microsoft Store应用程序。Application management, such as whether only Microsoft Store apps are allowed.
    • 蓝牙,例如允许其使用的服务。Bluetooth, such as the services allowed to use it.
    • 浏览器,例如限制 InPrivate 浏览。Browser, such as restricting InPrivate browsing.
    • 连接,例如设备是否可以通过 USB 连接到计算机。Connectivity, such as whether the device can be connected to a computer by USB.
    • Defender (仅针对桌面) ,如要扫描的一天和一段时间。Defender (for desktop only), such as day and time to scan.
    • 设备锁定,例如解锁设备所需的 PIN 或密码类型。Device lock, such as the type of PIN or password required to unlock the device.
    • 体验,例如允许 Cortana。Experience, such as allowing Cortana.
    • 安全性,例如是否允许设置包。Security, such as whether provisioning packages are allowed.
    • 设置, 例如允许用户更改 VPN 设置。Settings, such as enabling the user to change VPN settings.
    • " 开始"屏幕,例如应用标准"开始"屏幕布局。Start, such as applying a standard Start layout.
    • 系统,例如允许用户重置设备。System, such as allowing the user to reset the device.
    • 文本输入,例如允许设备向 Microsoft 发送匿名用户文本输入数据示例。Text input, such as allowing the device to send anonymized user text input data samples to Microsoft.
    • 更新,例如设备是否可以使用 Microsoft 更新、Windows Server Update Services (WSUS) 或Microsoft Store。Update, such as whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store.
    • WiFi, 例如是否已启用 Internet 共享。WiFi, such as whether Internet sharing is enabled.

下面是 Windows10 企业版、Windows10 移动企业版或这两个版本都支持的 CSP 列表:Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both: