The requirement for setting up Single App are as follows. it must be a Windows 10 Pro, Enterprise, and Education Edition. The same requirements apply to the Multi-App kiosk. Here are the prerequisite to setting up a single Kiosk application as it relates to my environment.1. Turn on User Access Control (UAC): Please refer to the following guides for related articles. Pre-requisites for setting up a Single and Multi App Kiosk, and how to disable the sleep mode in Windows 10 to never turn off the display, what is Registry Editor and how to access the registry hives and how to search through Windows Registry.
UAC must be turned on to enable kiosk mode
- Search for User Access Control under the search menu or
- From the Control Panel,
- Click on User Accounts
- Click on User Accounts and
- Click on Change User Account Control Settings
Kiosk mode is not supported over a remote desktop connection (RDP). Your kiosk users must sign-in on the physical device that is set up as a kiosk. Apps that run in kiosk mode cannot use copy and paste. Also, Kiosk Mode can be tested and deployed on a Hyper- VM, and VMware Horizon.
2. Hide update notifications
Here are the steps in hiding notifications on your workstation. Launch the Group Policy Editor and navigate through the following errors
- Computer Configuration
- Administrative Templates
- Windows Components
- Windows Update
- Display options for update notifications
Or this can also be done via the registry key and MDM as well. But will discuss only the registry settings too.
Navigate to this path
- HKLMSOFTWAREPoliciesMicrosoftWindowsWindowsUpdate
Set the following parameters as follow. - SetUpdateNotificationLevel with a value of 1, and
- UpdateNotificationLevel with a value of 1 to hide all notifications except restart warnings, or
- value of 2 to hide all notifications, including restart warnings.
The “UpdateNotificationLevel” has been entered as 1
3. Enable and schedule automatic updates: Here are the steps below to have this done. Launch the Group Policy Editor
- Computer Configuration
- Administrative Templates
- Windows Components
- Windows Update
- Configure Automatic Updates, and select option 4 (Auto download and schedule the install).
To schedule the automatic update,
– Configure Schedule Install Day, Schedule Install Time, and
– Schedule Install Week.
4. Enable automatic restart at the scheduled time: Follow the following steps to achieve this.
- Launch the Group Policy Editor
- Computer Configuration
- Administrative Templates
- Windows Components
- Windows Update
- Always automatically restart at the scheduled time
5. Replace The blue screen Error (BSoD error) with a blank screen for OS Errors: See this link on how this is configured
6. Put the device in Tablet mode: Follow the steps below and if you also want your users to be able to use the touch (on-screen) keyboard.
- Click on Settings
- System
- Tablet mode and choose On.
Note: Do not turn on this setting if users will not interact with the kiosk, such as for a digital sign.
7. Hide Ease of access feature on the sign-in screen: Use the following article to have this done.
– See remove the power button from the Welcome screen and block the physical power button.
8. Disable the hardware power button: Here are the steps below to perform this task.
- Access and click on the Power Options
- Choose what the power button does,
- Change the setting to Do nothing, and then
- Click on save changes.
Control PanelHardware and SoundPower OptionEdit Plan Settings
9: Remove the power button from the sign-in screen. Here are the steps below to have this done.
- Launch the GPO Editor
- Go to Computer Configuration
- Windows Settings
- Security Settings
- Local Policies
- Security Options
- Shutdown: Here under a “Allow the system to be shut down without having to log on” and
- Select Disabled.
10: Disable the camera: Here are the steps to have this done.
- Click on Settings
- Privacy
- Click on Camera, and
- Turn off Let apps use my camera.
11: Turn off app notifications on the lock screen. Follow the steps below to have this done. Open the Group Policy Editor
- Click on Computer Configuration
- Administrative TemplatesSystemLogon
- And Turn off app notifications on the lock screen
12: Disable removable media.
- Launch the Group Policy Editor
- Computer Configuration
- Administrative Templates
- SystemDevice InstallationDevice Installation Restrictions.
Review the policy settings available in Device Installation Restrictions for the settings applicable to your situation.
– Note: To prevent this policy from affecting a member of the Administrators group, in Device Installation Restrictions, enable Allow administrators to override Device Installation Restriction policies.
13: Enable AssignedAccess logging: This helps in troubleshooting errors associated with Assigned Access. Follow the steps to have this turned on.
- Lunch the event viewer and navigate to Microsoft
- Expand Window
- Assigned Access and
- Enable Log
The image below shows the Assigned Access Log has been enabled.
14. Enable Automatic logon: You may want to set up automatic login for your kiosk device follow the steps in this article.
15. Prevent users from shutting down in a VM: Follow the steps described in this link.
16. How to Remove the All Apps Option from Windows Start Menu via GPO /Registry: Follow the steps described in this link.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.