Powershell – Windows 10 Kiosk Modus with Custom shell

powershellwindows 10

I would like to setup a Kiosk Modus where user is logged on and Browser starts automatically.

Windows Custom Shell

$COMPUTER = "localhost"
$NAMESPACE = "root\standardcimv2\embedded"

# Create a handle to the class instance so we can call the static methods.
$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"


# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.

$Admins_SID = "S-1-5-32-544"

# Create a function to retrieve the SID for a user account on a machine.

function Get-UsernameSID($AccountName) {

    $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
    $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])

    return $NTUserSID.Value

}

# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.

$Kiosk_SID = Get-UsernameSID("Kiosk")

# Define actions to take when the shell program exits.

$restart_shell = 0
$restart_device = 1
$shutdown_device = 2

# Set Internet Explorer as the shell for "Cashier", and restart the machine if it's closed.

$ShellLauncherClass.SetCustomShell($Kiosk_SID, "c:\program files\internet explorer\iexplore.exe www.google.com", ($null), ($null), $restart_shell)

# Enable Shell Launcher

$ShellLauncherClass.SetEnabled($TRUE)

When i execute this powershell script and logon with kiosk i only see a black screen.

Best Answer

Why so complicated?

Windows allows you to set a custom user interface via one registry line or with the help of Group Policys.

GPO:

User Configuration\Administrative Templates\System\Custom User Interface

Here you can set e.g. 

C:\Program Files\Internet Explorer\iexplore.exe -k www.google.de

This will not only open the Internet Explorer instead of explorer as user interface, IE will also be full screen (the -k option).

Registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Here you need a REG_SZ Item with the same content as above. If the "system" Key does not exist, create it. And since this is done in the "Current User" Hive, this will only affect the user that is logged on at the moment.

I am using this on some kiosk computers where only one specific site should be accessible, and it works fine (i use a domain computer, so i am using the GPO method).

Related Topic