I’ve had some customers require Windows machine to be locked into one specific application or website. This option can provide a relatively cheap way to create advertising displays, security access systems terminals and POS systems.

The follow example is deployed through Workspace One UEM to a Windows 10 machine. The custom payload will then create a new user on the device called kiosk, the shell on the device will be changed to only open Chrome. Chrome has the ability to add flags, like –kiosk.

The end result is a device that has had Chrome pushed out through Workspace One UEM and a custom payload that turns the device into a kiosk machine, locked into chrome and on a specific website.

CSP Resources: https://docs.microsoft.com/en-gb/windows/client-management/mdm/assignedaccess-csp#shelllauncherconfiguration-xsd


Screen shot of where to upload XML. Make sure that this is Profile->Windows->Windows Desktop->User Profile under the custom settings payload.

Here’s my XML::

<Add> <CmdID>2</CmdID> <Item> <Target> <LocURI>./Device/Vendor/MSFT/AssignedAccess/ShellLauncher</LocURI> </Target> <Meta> <Format xmlns="syncml:metinf">chr</Format> </Meta> <Data> <![CDATA[ <?xml version="1.0" encoding="utf-8"?> <ShellLauncherConfiguration xmlns="http://schemas.microsoft.com/ShellLauncher/2018/Configuration"> <Profiles> <DefaultProfile> <Shell Shell="%SystemRoot%\explorer.exe"/> </DefaultProfile> <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"> <Shell Shell="c:\Program Files (x86)\Google\Chrome\Application\Chrome.exe --kiosk https://blog.eucse.com"> <ReturnCodeActions> <ReturnCodeAction ReturnCode="0" Action="RestartShell"/> <ReturnCodeAction ReturnCode="-1" Action="RestartDevice"/> <ReturnCodeAction ReturnCode="255" Action="ShutdownDevice"/> </ReturnCodeActions> <DefaultAction Action="RestartDevice"/> </Shell> </Profile> </Profiles> <Configs> <Config> <AutoLogonAccount/> <Profile Id="{814B6409-8C51-4EE2-95F8-DB39B70F5F68}"/> </Config> </Configs> </ShellLauncherConfiguration> ]]> </Data> </Item> </Add>
Spread the love