5

I am trying to lockdown computers running windows 8.1 Enterprise/Standard with a touch screen attached to it.

What I'm trying to achieve

Have a kiosk user with only access to a web browser. The web browser should be set to only display a specific website and any users interacting with the screen should not be able to visit any other website or somehow browse the system with the help of touch gestures.

What I've tried

Assigned Access - Works very well except that I can't seem to remove or disable the address bar in the IE metro app. If I could disable it I could probably set my website to default website in IE Metro and everything would be OK.

iexplore -k http://my.website.com - This is almost perfect, no address bar and only access to the specified. BUT, the touch gestures are still active and the user can swipe from the right and access the system sidebar.

Software I've tried

Classic Shell to deactivate all Windows 8 touch gestures, didn't work.

Start8 as well, didn't work. I can still swipe from the right.

I don't have any Synaptics touch drivers so that wont work.

Registry

Created a DWORD value "DisableCharmsHint" and set the value to 1 under: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\EdgeUi

I read somehere That I should edit this as well:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Shell

That key doesn't exist.

[UPDATE]

Tried the following: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ImmersiveShell\EdgeUI] "DisabledEdges"=dword:0000000f

Didn't work either.

Grimmjow
  • 181

3 Answers3

3

Okey so I solved my problem with a simple .bat script. Basically, all the "charms" are connected to explorer.exe, if you kill this process, you kill the charms(touch gestures).

After explorer.exe is killed, you run "iexplore -k http://my.website.com", now true kiosk mode is enabled without any edge/touch/whatever gestures.

I put the script in the startup folder for my local KioskUser (to enable the startup folder in windows 8, go to run and enter "shell:startup")

When the computer starts, Kiosk User signs in, after a few seconds my script is called and kiosk mode is activated. To exit kiosk mode, press alt+F4 and explorer.exe will return.

:: kill explorer
taskkill /f /im explorer.exe

:: Run IE
"C:\Program Files\Internet Explorer\iexplore.exe" -k http://192.168.2.82:8000

:: Run explorer when kiosk mode is deactivated (by pressing alt+F4)
explorer.exe

This is the best solution I have found so far.

Grimmjow
  • 181
0

I am sure I am resurrecting a dead thread but for others that may have the same issue.

  1. If you are a corporation you may have access and licensing for Win 8.1 Enterprise Industry Embedded. There are several lock down tools including locking out gestures to specific users and enabling for others only. Once you have it configured you can export as ps1 script for tweaking and deployment later.

  2. If you have a license for Visual studio you can do some searches for making your own windows 8 app locked down to a single webpage. It is about 3 lines of code you add for something really basic (much more complex if the website doesn't want to load in that simple app though). Couple that app with the app launcher capabilities of 8.1 Embedded and you have a near bulletproof machine.

Steve Sweeny
  • 1
0

I have recently built a public internet browsing kiosk for a customer using Firefox and an addon called mkiosk. It runs on Windows 8 with Bing, everythig else is free. I used Grimmjows idea (thanks) of killing the explorer process to disable charms and locked it down using several registry settings. Full instructions are available here.

Bruce Wallace
  • 1