Tuesday, April 12, 2011

Converting XP into kiosk...

Screenshots...


Last week I've been assigned with mini project on how to setup a kiosk machine (well, sort of). Instead of spending money for the right tool (which could save time), the manager kept pushing for the free alternative route. The worst part is, company web portal can only be access via IE7+ (common case for local company) which means no Linux on the list.

The only option that I have in hand was to use Windows XP with IE8. To strip down the OS features it would be easy to use Group Policy (gpedit.msc) however the changes will affect all users. So whether I want it or not, I need to tweak the registry for kiosk user. I've set the machine with two users:

1) administrator - for pc maintenance
2) demo - kiosk user

For now, kiosk user is in admin group. Log into the machine as kiosk user and hide the icon from desktop via right click menu. Then open the registry (run -> regedit). Here's the steps:

1) Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ and add DWORD values below (leave NoRun = 0 for now, change it to 1 once everything is done)
NoStartMenuMFUprogramsList = 1
NoStartMenuMorePrograms = 1
NoWindowsUpdate = 1
NoStartMenuMyMusic = 1
NoSMMyPictures = 1
NoFavoritesMenu = 1
NoRecentDocsMenu = 1
DisableMyPicturesDirChange = 1
DisableMyMusicDirChange = 1
DisableFavoritesDirChange = 1
NoSMMyDocs = 1
DisablePersonalDirChange = 1
ClearRecentDocsOnExit = 1
NoNetworkConnections = 1
NoStartMenuNetworkPlaces = 1
NoRecentDocsNetHood = 1
NoSMHelp = 1
NoFind = 1
NoResolveSearch = 1
NoResolveTrack = 1
StartMenuLogoff = 1
NoStartMenuEjectPC = 1
NoChangeStartMenu = 1
NoSetTaskbar = 1
NoInstrumentation = 1
NoUserNameInStartMenu = 1
NoToolbarsOnTaskbar = 1
NoViewContextMenu = 1
NoSMConfigurePrograms = 1
NoTrayItemsDisplay = 1
NoTrayContextMenu = 1
Nologoff = 1
NoSetFolders = 1
NoRun = 0

2) In the same location, change value for NoDriveTypeAutoRun to b1

3) Now add two keys (NonEnum and System) under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\. I'll have a structure like below 
HKEY_CURRENT_USER
        \Software
            \Microsoft
                \Windows
                    \CurrentVersion
                        \Policies
                            \Explorer
                            \NonEnum
                            \System

4) Remove "My Computer" from Startup Menu, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\ and add DWORD value below (don't ask me why it's been named with guid)
{20D04FE0-3AEA-1069-A2D8-08002B30309D} = 1

5) Disable "Task Bar" and "Lock Workstation", go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System and add DWORD values
DisableTaskMgr = 1
DisableLockWorkstation = 1

6) Disable BalloonTip, hide "Control Panel" and hide "Printers and Faxes", go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ and add DWORD values
ShowInfoTip = 0
StartButtonBalloonTip = 0
Start_ShowControlPanel = 0
Start_ShowPrinters = 0

7) Disable "System Standby", go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\Parameters\ and add DWORD value
Attributes = 70

8) Disable "Window Key" and "F1", go to \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layout\ and add Binary value below
Scancode Map = 00,00,00,00,00,00,00,00,03,00,00,00,50,E0,5B,E0,48,E0,3B,00,00,00,00,00

Reboot the machine and test the changes. Once everything okay, re-open regedit and change the value for NoRun to 1

To strip features from IE (such as SaveAs, Print etc), log into the machine as admin and set it via Group Policy (gpedit.msc). Finally, remove kiosk user (demo) from Administrators and add it into Guests and Remote Desktop Users group. Now I have a so called kiosk machine.

Welcome to my outdated world!!!

Update (18/04/2011)
After putting so much efforts into making this a reality, I've stumbled upon this link on How to Put Windows XP in Kiosk Mode. Though I haven't try it yet, but the solution is damn simple. Argh!!!! I'm pulling off my hair now...
-
Labels: , , , ,

5 comments:

  1. pratikApril 19, 2011 at 8:59 AM

    Thanks its helpful I am doing the same stuff but in woindows 7. Any ideas on how to make windows 7 look like kiosk. All i want is it to run my software and nothing else, not even internet.Whenever u login into kiosk (user account) it starts my software and nothing is visible.The only way to control things is from admin user account.
    Thanks
    Its my capstone project so it would be a great help.

    ReplyDelete
  2. dirnApril 19, 2011 at 6:00 PM

    If you need the solution urgently, perhaps you can refer to this link
    http://jaredheinrichs.com/how-to-turn-a-windows-7-pc-into-a-kiosk.html

    Once I've got free time (hopefully this weekend) I'll try it on Win 7 and post the result here.

    Cheers,
    Dirn

    ReplyDelete
  3. dirnApril 19, 2011 at 10:50 PM

    I just did a quick test. Some of the steps above are still applicable on Windows 7. You need to create missing keys under Policies. I just tested with Explorer.

    I suggest you use VirtualBox for experimenting with the settings. If anything goes wrong, you can revert back to clean snapshot instead of re-installing the OS.

    http://www.virtualbox.org/

    ReplyDelete
  4. pratikApril 20, 2011 at 1:53 AM

    Thanks it helped we thinking of using Secure Lockdown by Inteset
    Its cheaper and also work and disable almost everything.
    Thanks
    Have a nice day

    ReplyDelete
  5. dirnApril 20, 2011 at 8:31 AM

    Good to hear that you have an option to buy the right tool instead of tweaking :)

    You're welcome...

    ReplyDelete

Subscribe to: Post Comments (Atom)