How to Create a Windows 7 Kiosk

A friend of mine recently posted an article on how to create a Windows 7 Kiosk, which would basically restrict a user to running only a particular program, and provide no shell access or access to windows explorer. The original article is in Russian and can be found here: Fortunately, through the magic of Google Translate and my limited understanding of Russian, I’ve translated the instructions to English.

It starts out by saying that he recently learned, and is publishing, so he doesn’t forget the instructions. This can cover the case where you have to put a payment terminal or control program, but done in such a way as to ensure that nothing more than what can be seen on the computer screen can be accessed. Performing this action on Linux or Unix is very simple, just replace the current window manager. To do this on Windows, perform the following steps:

  1. Create a user which will use the kiosk. Give him administrative privileges.
  2. Login as this user.
  3. Change the window manager by default on a program that will completely own the session:
    1. run regedit
    2. Find the following key: HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
    3. Add a new field of type string named Shell and set its value in the full name of your program for example: C:\Myprog\myprog.exe
    4. Close the session and login again. Instead of the usual screen, this should start our program and nothing else should be on the screen of should exist (no desktop or Start button). When you close the program you should just see a black screen. This is very useful if the program closes the output at the same time as the Windows session.
  4. Now all polish, as the primary administrator login and drop kiosk user to normal levels. It should not be an administrator. Then, in Windows 7 is the mode of parental control. Include it (for natural kiosk user) and allow run only one program, then for user, all attempts to start something else will be prevented and the fact all, the process can be automated to a simple script if you need to configure a lot of machines.

