User: Password:
   Keep me logged in.
Register  |  I forgot my password

Login  |  Register

Hyperlink Directory  - Article Details

Secure and lock down a Windows PC for special use applications (kiosk mode)

Date Added: April 29, 2016 05:02:32 PM
Author: mirabyte Support Team
Category: Computers
Windows PCs are commonly used as general purpose computers for all sorts of things like writing letters, editing photos or surfing the Web. However, there are also specialized use cases where the PC is supposed to be used only in a very restricted way. Imagine a public kiosk terminal that may only be used to allow Web browsing or to provide access to a single, specialized application like a booking system. Also terminals in museums or at exhibitions have special requirements in regards to security and functionality. In most cases the underlying operating system (Windows) must be secured and locked down in a way that only a predefined application can be executed and that the end user has no further access to other applications or critical operating system functions. The Windows operating system itself comes with a number of features that allow locking down and protecting a PC in such a way but these settings are scattered all over the operating system (e.g. in the Windows registry, in configuration files and many other places). Preparing a PC for a specialized use case can be quite challenging and time-consuming. In this tutorial we show how you can setup a Windows PC for kiosk applications within minutes using the free software tool "FrontFace Lockdown Tool". The Lockdown Tool aggregates all relevant configuration options of Windows for kiosk or digital signage use cases in one intuitive user interface and even allows the creation of configuration profiles so that you can instantly provision a new PC with your predefined configuration settings. This applies to all Windows versions starting at Windows Vista but also covers Windows 7, Windows 8.1 as well as the current Windows 10. It is also important to state that Windows is not only available as consumer version (such as "Pro" or "Standard") but also in special flavors that are exclusively targeting kiosk or industrial use cases ("Embedded"). But most special features of the embedded versions are also available in the consumer versions and can be configured conveniently using the FrontFace Lockdown Tool. Prior versions of Windows (XP) came with a dedicated kiosk mode (called Windows SteadyState) which is not available any more. But by using the Lockdown Tool it is possible to configure a normal Windows installation in such a way that it resembles the previously available kiosk mode. After you downloaded FrontFace Lockdown Tool ( simply start the application (no installation needed) on the PC that you want to lock down. On the left hand side, you find the main menu that groups the various settings that are available into sections like "Startup & Shutdown", "Continuous Operation" and "Protection & Security". You can also select from the dropdown menu below the main menu for which Windows user account you want to apply the changes. It is important to note that some settings affect only the selected user account while others apply to the entire system. All settings are marked with an icon that either shows a PC (for system-wide settings) or a person (for user-specific settings). You can also select a predefined configuration profile on the start page that appears when you launch the tool. If you want to lock down a kiosk PC, select "Interactive Kiosk Terminal" and then hit "Load Profile". After that, you can browse through all the settings and check if the default values of that profile are fine with you or if you prefer to modify them. It is recommended to create a separate (restricted) Windows user account. You can then configure the Lockdown Tool to automatically log on with that user account when the PC boots. In addition to that, you can also select any Windows application to be used as "custom shell". By default, the Windows Explorer is the default shell. If you select another application, the PC will only start that application without start menu, taskbar and desktop. You can select the Internet Explorer (iexplore.exe) or an app like FrontFace for Touch Kiosks ( Furthermore, you can also set several security options, e.g. you can disable the keyboard shortcut CTRL+ALT+DEL and the Windows key. Please use this setting carefully because it can lead to a point where you are entirely locked out from the PC and have no way to revert your changes unless you revert to the last system restore point using the Windows repair console. The best setup is to have a restricted kiosk user account that is logged on automatically and a normal administrator user account for management purposes. When the PC starts, keep the SHIFT button pressed to prevent the automatic login. The you can select the admin user, enter your password and start the Lockdown Tool to revert any changes that otherwise might prevent certain administrative tasks that you want to perform. But do not forget to reapply the settings afterwards to secure your system again!
You must be logged in to leave a rating.
(0 votes)

No Comments Yet.

You must be logged in to leave a Comment.