Jared Heinrichs

  • Technology Blog
  • Winnipeg Computer Repair
  • Winnipeg Photographer
  • Cooking With Jared
You are here: Home / Operating System / Windows 7 / How to turn a Windows 7 PC into a Kiosk

Jan 12, 2010 By Jared Heinrichs 13 Comments

How to turn a Windows 7 PC into a Kiosk

Requirements

Windows 7 Professional or higher. You can not do this with the home versions.

Steps to lock down the Kiosk Computer

How to lock down the computer basically leverages local Group Policy (although there is no reason you can’t do this in global group policy on your Windows Small Business Server 2008 machine) to allow users to only run certain applications.  Thus preventing users from getting into trouble and lowering your total cost of ownership on that client PC (or your whole network).

If you have a shared or public computer you might want to allow users to use only specified programs. Today we take a look at a setting in Local Group Policy that allows you to set only specified programs to run.

First click on Start and enter gpedit.msc into the search box and hit Enter.

Navigate to User Configuration \ Administrative Templates \ System. Then under Setting scroll down and double click on Run only specified Windows applications.

image

Set it to Enabled, then under the Options section click on the Show button next to List of allowed applications.

image

A Show Contents dialog comes up where you can type in the apps you want to allow users to run. When finished with the list, click OK then close out of Local Group Policy Editor.

image

If a user tries to access an application that is not on the specified list they will receive the following error message.

image

This is a nice feature for limiting what programs users can or cannot access on the computer.

Filed Under: Windows 7 Tagged With: How To

Comments

  1. Thomas says

    Feb 18, 2010 at 6:07 am

    But afterwards you can’t get back into the Group Policy Editor?

  2. Jared Heinrichs says

    Feb 18, 2010 at 9:38 pm

    No. You should be able to get back into the group policy editor as long as you are an administrator of the computer.

  3. Chris Eytcheson says

    Apr 9, 2010 at 3:05 pm

    I just tried to get back into the editor and it won’t let me.
    I am a Domain admin

  4. Jared Heinrichs says

    Apr 13, 2010 at 5:31 am

    Have you tried logging on as a local admin? Sounds like you made the Group Policy settings too restrictive. If you still can’t get back on unplug the computer from the network. Go into safemode. There are tools you can download that will remove Group Policy restrictions (I like the “Geek Squad” CD for that) and then apply the settings you wish to have. Sorry for the late response. Just had a baby and we’re in the process of moving.

  5. Timo Waltari says

    Jun 2, 2010 at 12:23 am

    Same thing happenned to me too. I was in local administrators group but nevertheless I was restricted from running anything else but word in my case.

    It was easily fixed by launching mmc from remote computer in same network. Then I added snap-in “Group Policy Object Editor” which asked if I would like to edit local or remote computer. I specified restricted remote computers name and then I was able to modify restrictions.

    Both computers were Windows 7 but I would believe that it goes same way with previous Windows releases.

    Hope that this helps somebody 🙂

  6. jeffl012 says

    Nov 30, 2010 at 2:59 pm

    There are many security/kiosk apps out there that simplify the Group Policy editor. We use one called Secure Lockdown by Inteset. It eliminates the need to futz around with a billion settings. It’s perfect for Windows 7 kiosks (we use it with Windows 7 Premium).

  7. Pronost says

    Jan 25, 2011 at 7:37 am

    Just change the NTFS file permissions on the file MMC.EXE to only allow LocalAdministrators or DomainAdministrators to execute the file and just add MMC.EXE to the list of allowed programs in the GPO.

  8. Ron Decker says

    May 31, 2011 at 11:57 am

    Guys! Simply open MMC.EXE Add Group Policy Editor. Hit next. Then ADD it AGAIN only this time you will notice a tab at the top! Select Non-Administrators and THEN you can set your policies.

    Using GPEDIT is GLOBAL. But not if you use it in the context I just mentioned

    Good Luck!

    Ron!

  9. Jay says

    Aug 18, 2011 at 2:03 pm

    Why not simply add a hot key combo to a shortcut to get back into mmc.exe

  10. Gerallt says

    Jan 24, 2012 at 7:13 pm

    You also need to add mmc.exe into the list of allowable applications if you want to get back into it. Otherwise you will need to locate the policy in the Windows Registry – if you have disabled the Registry Editor then you will have to use a 3rd party registry editor that relies on API calls to access the registry.
    -GF

  11. Ralf says

    Mar 7, 2012 at 4:26 am

    I use the parental protection for that. For each user you can setup the parental permission to run certain programs. A limited account should do the job.

    Hope that helps.
    Ralf

  12. Jawwad says

    Aug 8, 2012 at 7:13 am

    I am stuck with this. I added programs and now want to do changes. Now Win7 Pro is not allowing me to open gpedit.msc
    Please advise how to do that?
    The computer is standalone machine and it is not connected to any network or domain.

    Urgent Help required.

    Thanks in advance.

    Jawwad

  13. Gustavo Valente says

    Aug 3, 2016 at 5:23 am

    Hi guys,

    I managed to fix it through regedit in Safe Mode Command Prompt. Steps below:

    1. Start in Safe Mode Command Prompt (it must be Safe Mode COMMAND PROMPT, or else regedit won’t start)
    2. Type regedit on command prompt
    3. Find the folder “RestrictRun”
    4. Change the value of the key inside that folder to 0

    Hope it helps!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Board Game Rules
  • Camera
  • Computer Hardware
    • Blackberry
    • drivers
    • iPad
    • Magic Jack
    • USB
  • Damn Small Linux
  • Exam Notes
  • Facebook
  • FREE Flashcards
  • Games
    • PC
      • League of Legends
    • Wii
    • xbox 360
  • Music
  • Networking
    • Cisco Certification
    • Mitel
    • Palo Alto Firewall
  • News
    • Google
    • Microsoft
  • Operating System
    • Active Directory (2003)
    • Android
    • Command Prompt
    • Damn Small Linux
    • Group Policy
    • Hyper-V
    • IIS
    • ISA 2006
    • Mac OS X
    • Microsoft Exchange Server
    • Powershell
    • Security
    • SME Server
    • Terminal Server 2003
    • Ubuntu Linux
      • Adito Web SSL VPN
      • OpenVpn-als
      • Webmin
    • Virtual Machine Manager
    • Windows 2003 SBS
    • Windows 2003 Server
    • Windows 2008
    • Windows 2008 R2
    • Windows 2012R2
    • Windows 7
    • Windows 8
    • Windows Command Line
    • Windows Deployment Services
    • Windows Server Backup
    • Windows Vista
    • Windows XP
  • Phones
  • Photography
  • Photos
    • Animals
    • Misc
    • Nature
    • Portraits
  • Portfolio
  • Programming
    • CSS
    • HTML
    • jQuery
    • MySQL
    • PHP
    • Script
  • Programs
    • Acrobat
    • Acrobat Reader
    • Adobe Dreamweaver
    • Adobe Illustrator
    • Adobe Photoshop
    • Anti-virus Software
    • Antivirus
    • Backup Exec
    • Bittorent
    • Blackberry BESADMIN
    • Internet Explorer 9
    • Lightroom
    • Microsoft Office
    • Netbeans
    • Onenote
    • Outlook
    • Shelby
    • Sysprep
    • Trend
    • Video Editing
    • Visual Studio
    • Windows Live Writer
    • WireShark
    • XP Mode
    • Zarafa
  • Recipe
  • Review
  • Software Links
  • Troubleshooting
  • Uncategorized
  • Videos
  • Web Applications
    • Brage
    • Google
    • Spiceworks
    • Wordpress
  • Web Browsers
    • Internet Explorer
  • Web Server
    • XAMPP
  • Winnipeg
    • ISP

Try searching this site!

Copyright © 2021 Winnipeg Web Design