locked
How do I undo kiosk mode RRS feed

  • Question

  • I was testing some windows 10 laptops in Kiosk mode configured via Powershell

    param(
    	$kioskUser = "PublicKiosk",
    	$kioskProgram = "c:\program files\internet explorer\iexplore.exe"
    )
    $computer = "localhost"
    $namespace = "root\standardcimv2\embedded"
    
    Dism /online /Enable-Feature /FeatureName:Client-EmbeddedShellLauncher
    
    # Create a handle to the class instance so we can call the static methods.
    $ShellLauncherClass = [wmiclass]"\\$computer\${NAMESPACE}:WESL_UserSetting"
    
    # Create a function to retrieve the SID for a user account on a machine.
    function Get-UsernameSID($AccountName) {
        $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
        $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
        return $NTUserSID.Value
    }
    
    # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
    $Admins_SID = "S-1-5-32-544"
    # Get the SID for a user account
    $kioskUser_SID = Get-UsernameSID($kioskUser)
    
    # Define actions to take when the shell program exits.
    $restart_shell = 0
    $restart_device = 1
    $shutdown_device = 2
    
    # Set Internet Explorer as the shell for $kioskUser, and restart the machine if it's closed.
    $ShellLauncherClass.SetCustomShell($kioskUser_SID, $kioskProgram, ($null), ($null), $restart_shell)
    
    # Set Explorer as the shell for administrators.
    $ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")
    
    # Enable Shell Launcher
    $ShellLauncherClass.SetEnabled($TRUE)

    and now I want to revert to normal, non-kiosk behavior on these systems but I can't figure it out :-/ Here's how I am trying to remove the kiosk behavior:

    $computer = "localhost"
    $namespace = "root\standardcimv2\embedded"
    
    # Create a handle to the class instance so we can call the static methods.
    $ShellLauncherClass = [wmiclass]"\\$computer\${NAMESPACE}:WESL_UserSetting"
    
    # Remove custom shells
    Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select-Object -ExpandProperty Sid | ForEach-Object { $ShellLauncherClass.RemoveCustomShell($_) }
    
    # Disable Shell Launcher
    $ShellLauncherClass.SetEnabled($FALSE)
    
    #Remove feature and schedule the reboot required to complete removal
    Dism /online /Disable-Feature /FeatureName:Client-EmbeddedShellLauncher
    Restart-Computer -Delay 120


    born to learn!


    • Edited by AJM Admin Wednesday, February 3, 2016 6:27 PM
    Wednesday, February 3, 2016 5:52 PM

Answers

  • Well for anyone that was curious, here's what ACTUALLY works:

    $computer = "localhost"
    $namespace = "root\standardcimv2\embedded"
    
    # Create a handle to the class instance so we can call the static methods.
    $ShellLauncherClass = [wmiclass]"\\$computer\${NAMESPACE}:WESL_UserSetting"
    
    # Remove custom shells
    Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select-Object -ExpandProperty Sid | ForEach-Object { $ShellLauncherClass.RemoveCustomShell($_); $ShellLauncherClass.SetCustomShell($_, "explorer.exe") }
    
    # Disable Shell Launcher
    $ShellLauncherClass.SetEnabled($FALSE)
    
    #Remove feature and schedule the reboot required to complete removal
    Dism /online /Disable-Feature /FeatureName:Client-EmbeddedShellLauncher
    Restart-Computer


    born to learn!

    • Marked as answer by AJM Admin Wednesday, February 3, 2016 6:28 PM
    Wednesday, February 3, 2016 6:27 PM

All replies

  • Is there a question?

    \_(ツ)_/

    Wednesday, February 3, 2016 5:58 PM
  • Yep. In the first post...Again for your reference: how do I revert to normal shell for all users? The approach posted doesn't accomplish that, but I don't know why.


    born to learn!

    Wednesday, February 3, 2016 6:11 PM
  • Dism /online /Disable-Feature /FeatureName:Client-EmbeddedShellLauncher


    \_(ツ)_/

    Wednesday, February 3, 2016 6:13 PM
  • Doing solely that (or all the steps together in the second code snippet), any user logging on is left at a blank screen. You can control+alt+delete to get task manager, etc, but that's it. The normal explorer shell doesn't launch as expected.

    born to learn!

    Wednesday, February 3, 2016 6:18 PM
  • Well for anyone that was curious, here's what ACTUALLY works:

    $computer = "localhost"
    $namespace = "root\standardcimv2\embedded"
    
    # Create a handle to the class instance so we can call the static methods.
    $ShellLauncherClass = [wmiclass]"\\$computer\${NAMESPACE}:WESL_UserSetting"
    
    # Remove custom shells
    Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select-Object -ExpandProperty Sid | ForEach-Object { $ShellLauncherClass.RemoveCustomShell($_); $ShellLauncherClass.SetCustomShell($_, "explorer.exe") }
    
    # Disable Shell Launcher
    $ShellLauncherClass.SetEnabled($FALSE)
    
    #Remove feature and schedule the reboot required to complete removal
    Dism /online /Disable-Feature /FeatureName:Client-EmbeddedShellLauncher
    Restart-Computer


    born to learn!

    • Marked as answer by AJM Admin Wednesday, February 3, 2016 6:28 PM
    Wednesday, February 3, 2016 6:27 PM