Exit Kiosk Mode. Article ID: 42534470. Issue / Question. What is the keyboard shortcut to exit Kiosk AKA 'Psion VU' mode on its supported products? OMNII FAMILY and WAP4. Resolution / Answer. There are only three ways to launch the ADMIN prompt depending on how the customer set up the KIOSK tool. Before you enter Kiosk mode, retroarch shows the code on screen. Just enter it in the main screen, with the systems Scottpilgrim and CactusMan like this. #39 Jun 19, 2020.-->
- Windows 10 Ent, Edu
Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In Shell Launcher v1, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In Shell Launcher v2, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use Shell Launcher v2 in version 1809, you need to install the KB4551853 update.
Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
- Group Policy - example: Prevent access to registry editing tools
- AppLocker - Application control policies
- Mobile Device Management - Enterprise management of device security policies
You can apply a custom shell through Shell Launcher by using PowerShell. In Windows 10, version 1803 and later, you can also use mobile device management (MDM) to apply a custom shell through Shell Launcher.
Differences between Shell Launcher v1 and Shell Launcher v2
Shell Launcher v1 replaces
explorer.exe, the default shell, with
eshell.exe which can launch a Windows desktop application.
Shell Launcher v2 replaces
customshellhost.exe. This new executable file can launch a Windows desktop application or a UWP app.
In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
- You can use a custom Windows desktop application that can then launch UWP apps, such as Settings and Touch Keyboard.
- From a custom UWP shell, you can launch secondary views and run on multiple monitors.
- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand.
For sample XML configurations for the different app combinations, see Samples for Shell Launcher v2.
Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify write.exe in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. Write.exe creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of Write.exe, such as restarting the custom shell.
A domain, Azure Active Directory, or local user account.
A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
Enable Shell Launcher feature
To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell or MDM.
To turn on Shell Launcher in Windows features
Go to Control Panel > Programs and features > Turn Windows features on or off.
Expand Device Lockdown.
Select Shell Launcher and OK.
Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using
SMISettings > ShellLauncher, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.
To turn on Shell Launcher using DISM
Open a command prompt as an administrator.
Enter the following command.
Configure a custom shell in MDM
You can use XML and a custom OMA-URI setting to configure Shell Launcher in MDM.
XML for Shell Launcher configuration
The following XML sample works for Shell Launcher v1:
For Shell Launcher v2, you can use UWP app type for
Shell by specifying the v2 namespace, and use
v2:AppType to specify the type, as shown in the following example. If
v2:AppType is not specified, it implies the shell is Win32 app.
In the XML for Shell Launcher v2, note the AllAppsFullScreen attribute. When set to True, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to False or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode.
Custom OMA-URI setting
In your MDM service, you can create a custom OMA-URI setting to configure Shell Launcher v1 or v2. (The XML that you use for your setting will determine whether you apply Shell Launcher v1 or v2.)
The OMA-URI path is
For the value, you can select data type
String and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type
String (XML file).
After you configure the profile containing the custom Shell Launcher setting, select All Devices or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups.
Configure a custom shell using PowerShell
For scripts for Shell Launcher v2, see Shell Launcher v2 Bridge WMI sample scripts.
For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
default action, custom action, exit code
Shell launcher defines 4 actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
|0||Restart the shell|
|1||Restart the device|
|2||Shut down the device|
These action can be used as default action, or can be mapped to a specific exit code. Refer to Shell Launcher to see how these codes with Shell Launcher WMI.
To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. Get XML examples for different Shell Launcher v2 configurations.-->
This article describes how to configure Microsoft Edge kiosk mode options that you can pilot. There's also a roadmap of features we're targeting.
This article applies to Microsoft Edge version 87 or later.
Invoke Microsoft Edge kiosk mode features on Windows 10 using the command line arguments provided in Use kiosk mode features.
Microsoft Edge kiosk mode offers two lockdown experiences of the browser so organizations can create, manage, and provide the best experience for their customers. The following lockdown experiences are available:
Retropie Kid Mode
- Digital/Interactive Signage experience - Displays a specific site in full-screen mode.
- Public-Browsing experience - Runs a limited multi-tab version of Microsoft Edge.
Both experiences are running a Microsoft Edge InPrivate session, which protects user data.
Set up Microsoft Edge kiosk mode
An initial set of kiosk mode features is available to test with Microsoft Edge Stable Channel, version 87. You can download the latest version from Microsoft Edge (Official Stable Channel).
