1. Home
  2. Windows Kiosk
  3. How to lock down Windows devices in multi-app kiosk mode using Hexnode?

How to lock down Windows devices in multi-app kiosk mode using Hexnode?

Kiosk mode is a lockdown mechanism that allows you to restrict your mobile devices to a single app or a handful of applications of your choice. Hexnode MDM enables you to lock down your Windows devices in multi-app kiosk mode, thereby restricting the devices to a handful of whitelisted apps. On activating kiosk mode, the users get access only to the approved applications.

Notes

  • This feature is available only on Ultimate and Ultra subscription plans.
  • Windows Multi App Kiosk policy is supported only on Windows 10 Pro, Enterprise and Education editions running 1709+.

Configure multi-app kiosk

Before associating the policy, you must create a local user account on your device and install the UWP apps you want the user to be able to run.

Note


The kiosk account should necessarily be a local standard user account.

Step 1: Create a Local user account on your Windows 10 device

To create a Local user account on Windows 10 Pro version:

  1. Select the Start button > choose Settings > Accounts > select Family & other people.
  2. Select the option Add someone else to this PC under Other people.
  3. Click on the link I don’t have this person’s sign-in information.
  4. Select the option Add a user without a Microsoft account.
  5. Fill in the kiosk user’s name, password, and other required fields.

To create a Local user account on Windows 10 Enterprise and Education versions:

  1. Select the Start button > choose Settings > Accounts > select Other people.
  2. Select the option Add someone else to this PC
  3. In the inset box, select Users.
  4. Under Actions, select Users > More actions > New User.
  5. Fill in the kiosk user’s name, password, and other required fields.

Now, the user account will be set up on the device.

Step 2: Install the kiosk apps within the local account

After setting up the account, make sure the apps to be set in kiosk mode are installed in both admin and local user accounts.

Note


Kiosk mode works only with Universal Windows Platform apps (apps that come pre-installed with Windows 10 or sourced from Microsoft Store) and Windows desktop apps (MSI, Win32, Exe apps).

Step 3: Customize and export Start layout

Customizing a start layout involves arranging the apps (to be set in kiosk mode) in a way the user wishes to view them on the start menu and on the device screen. Login to the admin account and follow the steps below to prepare and export the Start layout.

Note


Check the Run as administrator option if you are prompted to enable the same (specific to certain folders).

  1. The following steps allow you to customize the Start layout as per your requirement.
    • Pin apps to Start: Choose the desired app from Start > Type the name of the app > Right-click the app and click Pin to Start.
    • Apps that are not to be displayed in the layout can be unpinned. Right-click the app and then click Unpin from Start.
    • Drag tiles to group apps.
  2. Right-click Start > select Windows PowerShell.
  3. Enter the below command in Windows PowerShell:
    Export-StartLayout –path .xml
  4. Here, –path is a required parameter that specifies the path and file name of the XML file to be exported.
    For example, Export-StartLayout -path C:/Users/Robert/Kiosk.xml

Note


The file name must include the .xml extension. The policy settings require the extensions and the Export-StartLayout cmdlet does not append the file name extension.

Step 4: Create a multi-app kiosk policy

  1. Login to your Hexnode MDM portal > Navigate to Policies tab > Click on New Policy to create a new one or click on any policy name to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Kiosk Lockdown > From Windows Kiosk Lockdown, select Multi App > Configure.
  3. Enter the Kiosk account name > Click on the + button to select the app to be added in kiosk mode.
  4. Import the Start layout .xml file.
  5. Associate the policy with the target device(s).
Note


Ensure that the apps to be added in the kiosk mode are present in the local user account.

How to apply the policy to devices/groups?

There are two ways by which you can associate restrictions to the devices in bulk.
If you haven’t saved the policy yet,

  1. Navigate to Policy Targets
  2. Click on + Add Devices, search and select the required device(s) to which you need to apply the policy > Click OK
  3. Click on Save to apply the policies to the devices.

To associate the policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups, or Domains from the same pane.

If you’ve already saved the policy and you’re taken to the page which displays the policy list,

  1. Select the required policy > Click on Manage > select Associate Targets
  2. Select Device/ User/ Device Group/ User Group/ Domain
  3. Search and select the device(s)/ user(s)/ device group(s)/ user group(s)/ domain(s) to which you need to apply the policy > Click Associate.

How to exit kiosk mode?

Method 1: Disassociate the Policy

Disassociate the kiosk policy from the device or delete the policy and restart the device.

  1. Login to your Hexnode MDM portal > Navigate to Policies tab
  2. Click on the required Policy > Go to Policy Targets > Click on Remove on the right side of the device.

OR

  1. Login to your Hexnode MDM portal > Navigate to Manage tab
  2. Click on the required Policy > Go to Policies > Click on Remove on the right side of the device.

Method 2: Archive the policy

  1. Login to your Hexnode MDM portal > Navigate to Policies tab
  2. Select the required Policy > Click on Manage > Move to Archive

OR

  1. Login to your Hexnode MDM portal > Navigate to Manage tab > Click on the device from which the policy needs to be disassociated. This will take you to the Device summary page.
  2. Go to Policies > Select the policy > Click on Manage > Move to Archive.
Notes


The archived policies can be viewed under Policies > Archived Policies.

  • To permanently delete an archived policy,
    1. Login to your Hexnode MDM portal > Navigate to Policies tab > Archived Policies
    2. Select the required policy > Click on Manage > Delete > Confirm deletion.
  • To restore an archived policy,
    1. Login to your Hexnode MDM portal > Navigate to Policies tab > Archived Policies
    2. Select the required policy > Click on Manage > Restore.
  • On restoring an archived policy, the policy targets won’t be restored (the policy stays disassociated from the target device).

Method 3

If the methods mentioned above fail to remove the kiosk policy from the device, press CTRL+ALT+DEL. This locks the screen and allows users to sign in with a different account from the login page. However, the previous user account remains in kiosk mode, and once the user logs in to the account, the kiosk mode gets relaunched.

  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment