In my travels, I meet lots of IT Pros with really interesting use cases for deploying Windows clients and servers. This week, I spoke with a couple IT Pros that are planning a pilot deployment of Windows 7 and Windows 8 PCs to replace a fleet of aging Windows XP-based kiosk workstations. These kiosks will be located in public areas, such as libraries and airports, and will run a restricted set of touch screen applications. One set of requirements for these Kiosk machines is to ensure that users cannot interactively shutdown, logoff, lock or switch user accounts. My IT Pros had configured this successfully with Windows XP, but were experiencing some challenges replicating this configuration with Windows 7 and Windows 8.
Below are the steps to disable interactive shutdown, logoff, lock workstation and switch user accounts on Windows 7 and Windows 8. I've provided these steps both for machines that are part of a domain environment, as well as for isolated machines that are running only in a workgroup.
NOTE: If you're testing these steps on Windows 8, please be sure you are running the Windows 8 Release Preview or later (you can download the Release Preview at http://aka.ms/DLW8RP). Some of these steps did not work properly prior to the Release Preview being available.
For Windows PCs in a Domain Environment
If your PC's are in an Active Directory domain, you can leverage Active Directory Group Policies to deploy the appropriate settings. Be sure to include the below settings in your Group Policy for the user accounts and workstations that will be running as a Kiosk. After creating this Group Policy, you can test by running gpupdate /force and then restarting the PC.
For Windows PCs not in a Domain Environment
If your PC's are not in an Active Directory domain, then you'll need to make the below changes manually at each Kiosk PC. Note that you may be able to automate the changes via the use of operating system imaging tools and local mandatory user profiles - leave a comment below if you have interest in those steps.
Be sure to check out these additional resources:
Keith Mayer is a Principal Technical Architect at Microsoft, focused on helping ISV partners leverage the Azure cloud platform. Keith has over 20 years of experience as a technical leader of complex IT projects, in diverse roles, such as Network Engineer, IT Manager, Technical Instructor and Consultant. He has consulted and trained thousands of customers and partners worldwide on design of enterprise technology solutions.
Keith is currently certified on several Microsoft technologies, including Azure, Private Cloud, System Center, Hyper-V, Windows, Windows Server, SharePoint, SQL Server and Exchange. He also holds other industry certifications from VMware, IBM, Cisco, Citrix, HP, CheckPoint, CompTIA and Interwoven.
You can contact Keith online at http://aka.ms/AskKeith.