1. Home
  2. Windows Kiosk
  3. How to lock down Windows devices to a single app kiosk mode

How to lock down Windows devices to a single app kiosk mode

Kiosk mode is a lockdown mechanism that allows you to restrict your mobile devices to a single app or a handful of applications of your choice. Hexnode MDM helps you configure single app kiosk mode on your Windows 10 PCs to run a Universal Windows Platform (UWP) app in full screen inside a restricted local user account.

Notes

  • This feature is available only on Ultimate and Ultra subscription plans.
  • Windows Single App Kiosk policy is supported only on Windows 10 Pro, Enterprise and Education editions running 1709+.

Configure single app kiosk

Before associating the policy, you must create a local user account on your device and install the UWP app you want the user to be able to run.

Note


The kiosk account should necessarily be a local standard user account.

Step 1: Create a Local user account on your Windows 10 device

To create a Local user account on Windows 10 Pro version:

  1. Select the Start button > choose Settings > Accounts > select Family & other people.
  2. Select the option Add someone else to this PC under Other people.
  3. Click on the link I don’t have this person’s sign-in information.
  4. Select the option Add a user without a Microsoft account.
  5. Fill in the kiosk user’s name, password, and other required fields.

To create a Local user account on Windows 10 Enterprise and Education versions:

  1. Select the Start button > choose Settings > Accounts > select Other people.
  2. Select the option Add someone else to this PC
  3. In the inset box, select Users.
  4. Under Actions, select Users > More actions > New User.
  5. Fill in the kiosk user’s name, password, and other required fields.

Now, the user account will be set up on the device.

Step 2: Install the kiosk app within the local account (kiosk account)

Log into the machine using the local user account that you have created and install the app from Microsoft Store if the app is not already present on the account.

Note


Kiosk mode works only with Universal Windows Platform apps (apps that come pre-installed with Windows 10 or sourced from Microsoft Store) and Windows desktop apps (MSI, Win32, Exe apps).

Step 3: Create a single app kiosk policy

  1. Login to your Hexnode MDM portal > Navigate to Policies tab > Click on New Policy to create a new one or click on any policy name to edit an existing one > Enter the Policy Name and Description in the provided fields.
  2. Go to Kiosk Lockdown > From Windows Kiosk Lockdown, select Single App > Configure.
  3. Enter the Kiosk account name > Click on the + button to select the app to be added in kiosk mode.
  4. Associate the policy with the target device(s).
Note


Ensure that the app to be added in the kiosk mode is present in the local user account.

How to apply the policy to devices/groups?

There are two ways by which you can associate restrictions to the devices in bulk.
If you haven’t saved the policy yet,

  1. Navigate to Policy Targets
  2. Click on + Add Devices, search and select the required device(s) to which you need to apply the policy > Click OK
  3. Click on Save to apply the policies to the devices.

To associate the policies to a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy to Users, User Groups, or Domains from the same pane.

If you’ve already saved the policy and you’re taken to the page which displays the policy list,

  1. Select the required policy > Click on Manage > select Associate Targets
  2. Select Device/ User/ Device Group/ User Group/ Domain
  3. Search and select the device(s)/ user(s)/ device group(s)/ user group(s)/ domain(s) to which you need to apply the policy > Click Associate.

What happens at the device end?

When the kiosk user logs into his account, the machine launches into kiosk mode, and the assigned app opens directly in full screen. Therefore, the user will be unable to access the desktop, start menu, settings, or any other apps on the PC.

How to exit kiosk mode?

Method 1: Disassociate the Policy

Disassociate the kiosk policy from the device or delete the policy and restart the device.

  1. Login to your Hexnode MDM portal > Navigate to Policies tab
  2. Click on the required Policy > Go to Policy Targets > Click on Remove on the right side of the device.

OR

  1. Login to your Hexnode MDM portal > Navigate to Manage tab
  2. Click on the required Policy > Go to Policies > Click on Remove on the right side of the device.

Method 2: Archive the policy

  1. Login to your Hexnode MDM portal > Navigate to Policies tab
  2. Select the required Policy > Click on Manage > Move to Archive

OR

  1. Login to your Hexnode MDM portal > Navigate to Manage tab > Click on the device from which the policy needs to be disassociated. This will take you to the Device summary page.
  2. Go to Policies > Select the policy > Click on Manage > Move to Archive.
Notes


The archived policies can be viewed under Policies > Archived Policies.

  • To permanently delete an archived policy,
    1. Login to your Hexnode MDM portal > Navigate to Policies tab > Archived Policies
    2. Select the required policy > Click on Manage > Delete > Confirm deletion.
  • To restore an archived policy,
    1. Login to your Hexnode MDM portal > Navigate to Policies tab > Archived Policies
    2. Select the required policy > Click on Manage > Restore.
  • On restoring an archived policy, the policy targets won’t be restored (the policy stays disassociated from the target device).

Method 3

If the methods mentioned above fail to remove the kiosk policy from the device, press CTRL+ALT+DEL. This locks the screen and allows users to sign in with a different account from the login page. However, the previous user account remains in kiosk mode, and once the user logs in to the account, the kiosk mode gets relaunched.

  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment