Introduction: Multiple Apps with AppLocker

Here, we present a detailed guide on setting up a Windows ⁠ 10 kiosk with support for running multiple apps via AppLocker. Enabling this configuration grants users permission for specific applications exclusively, with limitations ⁠ on accessing other settings, creating a well-regulated and protected user experience. ⁠

Installing and Preparing Apps ‍

In preparation for implementing the kiosk arrangement, the initial task involves ⁠ installing the necessary applications for the designated user profile(s). No matter if it is Unified Windows Platform (UWP) applications or Windows ⁠ desktop applications, installation can be done easily according to your preferences. When dealing with UWP apps, make sure to login ⁠ as the intended user before installing the app. In contrast, for desktop applications, there is the choice of installing ⁠ them for all users without requiring individual account login. ​

Image by https://www.linkedin.com/

Implementing AppLocker to Set ⁠ Rules for Apps ‍

A robust solution, AppLocker which empowers you to set regulations for permitting certain ⁠ applications while prohibiting others To get started with AppLocker, follow these steps:

Launch secpol.msc as an administrator ⁠ as an administrator. ‍
Navigate to Security Settings > Application Control Policies ⁠ > AppLocker, and select “Configure rule enforcement.” ​

After configuring rule enforcement, follow these steps ⁠ to generate the necessary rules: ​

“Configured” should be chosen from the list of options in the category ⁠ of “Executable rules,” followed by pressing the button labeled as “OK.” ​
Right-click on “Executable Rules” and ⁠ select “Automatically generate rules.” ‍

Provide a name for this set ⁠ of rules and proceed. ​
Navigate through the Rule Preferences page by clicking and ⁠ then click “Next” to generate the rules. ​

Evaluate the produced rules ⁠ and press “Create”. Kindly note that if the specific rules are not appropriate for ⁠ certain users, you have the choice to modify them accordingly. To enforce the rules, verify that the ⁠ Application Identity service is activated. Use the following command in a command prompt to ⁠ automatically start the Application Identity service on reset:

Following a device restart, The defined rules will ⁠ be enforced by an active AppLocker. ‌

Additional Settings to Lock ⁠ Down the Device ‌

To enhance security and ensure a streamlined user experience, consider ⁠ applying the following configuration changes to the device: ​

Remove All Apps: Employ the Group Policy Editor to ⁠ uninstall all programs from your Start menu. ​
Hide Ease of Access Feature: Turn off every accessibility ⁠ tool in the Ease of Access Center.
Disable the Hardware Power Button: Set the power button ⁠ to do nothing in the Power Options settings.
Disable the Camera: Disallow app from ⁠ accessing camera in Privacy settings.. ​
Turn off App Notifications on the Lock Screen: To turn off app ⁠ notifications on your lock screen, utilize the Group Policy Editor.. ‌
Disable Removable Media: Apply restrictions on removable media usage ⁠ through the utilization of the Group Policy Editor.. ​

By implementing these settings, a fully immersive kiosk-style environment is ⁠ established, where users can only access necessary apps. This also ensures the device remains secure ⁠ and locked down from unauthorized access. ​

Conclusion ​

Configuring a Windows 10 kiosk with AppLocker Enabling this mechanism provides an ⁠ efficient solution for enabling user accessibility towards numerous designated applications. Moreover, it inhibits any illegitimate access ⁠ or modifications to important settings. By sticking to the procedures outlined in this piece, one can ⁠ establish an regulated and protected setting appropriate for diverse situations. These situations encompass Devices such as the ones available on library premises , self-service ⁠ stands situated in public spaces , or tools used for educational purposes. Remember to regularly review and update the AppLocker rules to modify as needed for ⁠ any changes in app requirements and remain vigilant about enforcing security measures. ‌