How to Create an Internet Kiosk in 10 Easy Steps

If you own a business and would like to provide an “Internet Cafe” to your customers but do not want to worry about them trashing your computer or snooping around your network, there are some things you can do to create a more secure environment. This secure internet browsing mode is commonly referred to as an Internet Kiosk.

Disclaimer: This article is designed to cover most angles but does not claim to be conclusive in securing Windows (if there is such a thing!) What we will essentially do is create an automatically updating machine that grants the user access only to Internet Explorer by changing the shell value for that user and
by applying local Group Policy to restrict the user.

Steps to Create Your Own Internet Kiosk:

  1. Install Windows XP (Pro is recommended, but not required. This how-to is based on Pro edition) on a NTFS formatted hard drive.
  2. Install all updates via windowsupdate.microsoft.com and set automatic updates to install automatically in the future on a daily basis
  3. Install your anti virus software of choice and set it to auto update
  4. Install Flash, Macromedia, and acrobat reader if you so choose
  5. create a new user account with admin privileges, set the password to never expire and to not be able to be changed by the user
  6. log in with that user and make the following registry change:
    • click Start -> Run and type regedit and click OK
    • Once the Registry Editor opens, click File and Export… to create a backup of the registry (in case something goes wrong). Place this in the C:\Windows folder.
    • Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current
      Version\Winlogon
    • Create a new string value called shell (Edit -> New -> String Value)
    • in the Data portion of this new string value type: C:\Program Files\Internet Explorer\IEXPLORE.EXE
  7. Close the Registry Editor and logout of Windows
  8. Log back in with your original admin account
  9. Reduce the privileges of the new user account you created earlier to user
  10. Click Start -> Run -> Type “mmc” without the quotes. On the File menu click “Add/Remove Snap-in“. Click Add.
    Under Available Stand-alone Snap-ins, click Group Policy, and then click Add. This will open the Group Policy editor where you can limit user rights to your heart’s content. I would recommend dis-allowing control panel access, Active Desktop options, Task Manager from Ctrl-Alt-Del, and other obvious settings to ensure that your users can only
    do what you say.

There you have it, 10 easy steps to create your own secure Internet
Kiosk. When your newly created restricted user logs in, they will only get an Internet Explorer window. No start menu or desktop options.

If you have any suggestions on how to improve the security of your newly installed Internet Kiosk, please share them with our readers.

Technorati Tags: , , , , , , , , , , ,

About these ads

8 responses to “How to Create an Internet Kiosk in 10 Easy Steps

  1. This was a very helpful article; however, I’m not sure removing the ctrl+alt+del would be smart concidering the only way to shutdown or logoff would be to do a hard-shutdown. Please tell me if I’m mistaken!

  2. This is actually the perfect for what I am trying to do with the one exception jim has pointed out. I need to be able to switch from a user that is in kiosk mode (full screen web shell) from the keyboard to my admin screen many times per work day — shared computer. Anyone have any suggestions while I google up some more thoughts?

  3. A few questions from a blog idiot

    How do you keep the spammers from eating you alive? i\’ve seen blogs with nothing but spam postings.

    How do you keep some left wing extremist from posting racist or defamatory rhetoric? and if you cant stop them, what are you legally liabel when they do?

    can viruses be posted to blogs?

  4. Fundraiser:
    wordpress with akismet spam engine.

  5. So what happens when the user closes IE? I set a group policy setting that does not allow IE to be closed, but anytime there is a pop-up you can’t close that either.

  6. yes, that is one caveat of doing this. I also used grp policy to disallow closing, but then I relied on the built in pop-up blocker and the help of Google toolbar to fend off pop-ups…

  7. this is another way to make a kiosk mode
    more easy

    http://knoppix.tnc.edu.tw/modules/news/article.php?storyid=240

    This is a linux live cd what build in the firefox kiosk
    mode (Google KIOSK)

  8. First a question about the Group Policy editor…

    How do I limit only the user rights for ONE user ID (“KIOSK”) without restricting any other users on the system?

    Also, although you mention disabling some items (control panel access, Active Desktop options, Task Manager from Ctrl-Alt-Del, “and other obvious settings”) but you don’t say how.

    Lastly, shouldn’t the Start button also be disabled? (And how?)

    Sorry for the newbie-ish nature of the questions but I’m completely unfamiliar with this editor!

    Thx
    R

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s