Retroarch Kiosk Mode

Exit Kiosk Mode. Article ID: 42534470. Issue / Question. What is the keyboard shortcut to exit Kiosk AKA 'Psion VU' mode on its supported products? OMNII FAMILY and WAP4. Resolution / Answer. There are only three ways to launch the ADMIN prompt depending on how the customer set up the KIOSK tool. Before you enter Kiosk mode, retroarch shows the code on screen. Just enter it in the main screen, with the systems Scottpilgrim and CactusMan like this. #39 Jun 19, 2020.

-->

Applies to

  • Windows 10 Ent, Edu

Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In Shell Launcher v1, available in Windows 10, you can only specify a Windows desktop application as the replacement shell. In Shell Launcher v2, available in Windows 10, version 1809 and above, you can also specify a UWP app as the replacement shell. To use Shell Launcher v2 in version 1809, you need to install the KB4551853 update.

Note

Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.

Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:

  • Group Policy - example: Prevent access to registry editing tools
  • AppLocker - Application control policies
  • Mobile Device Management - Enterprise management of device security policies

You can apply a custom shell through Shell Launcher by using PowerShell. In Windows 10, version 1803 and later, you can also use mobile device management (MDM) to apply a custom shell through Shell Launcher.

Differences between Shell Launcher v1 and Shell Launcher v2

Shell Launcher v1 replaces explorer.exe, the default shell, with eshell.exe which can launch a Windows desktop application.

Shell Launcher v2 replaces explorer.exe with customshellhost.exe. This new executable file can launch a Windows desktop application or a UWP app.

In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:

  • You can use a custom Windows desktop application that can then launch UWP apps, such as Settings and Touch Keyboard.
  • From a custom UWP shell, you can launch secondary views and run on multiple monitors.
  • The custom shell app runs in full screen, and can run other apps in full screen on user’s demand.

For sample XML configurations for the different app combinations, see Samples for Shell Launcher v2.

Requirements

Warning

  • Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.

  • Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify write.exe in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. Write.exe creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of Write.exe, such as restarting the custom shell.

  • A domain, Azure Active Directory, or local user account.

  • A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.

Enable Shell Launcher feature

To set a custom shell, you first turn on the Shell Launcher feature, and then you can set your custom shell as the default using PowerShell or MDM.

To turn on Shell Launcher in Windows features

  1. Go to Control Panel > Programs and features > Turn Windows features on or off.

  2. Expand Device Lockdown.

  3. Select Shell Launcher and OK.

Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using SMISettings > ShellLauncher, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.

To turn on Shell Launcher using DISM

  1. Open a command prompt as an administrator.

  2. Enter the following command.

Configure a custom shell in MDM

You can use XML and a custom OMA-URI setting to configure Shell Launcher in MDM.

XML for Shell Launcher configuration

The following XML sample works for Shell Launcher v1:

For Shell Launcher v2, you can use UWP app type for Shell by specifying the v2 namespace, and use v2:AppType to specify the type, as shown in the following example. If v2:AppType is not specified, it implies the shell is Win32 app.

Tip

In the XML for Shell Launcher v2, note the AllAppsFullScreen attribute. When set to True, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to False or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode.

Custom OMA-URI setting

In your MDM service, you can create a custom OMA-URI setting to configure Shell Launcher v1 or v2. (The XML that you use for your setting will determine whether you apply Shell Launcher v1 or v2.)

The OMA-URI path is ./Device/Vendor/MSFT/AssignedAccess/ShellLauncher.

For the value, you can select data type String and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type String (XML file).

After you configure the profile containing the custom Shell Launcher setting, select All Devices or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups.

Configure a custom shell using PowerShell

For scripts for Shell Launcher v2, see Shell Launcher v2 Bridge WMI sample scripts.

For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.

default action, custom action, exit code

Shell launcher defines 4 actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.

ValueDescription
0Restart the shell
1Restart the device
2Shut down the device
3Do nothing

These action can be used as default action, or can be mapped to a specific exit code. Refer to Shell Launcher to see how these codes with Shell Launcher WMI.

To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommeded to at least define DefaultAction. Get XML examples for different Shell Launcher v2 configurations.

-->

This article describes how to configure Microsoft Edge kiosk mode options that you can pilot. There's also a roadmap of features we're targeting.

Note

This article applies to Microsoft Edge version 87 or later.

Important

Invoke Microsoft Edge kiosk mode features on Windows 10 using the command line arguments provided in Use kiosk mode features.

Overview

Microsoft Edge kiosk mode offers two lockdown experiences of the browser so organizations can create, manage, and provide the best experience for their customers. The following lockdown experiences are available:

Retropie Kid Mode

  • Digital/Interactive Signage experience - Displays a specific site in full-screen mode.
  • Public-Browsing experience - Runs a limited multi-tab version of Microsoft Edge.

Both experiences are running a Microsoft Edge InPrivate session, which protects user data.

Retroarch Kiosk Mode

Set up Microsoft Edge kiosk mode

An initial set of kiosk mode features is available to test with Microsoft Edge Stable Channel, version 87. You can download the latest version from Microsoft Edge (Official Stable Channel).

Kiosk mode supported features

The following table lists the features supported by kiosk mode in Microsoft Edge and Microsoft Edge Legacy. Use this table as a guide to transitioning to Microsoft Edge by comparing how these features are supported in both versions of Microsoft Edge.

