Skip to content

Windows Kiosk Preparation

Windows 10/11 contains lots of features and tools that are either useless or dangerous to leave available in a public-facing kiosk, specially if any input is available to said public.

Over time, we've amassed a series of tools and setting changes to "clean up" windows machines. This is by no means a complete list, but might help you with some problems.

DISCLAIMER: 
IN NO EVENT, UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING, SHALL
BROOX TECHNOLOGIES SLU, OR ANY PERSON BE LIABLE FOR ANY LOSS, EXPENSE OR DAMAGE,
OF ANY TYPE OR NATURE ARISING OUT OF THE USE OF, OR INABILITY TO USE THIS
SOFTWARE, INSTRUCTIONS OR PROGRAM, INCLUDING, BUT NOT LIMITED TO, CLAIMS, SUITS
OR CAUSES OF ACTION INVOLVING ALLEGED INFRINGEMENT OF COPYRIGHTS, PATENTS,
TRADEMARKS, TRADE SECRETS, OR UNFAIR COMPETITION.  USE AT YOUR OWN RISK.

Cleaning Up Cruft: Windows Debloater

Windows Debloater Scripts are powershell scripts that clean Windows 10 bloatware.

Follow the instructions to run the GUI tool. When you feel confident, you can integrate the command-line tool to your automation.

Set up autologon

  • Type Win-R (execute): netplwiz
  • Uncheck "Users should use login and password to use this machine" checkbox.

If the checkbox is not present, you have to disable Windows Hello or use SysInternals Autologon.

Disable power saving, notifications and system pop-ups

Use the following script to disable:

  • Power-saving.
  • Lock screen.
  • System Notifications.
  • Windows Update notifications.

As the machine will be running public-facing, you don't want it to suspend or lock or show the usual pop-ups.

NOTE: This might not work forever as Microsoft has a tendency to change the registry keys and break things.

echo Disable sleep and hibernation
powercfg.exe /hibernate off 
powercfg /x -hibernate-timeout-ac 0
powercfg /x -hibernate-timeout-dc 0
powercfg /x -disk-timeout-ac 0
powercfg /x -disk-timeout-dc 0
powercfg /x -monitor-timeout-ac 0
powercfg /x -monitor-timeout-dc 0
Powercfg /x -standby-timeout-ac 0
powercfg /x -standby-timeout-dc 0

echo Disable lock screen
Reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 0 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Personalization" /v "NoLockScreen"   /t REG_DWORD     /d "00000001" /f

echo Disable Notifications
REG ADD "HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer" /v "DisableNotificationCenter" /T REG_DWORD /d 1 /f
REG ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\PushNotifications" /v "ToastEnabled" /T REG_DWORD /d 0 /f

echo Disable Update Dialogs and BSOD
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "SetUpdateNotificationLevel" /T REG_DWORD /d 1 /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v "UpdateNotificationLevel" /T REG_DWORD /d 2 /f
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" /v "DisplayDisabled" /T REG_DWORD /d 1 /f
REG ADD "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\UserProfileEngagement" /v "ScoobeSystemSettingEnabled" /d 0 /f

Windows Updates

Windows Updates can really break your installation and be a nuisance, but it's really important to keep all your PCs up to date to avoid security issues.

For short-term, ephemeral installations, you can make do by disabling updates using StopUpdates10. Note though, that we do not recommend leaving the machine permanently non-updated. You should manually and diligently apply updates on maintenance hours.

Long term, you have to adjust the System Policies to perform unattended upgrades on scheduled maintenance hours.

Hiding the Mouse Cursor

We usually add AutoHideMouseCursor to machines controlling displays to avoid the mouse cursor being visibly forgot in the middle of the screen.

Killing Explorer

A trick to avoid interference with the machine is to kill the explorer.exe process on startup, using a batch script.

This script, to be set on the Start folder, waits 10 seconds, then kills explorer.exe, followed by startup of the Media Player.

When you need to perform maintenance, you have to issue a Ctrl-Alt-Del, start Task Manager and execute explorer.exe to recover it.

@echo off

echo Preparing to start.
timeout /T 10
taskkill /F /IM explorer.exe

:startit
echo Starting Media Player
call %LocalAppData%\Programs\mediaplayer\Mediaplayer.exe
echo Waiting to restart media player
timeout /T 5
goto startit
pause