A kiosk
machine is a very locked down PC that allows to perform one simple task, such
as running one application, or browsing to one, or a limited set of websites.
Windows
itself only requires basic configuration and some group policy changes. We haven't joined these machines to
domain, so group policy changes were done locally by local GPO described below. We made all the obvious changes, like
disabling screensavers, power saving.
After
deployment of OS using MDT task sequence and manually restarting PC Your
receive only Internet Explorer
There is no
possibility that user will close this application or run another.
Users also cannot logoff or shutdown PC. Using specified key combination You can display command line – this keyboard shortcut
should not be reveled for users. Task manager is blocked but You can run Process Explorer from cmd – it is in
C:\windows\procexp.exe
Users should
be automatically login with standard user – to do this use
autologon.exe from c:\windows, e.g:
autologon.exe suser “” password
then reboot
autologon.exe suser “” password
then reboot
GPO details:
To display only Internet explorer and Chrome:
User
Configuration > Administrative Templates > System > Custom user
interface
and set it:
“c:\windows\kiosk.exe”
To disable Task manager (CTRL+ALT-DEL) configure GPO:
Configure
User Configuration >Policies >Administrative Templates >System >Ctrl+Alt+Del
Option >Remove Task Manager >EnableConfigure Computer Configuration >Policies >Administrative Templates >System >Group Policy >User Group Policy loopback processing mode >Enable >Mode: Merge
Power button settings:
Computer
Configuration > Policies > Administrative Templates > System > Power
Management > Button Settings
Power management:
Computer
Settings > Administrative Templates > System > Power Management >
Sleep settings
Custom user interface
(shell)
We created
custom user interface (shell) using AutoHotKey application. We wrote some macro
which control all keyboard shortcuts like CTRL+ESC or CRTL+F4. Below is a
listening of this macro:
|
Run
"%ProgramFiles%\Internet Explorer\iexplore.exe"
;
Custom Hotkeys
;
;
;
;
;
Block System Specific Keys
;!Tab::return
; Alt+Tab to change Windows
!F4::return
; Alt+F4 to close Windows
LWin::return
; Left Windows Key
RWin::return
; Right Windows Key
^Esc::return
; Task Manager
RButton::Return
MButton::Return
^MButton::Return
!MButton::Return
+MButton::Return
^RButton::Return
!RButton::Return
+RButton::Return
^LButton::Return
!LButton::Return
+LButton::Return
^J::Return
^H::Return
^W::Return
^G::Return
^S::Return
^B::Return
^I::Return
+F10::Return
^+Delete::Return
^!Delete::Return
^NumpadAdd::Return
^NumpadSub::Return
^=::Return
^-::Return
^WheelUp::Return
^WheelDown::Return
; Set
the following to only work against Internet Explorer
#IfWinActive
ahk_class IEFrame
;
Block IE Specific Ctrl+Key sequences
^T::return
; New Tab
^K::return
; Duplicate Tab
^N::return
; New Windows
;^O::return
; Open File/Location
^S::return
; Save As
^W::return
; Close Tab
^P::return
; Print
^J::return
; Downloads
^I::return
; Favorites
^H::return
; History
^G::return
; Feeds
F1::return
; Help
F12::return
; Developers Console
^+I::return
; Favorites
^+H::return
; History
^+G::return
; Feeds
^+P::return
; InPrivate Browsing
#IfWinActive
; End the WinActive command
|
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserOptions"=dword:00000001
"NoBrowserClose"=dword:00000001
"NoFileOpen"=dword:00000001
"NoOpenInNewWnd"=dword:00000000
