1. Home
  2. Windows Kiosk
  3. How to lock down Windows devices to a single app kiosk mode

How to lock down Windows devices to a single app kiosk mode

Kiosk mode is a feature that allows Admin to restrict users to a specific app on their devices. With Hexnode MDM you can configure kiosk mode on your Windows 10 PCs to run one UWP app in fullscreen inside a restricted local user account.

Note:

Supported only on Windows 10 Pro (version 1709+), Enterprise and Education editions.

Setting up single app kiosk using Hexnode MDM

Prior to policy association, you must create a local user account on your device and install the app you want the user to be able to run. The app can only be a Universal Windows Store app.

Step 1: Create a Local account on your Windows 10 device

  1. Go to Settings > Accounts > Family & other people.
  2. Click on Add someone else to this PC under Other people.
  3. Click on the link I don’t have this person’s sign-in information.
  4. Click on Add a user without a Microsoft account.
  5. Type in the kiosk user’s name, password and other fields.
Note:

Account type should be local standard user.

Step 2: Install the kiosk app within the local account (kiosk account)

Log in the machine using the local user account you have created and install the app from Microsoft Store if the app is not already present on the account.

Note:

Kiosk mode only works with Universal Windows Platform apps (apps that come pre-installed with Windows 10 or sourced from Microsoft Store).

Step 3: Create a Single App Kiosk policy

  1. Go to Policies > New Policy > Kiosk Settings.
  2. Select Single App Kiosk under Windows Kiosk Mode > Configure.
  3. Enter the Kiosk Account Name and choose the kiosk app.

Note:

Make sure that the local user account you want to restrict has installed the kiosk app.


Step 4: Associate the policy to target device

If the policy is not saved

  1. Go to Policy Targets > Click on +Add Devices.
  2. Select the device to which the policy is to be associated > Click OK.
  3. Save the policy.

If the policy is already saved

  1. Check the required Policy from the Policies tab.
  2. Click on Manage > Associate Targets.
  3. Select the device > Associate.

What happens at the device end?

When the kiosk user logs into his account the machine launches into kiosk mode and the assigned app opens directly in fullscreen. The user can’t access the desktop, start menu, settings or any other apps on the PC.

How to exit kiosk mode?

Method 1

Disassociate the kiosk policy from the device or delete the policy and restart the device.

Disassociating the Policy

  1. Go to Policies > Click on the required Policy.
  2. Go to Policy Targets > Click on remove at the right side of the device > Save.

OR

  1. Go to Management > Click on the device from which policy is to be disassociated. This will take you to the Device summary page.
  2. Go to Policies > Click on the trash icon at the left side of the kiosk policy.

Deleting the policy

  1. Check the required Policy from the Policies tab.
  2. Click on Manage > Delete.

OR

  1. Go to Policies.
  2. Click on the trash icon at the left side of the kiosk policy.

Method 2

If the kiosk policy is still associated with the device, only thing users can do is to exit the kiosk app by pressing CTRL+ALT+DEL. This will lock the screen and take them to the login page where they can see the other user accounts. However, the account will still be logged in and the kiosk app remains running. Once they sign in again as the kiosk account, the kiosk app will be relaunched.

  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment