Windows – How to launch Chrome in kiosk mode in a Windows 8.1 kiosk (assigned access) account

google-chromekioskwindows 8windows 8.1

We are trying to set up a web application in a kiosk mode using Chrome in Windows 8.1. I have been able to create an "assigned access" account (the new Windows 8.1 kiosk feature) that will log in and lock the user into Chrome. This works quite well in that Chrome starts up when the user logs in, takes the whole screen, and the user can't access any other applications.

But this is not sufficient for us. When Chrome is run this way the address bar is visible and the user can close tabs and open new ones using keyboard shortcuts. We need to lock the kiosk into a single web application and not allow the user to navigate elsewhere. The assigned access mode requires a Windows 8 Metro-style app, so I don't know of any way to supply command-line arguments to the Chrome instance.

Has anyone done this on Windows 8 or 8.1, using assigned access or any other method? I've looked into using the JavaScript fullscreen API, but that requires user interaction, and the user can always cancel the fullscreen mode and get back to the address bar.

Best Answer

After doing some research this is the most foolproof solution I can think of:

  1. Create a new user account
  2. Using Group Policy, restrict the use of the Task Manager and block the Run command which appears when you press WIN+R. Also restrict the use of the context menu.
  3. Using either Group Policy or Task Scheduler, assign a logon script for the user. Before you specify the path, open notepad and save a blank file as logon.bat in a location of your choosing
  4. Use the path of logon.bat as the path for the logon script. If using Task Scheduler, make sure the trigger is define as User logon and add the /min paramater to the actions tab.
  5. Hide the folder that the batch file is in (using File Explorer)

  6. Open the batch file you have created using Notepad. Add the following to the batch file:

    @echo off
TITLE Chrome Kiosk Mode
taskkill /f /im explorer.exe
start "" "chrome.exe" --chrome-frame --kiosk -incognito /max

You may need to change chrome.exe to the exact filepath to chrome.exe on your machine.

Now, if the user closes the current Chrome window, they will not be able to do anything. Because we killed Windows Explorer at logon, they cannot browse files, or use the GUI. And because we blocked the Run command and Task Manager, they cannot start any applications either.

Related Question