Unsolved Fully lock down windows machine with 2 apps allowed
-
I got a query from a friend who wants to use a windows machine with just chrome browser and one exe running in the background. No other apps, no other access. Not even desktop. What is the best way to achieve this? Ideally admin should be able to use some hotkey or something to make any changes or access things if needed to troubleshoot.
-
First question, and I know it breaks the confines of the original constraints, but this is exactly where Linux normally shines. Is there a technical reason to be doing this on Windows rather than Linux?
-
I am assuming because of the .exe in the background, but it has to be asked.
-
What about Windows Kiosk Mode?
http://blogs.msdn.com/b/hyperyash/archive/2013/10/25/enable-kiosk-mode-in-windows-8-1.aspx
-
@scottalanmiller Yes, when i first heard about his requirement, i suggested http://porteus-kiosk.org/ but when he told me about .exe file, then the only good option is to have Windows, not sure how well wine works for this.
-
@scottalanmiller said:
What about Windows Kiosk Mode?
http://blogs.msdn.com/b/hyperyash/archive/2013/10/25/enable-kiosk-mode-in-windows-8-1.aspx
Need to check if this is a modern application. Its a card reader software, and this kiosk will be used in a reception area where visitors will walk in, scan their card and walk in. The card is like our social security card, which pulls all details of the user. So the exe works in the background which reads the data from the card, and browser is used to enter some details/interact with the user
-
Do you know what the name of the Software is. It sounds like it might be something specific to the "Microsoft World". Wine may assist with it, but it's likely that this Software hasn't been tested on Wine.
-
But if all the software is doing it pulling data off the card and presenting it to a webpage... you might just luck out.
-
I haven't looked into it at all or really know anything about it. I've heard Windows 10 IOT has some kind of kiosk mode where you can lock it down to a couple apps.
-
Easy just replace the Windows shell (explorer) with a script that runs chrome and the other background process. You can do this with group in policy (locally or domain) or registry. We use SiteKiosk for stuff like this though.
-
@Ambarishrh said:
Not even desktop. What is the best way to achieve this? Ideally admin should be able to use some hotkey or something to make any changes or access things if needed to troubleshoot.
Ok, so then the best way to do this is going to be Shell replacement (with a script to run chrome and background task, maybe even auto hotkey and use it watchdog function incase it gets closed). Make an MMC snap in locally on the computer for group in policy management that is targeted to standard users apply that there as well as other restrictions on the system such as blocking Ctrl+alt+del. You should look up microsofts group policy templates for creating a steady state like environment.
Make an admin account and a standard account both with Passwords. Have the computer auto login and force auto login to the standard account. You can over ride by hitting the shift key and then entering the admin pass. If you need to make changes to the standard user account you can elevate it to an admin to bypass the group policy restrictions in place.
I'd also recommend putting deep freeze, drive vaccine or the like on it.
-
He wont be able to do too much of GP edits, wanted to test:
http://www.sitekiosk.com/web/us/products/windows-kiosk-software-sitekioskhttp://www.mirabyte.com/en/products/frontface-lockdown-tool/
-
Checking in on this one, is this one ready to be closed out? Is there any additional information to be included?