I’ve had some customers require Windows machine to be locked into one specific application or website. This option can provide a relatively cheap way to create advertising displays, security access systems terminals and POS systems.
The follow example is deployed through Workspace One UEM to a Windows 10 machine. The custom payload will then create a new user on the device called kiosk, the shell on the device will be changed to only open Chrome. Chrome has the ability to add flags, like –kiosk.
The end result is a device that has had Chrome pushed out through Workspace One UEM and a custom payload that turns the device into a kiosk machine, locked into chrome and on a specific website.
CSP Resources: https://docs.microsoft.com/en-gb/windows/client-management/mdm/assignedaccess-csp#shelllauncherconfiguration-xsd
Screen shot of where to upload XML. Make sure that this is Profile->Windows->Windows Desktop->User Profile under the custom settings payload.
Here’s my XML::
<Add> <CmdID>2</CmdID> <Item> <Target> <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data> <![CDATA[ <?xml version="1.0" encoding="utf-8"?> <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"> <Profiles> <DefaultProfile> <Shell Shell="%SystemRoot%\explorer.exe"/> </DefaultProfile> <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"> <Shell Shell="c:\Program Files (x86)\Google\Chrome\Application\Chrome.exe --kiosk https://blog.eucse.com"> <ReturnCodeActions> <ReturnCodeAction ReturnCode="0" Action="RestartShell"/> <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/> <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/> </ReturnCodeActions> <DefaultAction Action="RestartDevice"/> </Shell> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount/> <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/> </Config> </Configs> </ShellLauncherConfiguration> ]]> </Data> </Item> </Add>Sales Engineer specialising in Unified Endpoint Management (UEM) and Identity Management.
Technical Expertise:
o Okta – Identity Management – Providing single sign on services to applications
o VMware Workspace ONE – Configuring and managing AirWatch components across all device types.
o Digital Transformation – Helping organisations implement and deploy a modern strategy for UEM
o Networking – VPN, DNS, DHCP
o Device Management – macOS, iOS, Android, Windows and Rugged Devices
o Cloud Solutions – Azure, Office 365, Identity Providers, VMware AirWatch
o Server – Windows Server, Active Directory, Exchange