Fog Creek Software
Discussion Board

Running a Win2K PC in kiosk mode

I've done the standard google research and really haven't found what I'm looking for:

o I would like to set up a Win2K or XP PC in full kiosk mode, running only a browser.  The browser, however, must be IE (sorry, business reasons, Firefox would have been great as far as I'm concerned).

o It should not allow any other executables (e.g., active-X or other downloads) to run.

o It should not allow Ctrl+Tab or other window switching, access to the start menu, etc.

Now I know IE can run in Kiosk mode (e.g., iexplore.exe -k url), but that doesn't seem to prevent task switching.  Nor does it prevent running an executable off the web.  I also know IE has a bunch of policies (via the registry), but none of them seem to truly lock down the system in the manner described above.

Is there some obvious secpol document that I'm missing here?  It would seem to be a fairly common need.


dir at badblue com
Tuesday, July 27, 2004

I think you can disable Alt-Tab behavior. I know for a fact that you can disable the Task Manager, which is the gateway to the Run menu command. I looked into this for a library (public terminals) a little while ago.

I think what is needed in the product world is a tool that provides turnkey lockdown of Windows PCs for public terminal situations without having to worry that you've truly nailed every little setting that someone could get around. I've looked around and there seem to be no how-to articles that list *every* setting you'd want to lock down.

Bored Bystander
Tuesday, July 27, 2004

See what the NSA has to say about securing XP.

Tuesday, July 27, 2004

I hadn't thought about alt + tab.  I do remember having the opposite problem - needing to close the window and not being able to do it.
Also remember to disable F1 for help. You can access anything on the computer from there.

Stephen Jones
Wednesday, July 28, 2004

*  Recent Topics

*  Fog Creek Home