FeatureDigitalInteractive SignagePublic browsingAvailable with Microsoft Edge version (and higher)Available with Microsoft Edge Legacy
InPrivate NavigationYY89Y
Reset on inactivityYY89Y
Read only address bar (policy)NY89N
Delete downloads on exit (policy)YY89N
F11 blocked (enter/exit full-screen)YY89Y
F12 blocked (launch Developer Tools)YY89Y
Multi tab supportNY89Y
Allow URL support (policy)YY89N
Block URL support (policy)YY89N
Show home button (policy)NY89Y
Manage favorites (policy)NY89Y
Enable printer (policy)YY89Y
Configure the new tab page URL (policy)NY89Y
End session button *NY89Y
All internal Microsoft Edge URLs are blocked, except for edge://downloads and edge://printNY89Y
CTRL+N blocked (open a new window) *YY89Y
CTRL+T blocked (open new tab)YN89Y
Settings and more (...) will display only the required optionsYY89Y
Restrict the launch of other applications from the browserYY90Y
UI print settings lockdownYY90Y
Set the new tab page as the home page (policy)NY90Y

Note

Features followed by '*' are only enabled in an assigned access single app scenario.

Use kiosk mode features

Microsoft Edge kiosk mode features can be invoked with the following Windows 10 command line options for Digital/Interactive signage and Public browsing.

Kiosk mode Digital/Interactive signage

Kiosk mode Public browsing

Additional command line options

Emulation Station Kid Mode

  • --no-first-run: Disable the first Microsoft Edge run experience.

  • --kiosk-idle-timeout-minutes=: Change the time (in minutes) from the last user activity before Microsoft Edge kiosk mode resets the user's session. Replace 'value' in the next example with the number of minutes.

    The following 'values' are supported:

    • Default values (in minutes)
      • Full screen - 0 (turned off)
      • Public browsing - 5 minutes
    • Allowed values
      • 0 - turns off the timer
      • 1-1440 minutes for reset on idle timer

Support policies for kiosk mode

Use any of the Microsoft Edge policies listed in the following table to enhance the kiosk experience for the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see Microsoft Edge – Browser policy reference.

Note

Policy configuration isn't limited to the policies listed in the following table, however additional policies should be tested to ensure that kiosk mode functionality isn't negatively affected.

Group policyDigitalInteractive signagePublic browsing single-app
PrintingYY
HomePageLocationNY
ShowHomeButtonNY
NewTabPageLocationNY
FavoritesBarEnabledNY
URLAllowlistYY
URLBlocklistYY
ManagedSearchEnginesNY
UserFeedbackAllowedNY
VerticalTabsAllowedNY
SmartScreen settingsYY
EdgeCollectionsEnabledYY

Microsoft Edge with assigned access

Single app kiosk

Microsoft Edge version 90 kiosk mode offers an extensive list of features. See the section of Kiosk mode supported features.With the following Windows updates you can configure Microsoft Edge via assigned access single app.

Operating SystemVersionUpdates
Windows 102004 or laterKB4601382 or later
Windows 101909KB4601380 or later

You can manage Microsoft Edge kiosk mode assigned access single app via Windows Settings and Intune.

Multi-app kiosk

Microsoft Edge can be run with multi-app assigned access on Windows 10, which is the equivalent of Microsoft Edge Legacy 'Normal browsing' kiosk mode type. To configure Microsoft Edge with multi-app assigned access, follow the instructions on how to Set up a multi-app kiosk. (The AUMID for the Microsoft Edge Stable channel is MSEdge).

Configure using Windows Settings

Windows Settings is the simplest way to set up one or two single-app kiosk devices. Use the following steps to set up a single-app kiosk computer.

  1. The minimum system updates for the operating systems listed in the next table.
Operating SystemVersionUpdates
Windows 102004 or laterKB4601382 or later
Windows 101909KB4601380 or later
  1. To test the latest features, you can download the latest Microsoft Edge Stable channel, version 89 or higher.

  2. On the kiosk computer, open Windows Settings, and type 'kiosk' in the search field. Select Set up a kiosk (assigned access), shown in the next screenshot to open the dialog for creating the kiosk.

  3. On the Set up a kiosk page, click Get started.

  4. Type a name to create a new kiosk account or choose an existing account from the populated dropdown list and then click Next.

  5. On the Choose a kiosk app page, select Microsoft Edge and then click Next.

    Note

    This only applies to Microsoft Edge Dev, Beta, and Stable channels.

  6. Pick one of the following options for how Microsoft Edge displays when running in kiosk mode:

    • Digital/Interactive signage - Displays a specific site in full-screen mode, running Microsoft Edge.
    • Public browser - Runs a limited multi-tab version of Microsoft Edge.
  7. Select Next.

  8. Type the URL to load when the kiosk launches.

  9. Accept the default value of 5 minutes for the idle time or provide a value of your own.

  10. Click Next.

  11. Close the Settings window to save and apply your choices.

  12. Sign out from the kiosk device and sign in with the local kiosk account to validate the configuration.

Retroarch

Retroarch Settings Missing

Functional limitations

With the release of this preview version of kiosk mode we're continuing work on improving the product and adding new features.

We currently don't support the following features and recommend that you turn off:

See also