Kiosk mode supported features
The following table lists the features supported by kiosk mode in Microsoft Edge and Microsoft Edge Legacy. Use this table as a guide to transitioning to Microsoft Edge by comparing how these features are supported in both versions of Microsoft Edge.
|Feature||DigitalInteractive Signage||Public browsing||Available with Microsoft Edge version (and higher)||Available with Microsoft Edge Legacy|
|Reset on inactivity||Y||Y||89||Y|
|Read only address bar (policy)||N||Y||89||N|
|Delete downloads on exit (policy)||Y||Y||89||N|
|F11 blocked (enter/exit full-screen)||Y||Y||89||Y|
|F12 blocked (launch Developer Tools)||Y||Y||89||Y|
|Multi tab support||N||Y||89||Y|
|Allow URL support (policy)||Y||Y||89||N|
|Block URL support (policy)||Y||Y||89||N|
|Show home button (policy)||N||Y||89||Y|
|Manage favorites (policy)||N||Y||89||Y|
|Enable printer (policy)||Y||Y||89||Y|
|Configure the new tab page URL (policy)||N||Y||89||Y|
|End session button *||N||Y||89||Y|
|All internal Microsoft Edge URLs are blocked, except for edge://downloads and edge://print||N||Y||89||Y|
|CTRL+N blocked (open a new window) *||Y||Y||89||Y|
|CTRL+T blocked (open new tab)||Y||N||89||Y|
|Settings and more (...) will display only the required options||Y||Y||89||Y|
|Restrict the launch of other applications from the browser||Y||Y||90||Y|
|UI print settings lockdown||Y||Y||90||Y|
|Set the new tab page as the home page (policy)||N||Y||90||Y|
Features followed by '*' are only enabled in an assigned access single app scenario.
Use kiosk mode features
Microsoft Edge kiosk mode features can be invoked with the following Windows 10 command line options for Digital/Interactive signage and Public browsing.
Kiosk mode Digital/Interactive signage
Kiosk mode Public browsing
Additional command line options
Emulation Station Kid Mode
--no-first-run: Disable the first Microsoft Edge run experience.
--kiosk-idle-timeout-minutes=: Change the time (in minutes) from the last user activity before Microsoft Edge kiosk mode resets the user's session. Replace 'value' in the next example with the number of minutes.
The following 'values' are supported:
- Default values (in minutes)
- Full screen - 0 (turned off)
- Public browsing - 5 minutes
- Allowed values
- 0 - turns off the timer
- 1-1440 minutes for reset on idle timer
- Default values (in minutes)
Support policies for kiosk mode
Use any of the Microsoft Edge policies listed in the following table to enhance the kiosk experience for the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see Microsoft Edge – Browser policy reference.
Policy configuration isn't limited to the policies listed in the following table, however additional policies should be tested to ensure that kiosk mode functionality isn't negatively affected.
|Group policy||DigitalInteractive signage||Public browsing single-app|
Microsoft Edge with assigned access
Single app kiosk
Microsoft Edge version 90 kiosk mode offers an extensive list of features. See the section of Kiosk mode supported features.With the following Windows updates you can configure Microsoft Edge via assigned access single app.
|Windows 10||2004 or later||KB4601382 or later|
|Windows 10||1909||KB4601380 or later|
You can manage Microsoft Edge kiosk mode assigned access single app via Windows Settings and Intune.
Microsoft Edge can be run with multi-app assigned access on Windows 10, which is the equivalent of Microsoft Edge Legacy 'Normal browsing' kiosk mode type. To configure Microsoft Edge with multi-app assigned access, follow the instructions on how to Set up a multi-app kiosk. (The AUMID for the Microsoft Edge Stable channel is MSEdge).
Configure using Windows Settings
Windows Settings is the simplest way to set up one or two single-app kiosk devices. Use the following steps to set up a single-app kiosk computer.
- The minimum system updates for the operating systems listed in the next table.
|Windows 10||2004 or later||KB4601382 or later|
|Windows 10||1909||KB4601380 or later|
To test the latest features, you can download the latest Microsoft Edge Stable channel, version 89 or higher.
On the kiosk computer, open Windows Settings, and type 'kiosk' in the search field. Select Set up a kiosk (assigned access), shown in the next screenshot to open the dialog for creating the kiosk.
On the Set up a kiosk page, click Get started.
Type a name to create a new kiosk account or choose an existing account from the populated dropdown list and then click Next.
On the Choose a kiosk app page, select Microsoft Edge and then click Next.
This only applies to Microsoft Edge Dev, Beta, and Stable channels.
Pick one of the following options for how Microsoft Edge displays when running in kiosk mode:
- Digital/Interactive signage - Displays a specific site in full-screen mode, running Microsoft Edge.
- Public browser - Runs a limited multi-tab version of Microsoft Edge.
Type the URL to load when the kiosk launches.
Accept the default value of 5 minutes for the idle time or provide a value of your own.
Close the Settings window to save and apply your choices.
Sign out from the kiosk device and sign in with the local kiosk account to validate the configuration.
Retroarch Settings Missing
With the release of this preview version of kiosk mode we're continuing work on improving the product and adding new features.
We currently don't support the following features and recommend that you turn off: