Windows Kiosk Mode Alternative: Restrict User Accounts and Keep Apps Running

Last update: 11-21-2024

Windows provides a built-in kiosk mode, a feature designed to restrict user accounts to running a single application. This is especially useful in environments like public terminals, training systems, or kiosks where users should interact with only one app. However, there’s a significant limitation: kiosk mode only supports UWP (Universal Windows Platform) applications.

For those using standard .exe applications, kiosk mode isn’t an option. This blog post presents an alternative solution that works for any executable, allowing you to restrict a user account and ensure your app stays running. Here’s how you can achieve a similar result step by step.

Step 1: Create a new user account

This is an account for the new, restricted user.
  1. Open Computer Management:
    • Right-click on the Windows Start icon and select Computer Management.
    • In the left-hand menu, expand System Tools and then Local Users and Groups.
    • Right-click on Users and select New User.
  2. Set up the new account:
    • Provide a username and password for the account.
    • Optionally, uncheck User must change password at next logon to simplify the process.
    • Click Create to finalize the account.
  3. Log in with the new account:
    • Log out from your current account and log in to Windows using the newly created account.

Step 2: Create a Keep-Alive Script

  1. Create a folder and script:
    • Create a new folder (e.g., C:\keepalive).
    • Inside the folder, create a file named keepalive.ps1 with the following content:
    # Define the name of the program to monitor (without the .exe extension)
    $programName = "ExampleApp" # Change to your program's name
    # Define the full path to the executable
    $programPath = "C:\path\to\app\ExampleApp.exe"
    
    while ($true) {
      try {
        # Check if the program is running
        $process = Get-Process -Name $programName -ErrorAction SilentlyContinue
    
        if (-not $process) {
          Start-Process -FilePath $programPath
        }
    
        # Wait for a few seconds before checking again
        Start-Sleep -Seconds 5
      } catch {}
    }
  2. Update program details:
    • Replace ExampleApp in $programName with your app’s executable name (excluding .exe).
    • Replace C:\path\to\app\ExampleApp.exe with the full path to your app.

Step 3: Convert the Script to an Executable

  1. Set Execution Policy: Open PowerShell as Administrator and run:
    Set-ExecutionPolicy Unrestricted
  2. Install the ps2exe Module: Use the following command to install the required module:
    Install-Module -Name ps2exe -RequiredVersion 1.0.13
  3. Convert the Script: Run this command to convert the PowerShell script into an executable:
    ps2exe .\keepalive.ps1 -noConsole keeper.exe
  4. Revert execution policy: After converting the script to executable, prevent scripts from running:
    Set-ExecutionPolicy restricted

Step 4: Restrict the User Account

  1. Switch to Admin Account: Log in to an administrator account.
  2. Open MMC:
    • Press Win + R, type mmc, and press Enter.
    • Go to File > Add/Remove Snap-in.
    • Select Group Policy Object Editor and click Add.
  3. Target the User Account:
    • In the wizard, click Browse, switch to the Users tab, select the user account to restrict, and click Finish.
  4. Apply Restrictions:
    • Disable Task Manager:
      • Navigate to Administrative Templates > System.
      • Enable Don’t run specified Windows applications, and add taskmgr.exe to the list.
    • Restrict Drive Access:
      • Navigate to Administrative Templates > Windows Components > File Explorer.
      • Enable Prevent access to drives from My Computer, and choose Restrict all drives.
    • Set Custom User Interface:
      • Navigate to Administrative Templates > System.
      • Enable Custom User Interface and set the path to keeper.exe (e.g., C:\keepalive\keeper.exe).
    • Restrict App Switching:
      • Navigate to Administrative Templates > Windows Components > Multitasking.
      • Enable Configure the inclusion of app tabs and set it to Open windows only.

Step 5: Test the Configuration

Log in to the restricted user account and confirm the following:

Conclusion

While Windows kiosk mode is a great solution for UWP applications, this method offers a flexible alternative for .exe applications. By following these steps, you can effectively restrict user access and maintain a controlled environment with your app running continuously. This is ideal for kiosks, shared systems, or any setup requiring strict app focus.

StocksComparison.com ad

0 Comments

Add a new comment: