Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Reviews
  • Contact
  • Toggle search form

Single App Kiosk Mode: Assigned Access using Local Settings

Posted on 18/01/202022/02/2025 IT Expert By IT Expert No Comments on Single App Kiosk Mode: Assigned Access using Local Settings
  1. Home
  2. Windows
  3. Single App Kiosk Mode: Assigned Access using Local Settings
Assigned Access

Single App Kiosk Mode is also referred to as “Assigned Access”. It is a feature in Windows that allows you to set up a specific application to run in a restricted kiosk-like mode on a device. In this mode, the user can only access and interact with a single designated application, and they are prevented from accessing the rest of the operating system or making any system changes. In this article, you will learn about Single App Kiosk Mode: Setup Assigned Access using Local Settings. Please see how to Disable or Remove Kiosk Mode Via the Local Settings, and how to delete an Instance (AssignedAccess) when applied via MDM WMI bridge Provider.

This Single App Kiosk Mode feature is often used in scenarios where a device needs to be dedicated to a specific task or purpose, such as information kiosks, digital signage, or point-of-sale systems.

Please see the following exciting articles: About – Windows 10 Single / Multi App Kiosk, and how to configure “Single App Kiosk Mode Configuration using MDM Bridge WMI Provider“.

What to note before provisioning your Kiosk Device

A single-app kiosk configuration runs an app above the lock screen. It doesn’t work when it’s accessed remotely via an RDP connection with the exception to VMware Horizon and Hyper-V because of how the VMs are accessed but not via RDP.

When you connect to a VM configured as a single-app kiosk, you need a basic session rather than an enhanced session. Please see the prerequisites for setting up Assigned Access Device, and how to Disable credential Prompts for Remote Desktop Connections.

Implementation of Single App Kiosk Mode Using Local Settings

Desired result:  A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the application is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.

To see how this is done via the PowerShell scripts. It is advisable and recommended to use a local account with the least privilege when setting up a kiosk application because a domain or service account can be hacked and this introduces risks that might allow an attacker to subvert the assigned access application to gain access to sensitive domain resources. This technique can be implemented in Windows 10 Pro, Enterprise, and Education.

Note: “When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory. There is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically.

If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.”. Since our device is managed by Active Directory, there was a need to manually configure the registry setting to allow for the automatic login of the kiosk user.

Set up assigned access in PC settings

To set up Assigned Access using Local Settings in Windows, follow these steps:

Log in to the Windows device with an administrator account. Open the Start menu and go to Settings. In the Settings window, select “Accounts”, as shown below.

Under the “Family & other users” section, select Set up a kiosk Assigned access,

Select the Get Started button.

Create an Automatic Sign-in Account

Enter a name for the new account. Note: If there are local standard user accounts on the PC already. The Create an Account page will prompt the option to select an existing account.

Choose the app that will run when the kiosk account signs in (The apps that are capable of running only on the locked screen will be displayed).

Here you have the App and kiosk user setup. Click on Next and finish

Note:  depending on the App you choose, you may have more configuration steps to follow.

Assigned Access (Kiosk Mode) Outcome

Below is the result when the kiosk user automatically signed in. Here is an article on how to Setup Kiosk Mode on Windows 10 with AD User Account.

To exit out of the kiosk mode on a VM on hyper V as well, simply type Ctrl+Alt+Delete under Actions. This is the only way to exit out of the kiosk mode at present. On a physical device, this is how to exit as well.

Note: Upon restart, the kiosk account automatically signs in due to auto-logon configured during the prerequisite stage. Since the kiosk device is managed by D, there was a need to configure auto-logon.

Devices that are not AD joined do not need to configure this step. 

While in this mode, you cannot use any other app other than the ones permitted App because the entire device is locked on to use a single app. This helps in securing the device meant to be deployed in a public area.

I hope you found this guide useful on “Single App Kiosk Mode: Setup Assigned Access using Local Settings”. Please let me know in the comment section if you have any questions.

5/5 - (1 vote)

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
Windows Tags:Windows 10, Windows 11, Windows Server 2016

Post navigation

Previous Post: Prerequisites for setting up a Single and Multi App Kiosk
Next Post: Disable or Remove Kiosk Mode Via the Local Settings

Related Posts

  • Anyviewer Review
    Free Remote Desktop Software for Windows Windows
  • shortcut
    How to make a desktop shortcut available for all users in Windows 7 and 10 Windows
  • self signed sslcert
    Generate self-signed certificate and export in PFX format via PowerShell [Part 2] Windows
  • Featured image   Thumbnails issue on Windows 11
    Fix File Explorer thumbnails issue on Windows 11 Windows
  • Configure Multiple IP Addresses on a Single or Multiple Network Cards
    Configure Multiple IP Addresses on a Single or Multiple NICs Network | Monitoring
  • backupvssnapshot
    Virtual Machine Snapshot vs Backup Version Control System

More Related Articles

Anyviewer Review Free Remote Desktop Software for Windows Windows
shortcut How to make a desktop shortcut available for all users in Windows 7 and 10 Windows
self signed sslcert Generate self-signed certificate and export in PFX format via PowerShell [Part 2] Windows
Featured image   Thumbnails issue on Windows 11 Fix File Explorer thumbnails issue on Windows 11 Windows
Configure Multiple IP Addresses on a Single or Multiple Network Cards Configure Multiple IP Addresses on a Single or Multiple NICs Network | Monitoring
backupvssnapshot Virtual Machine Snapshot vs Backup Version Control System

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • maxresdefault 2 8
    Configure Windows Server using EC2 Launch AWS/Azure/OpenShift
  • MSIEXEC returned 1602
    Fix MSIEXEC returned 1602: Trellix Setup cannot use this account Windows Server
  • How to Upgrade Windows 10 with an Unsupported CPU TPM 1.0 to Windows 11
    Upgrading from Windows 10 with Unsupported CPU and TPM 1.0 Windows
  • Safeguard Your PC Against Common Malware Entry Points
    Safeguard Your PC Against Common Malware Entry Points Security | Vulnerability Scans and Assessment
  • Setup FSx File System 1
    Create and mount FSx File System: Join EC2 instance to AWS Managed AD AWS/Azure/OpenShift
  • gitlab56789iuj
    Error unregistering Runner from GitLab: Forbidden with Docker Executor Network | Monitoring
  • Featured image 1
    How to Disable Internet Explorer with Group Policy & Registry Windows
  • appp
    How to automatically reopen Windows Apps and Folders upon Startup Windows

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,786 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.