Kiosk
Kiosk Setup

Kiosk Setup

How to set up the kiosk for the event.

With Windows Assigned Access

ℹ️
This is only tested on windows 11 pro and enterprise.

Prerequesites

  • Windows 11 Pro or Enterprise
  • Only one configured printer or receipt printer configured as default printer - you can disable printing but it’s cooler to have it
  • Admin access to the system

Setup

  1. Download psexec

  2. Open a admin windows PowerShell prompt

  3. Cd to Downloads cd C:\Users\<Username>\Downloads

  4. Run the psexec command: .\psexec.exe -i -s powershell.exe

  5. Run the following script

    $assignedAccessConfiguration = @"
<?xml version="1.0" encoding="utf-8"?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config">
<Profiles>
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
    <KioskModeApp v4:ClassicAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" v4:ClassicAppArguments="--kiosk https://kiosk.lauf-fuer-kaya.de/?print=true --kiosk-printing --edge-kiosk-type=fullscreen" />
    <v4:BreakoutSequence Key="Ctrl+E" />
    </Profile>
</Profiles>
<Configs>
    <Config>
    <AutoLogonAccount rs5:DisplayName="Lfk Kiosk" />
    <DefaultProfile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" />
    </Config>
</Configs>
</AssignedAccessConfiguration>
"@

$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
Set-CimInstance -CimInstance $obj
    $assignedAccessConfiguration = @"
<?xml version="1.0" encoding="utf-8"?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config">
<Profiles>
    <Profile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}">
    <KioskModeApp v4:ClassicAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" v4:ClassicAppArguments="--kiosk https://kiosk.lauf-fuer-kaya.de/ --kiosk-printing --edge-kiosk-type=fullscreen" />
    <v4:BreakoutSequence Key="Ctrl+E" />
    </Profile>
</Profiles>
<Configs>
    <Config>
    <AutoLogonAccount rs5:DisplayName="Lfk Kiosk" />
    <DefaultProfile Id="{EDB3036B-780D-487D-A375-69369D8A8F78}" />
    </Config>
</Configs>
</AssignedAccessConfiguration>
"@

$namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = [System.Net.WebUtility]::HtmlEncode($assignedAccessConfiguration)
Set-CimInstance -CimInstance $obj

  6. Disable sleep and hibernation alongside the windows button:

    $NullKey        = [byte[]]($null,$null)
$LeftWindows    = [byte[]](0x5b,0xe0)
$RightWindows   = [byte[]](0x5c,0xe0)

$RemapCount     = 2

$ReMap          = [byte[]](
                          [Byte[]]::new(8) +
   [BitConverter]::GetBytes(1+$RemapCount) +
                   $NullKey + $LeftWindows +
                  $NullKey + $RightWindows +
                          [Byte[]]::new(4)
)

$Splat = @{
    'Path'  = 'HKLM:\SYSTEM\CurrentControlSet\Control\Keyboard Layout'
    'Name'  = 'ScanCode Map'
    'Value' = $Remap
    'Force' = $True
}
New-ItemProperty @Splat

$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Dsh"
$Name = "AllowNewsAndInterests"
$Value = 0

If (-not (Test-Path $RegistryPath)) {
    New-Item -Path $RegistryPath -Force | Out-Null
}

New-ItemProperty -Path $RegistryPath -Name $Name -Value $Value -Type DWORD -Force | Out-Null

powercfg.exe -x -monitor-timeout-ac 0
powercfg.exe -x -monitor-timeout-dc 0
powercfg.exe -x -disk-timeout-ac 0
powercfg.exe -x -disk-timeout-dc 0
powercfg.exe -x -standby-timeout-ac 0
powercfg.exe -x -standby-timeout-dc 0
powercfg.exe -x -hibernate-timeout-ac 0
powercfg.exe -x -hibernate-timeout-dc 0

  7. For print only: Setup printing without metadata:

    1. Download the Administrative Policy Templates for Edge (Download the latest -> Windows 64-bit -> Download Windows 64-bit Policy)
    2. Copy the Contents of the zip inside the .cab to C:\Windows\PolicyDefinitions.
    3. Open GPEdit and navigate to Computer Configuration -> Administrative Templates -> Microsoft Edge -> Printing
    4. Open the Print headers and footers policy, set it to Disabled and click OK.

  8. Reboot via shutdown -r -t 0 or the windows GUI.

Teardown

  1. To escape the experience press Ctrl+E

  2. Open a admin windows PowerShell prompt

  3. Cd to Desktop (C:\Users<Username>\Desktop

  4. Run the psexec command: psexec.exe -i -s powershell.exe

  5. Run the following script

    $namespaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = $null
Set-CimInstance -CimInstance $obj
$Splat = @{
    'Path'  = 'HKLM:\SYSTEM\CurrentControlSet\Control\Keyboard Layout'
    'Name'  = 'ScanCode Map'
    'Force' = $True
}

Remove-ItemProperty @Splat

$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Dsh"
$Name = "AllowNewsAndInterests"
If (Test-Path -Path $RegistryPath) {
    If (Get-ItemProperty -Path $RegistryPath -Name $Name -ErrorAction     SilentlyContinue) {
        Remove-ItemProperty -Path $RegistryPath -Name $Name -Force | Out-Null
    }
}

With your favourite browser

⚠️
The ability to exit the browser and/or open devtools may be available by default. Please check if your browser supports a kiosk mode and how to set it up.
⚠️
Your browser might not support printing without a dialog. Please check if your browser supports this feature and how to set it up.

Just open the link in your favourite browser and use the kiosk mode of your browser:

KioskConfiguration