By Brian Wright on Monday, 18 May 2015
Category: How To

How to lock down Windows 7 as a kiosk

We had a situation where we wanted to setup an Intuit QuickBooks POS system in a locked down configuration so that it was more like a kiosk for the register attendants. There are several ways to go about this but most will lock down every user, but in our case we only wanted to affect the POS users to prevent unnecessary changes to the system.

The process we came up with uses a combination of parental rights, registry hacks, and user menu modifications. You will also need to make sure you create a special local user account that you will assign these changes to. Before attempting this process, make sure you have a backup of your system in the event something doesn't work as expected.

  1. Assign the local administrator's login a password.
  2. Create a new user to be locked down for the kiosk mode and assign a password.
  3. Change the kiosk user's account to enable parental rights
  4. Set the Game Ratings option to No and block all games.
  5. Set the Program Limits to "only use the programs I allow" and select the specific programs for the kiosk.
  6. Change the registry settings for the Kiosk user as follows, replace the {KioskUserAccount} with the actual Kiosk user account name.
    REGEDIT4
    [HKEY_USERS\{KioskUserAccount}\Software\Microsoft\Windows\CurrentVersion\Policies] [HKEY_USERS\POS1\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:00000091 "LockTaskbar"=dword:00000001 "NoSearchCommInStartMenu"=dword:00000001 "NoSearchProgramsInStartMenu"=dword:00000001 "NoSearchFilesInStartMenu"=dword:00000001 "NoRun"=dword:00000001 "NoStartMenuMyGames"=dword:00000001 "NoTrayItemsDisplay"=dword:00000001 "NoStartMenuMorePrograms"=dword:00000001 "NoViewContextMenu"=dword:00000001 [HKEY_USERS\POS1\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=dword:00000002 "DontDisplayLogonHoursWarnings"=dword:00000001
  7. Remove the start menu applications from the Kiosk user's menu.
  8. Copy a shortcut of the primary application you want to run at login into the user's Startup folder.
  9. Login with the Kiosk user account.
  10. Right click on any applications on the task bar you don't want to run and unpin them.
  11. Right click on any applications that appear in the Start Menu and select "Remove from the list".
  12. Right click on the Start Menu and select properties.
    1. Select the Start Menu tab.
    2. Uncheck both options under the Privacy group.
    3. Click on the Customize... button.
    4. Set each category to "Don't display this item".
    5. Uncheck each check box in the list.
    6. Set both Start menu size options to 0.
    7. Set the Search other files and libraries to "Don't search".
    8. Leave the "Use large icons" option selected.
    9. Leave the "Devices and Printers" option selected if you want access to printers.
    10. Select the Toolbars tab.
    11. Uncheck any of the toolbars listed.
    12. Select the Taskbar tab.
    13. Uncheck the option "Use Aero Peak to preview the desktop"
  13. There will likely be prompts to run applications that are block by default but are likely needed to run in the background.
    1. Click the "Ask and administrator for permission" link at the bottom of the dialog box.
    2. Click the "Always Allow" button to prevent future prompting.
    3. Repeat these steps for each required application.
    4. Log off and login again to test the kiosk user.

We hope that this information is helpful. Please let us know how this has helped you or if you have additional questions. As always Firestone Technical Resources, Inc. is here to help with your computer support issues - "Providing personal service for your impersonal technology."

Related Posts

Leave Comments