Windows devices are widely used for kiosks where the users should be able to use only an application and nothing else. This makes sure that an anonymous user can use the kiosk and the application, but not harm it in any way. To achieve this, you had to lock down the Windows device and harden it for obvious security reasons. But, locking down a Windows device traditionally was a difficult task.
Windows 8.1 comes with an excellent feature where you can lockdown the device allowing the user to use only one application. You need to keep in mind that this application needs to be a modern application and cannot be a desktop application. So, if you are going to use it for your customized company application (For e.g. ATMs, Flight Schedule), the application should be a modern application.
Let’s see how we can do that.
Step 1: Create a Local Account in your Windows 8.1 device. For this, go to Charms->Settings->Change PC Settings->Accounts
Step 2: Log out of the machine and log in using the local account (KioskUser) that was just created. This makes sure that a profile for that user gets created and loaded in that machine. Once that is done, log out from the local account (KioskUser)and log back in using the Administrator’s account. If this step is not followed, while assigning the app, you will get the following error: This account has no apps.
Step 3: If there is not one of the default apps available with Windows 8.1, log into the machine using the local account (KioskUser) and install the app. Skip this step if you will be using a default Windows 8.1 app.
Step 4: Assign the app to the local account (KioskUser). For doing that, go to Charms->Settings->Change PC Settings->Accounts
And that is it. Log out and log back into the machine with the local account (KioskUser) and you will see that the machine launches into Kiosk Mode and the assigned app opens directly. The user can neither drag the application down to close it, nor the charms or any other shortcuts will work. In order to log out of the Kiosk Mode, you can hit the Windows key 5 times.
In order to improve the security, you should consider the following:
1. Not keeping the Windows key easily accessible, so that users don’t log the user out by mistake.
2. Keep the administrator password strong to make sure that malicious users don’t log into the machine if they land up on the log on page.
3. Use the Automatically log into assigned access mode, allowing the machine to boot into the local account directly without prompting for credentials. This becomes useful in scenarios where if the Windows 8.1 device restarts, it will still launch into the Kiosk Mode and open the app. You can find the information configuring this here.
Hope this information helps.