If you own a business and would like to provide an “Internet Cafe” to your customers but do not want to worry about them trashing your computer or snooping around your network, there are some things you can do to create a more secure environment. This secure internet browsing mode is commonly referred to as an Internet Kiosk.
Disclaimer: This article is designed to cover most angles but does not claim to be conclusive in securing Windows (if there is such a thing!) What we will essentially do is create an automatically updating machine that grants the user access only to Internet Explorer by changing the shell value for that user and
by applying local Group Policy to restrict the user.
Steps to Create Your Own Internet Kiosk:
- Install Windows XP (Pro is recommended, but not required. This how-to is based on Pro edition) on a NTFS formatted hard drive.
- Install all updates via windowsupdate.microsoft.com and set automatic updates to install automatically in the future on a daily basis
- Install your anti virus software of choice and set it to auto update
- Install Flash, Macromedia, and acrobat reader if you so choose
- create a new user account with admin privileges, set the password to never expire and to not be able to be changed by the user
- log in with that user and make the following registry change:
- click Start -> Run and type regedit and click OK
- Once the Registry Editor opens, click File and Export… to create a backup of the registry (in case something goes wrong). Place this in the C:\Windows folder.
- Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current
- Create a new string value called shell (Edit -> New -> String Value)
- in the Data portion of this new string value type: C:\Program Files\Internet Explorer\IEXPLORE.EXE
- Close the Registry Editor and logout of Windows
- Log back in with your original admin account
- Reduce the privileges of the new user account you created earlier to user
- Click Start -> Run -> Type “mmc” without the quotes. On the File menu click “Add/Remove Snap-in“. Click Add.
Under Available Stand-alone Snap-ins, click Group Policy, and then click Add. This will open the Group Policy editor where you can limit user rights to your heart’s content. I would recommend dis-allowing control panel access, Active Desktop options, Task Manager from Ctrl-Alt-Del, and other obvious settings to ensure that your users can only
do what you say.
There you have it, 10 easy steps to create your own secure Internet
Kiosk. When your newly created restricted user logs in, they will only get an Internet Explorer window. No start menu or desktop options.
If you have any suggestions on how to improve the security of your newly installed Internet Kiosk, please share them with our readers.