Locking down a Win XPe

  • Thread starter Thread starter Keisha
  • Start date Start date
K

Keisha

Hi,
I need to know if it's possible to lock down an XPe (run in
kiosk-mode) on a thin client (a HP T5700) without designing a new
shell? (I'm a technician, not a programmer!) All links relating to
this seem to lead to Microsofts MSDN-pages referring to some
developer-studio where I'm supposed to redesign the entire structure
of the shell? I just can't imagine this is not possible, although I
spent the entire day yesterday trying to find some info on this...

(Interestingly, HP had a complete how-to documentation with exact
steps on how to do this on a Win CE running on T5300 and T5500, but
nothing on XPe....)

Hope someone can help!

best regards,
Keisha
 
Keisha,

By "locking down" do you mean just a lock of workstation (thin client)?
Although you mentioned you are not a programmer, the best and easiest way
would be in writing a very simple app that calls to LockWorkStation() API
(if you need to lock the console) or ExitWindowsEx(EWX_LOGOFF,EWX_FORCE) (if
you need to logoff the user). You may also use rundll.exe syntax to call the
APIs from a batch.
Another way is to use a third party tool, like the PsShutdown from
sysinternals.com.
http://www.sysinternals.com/ntw2k/freeware/psshutdown.shtml. Usage:
"psshutdown.exe -l" or "psshutdown.exe -o".

KM
 
Hi KM and thanks for your reply!
Yes, the T5700 is a thin client, basically designed for running Citrix
or other mainframe client software.
This however, is aimed to be a stand-alone client running ONLY
Internet Explorer for the "User" login.
All other menus and items must be removed from this profile.
Maybe it's a very simple app you're suggesting me to write, but I have
no experience what so ever in programming, so writing API's is not an
option....
I hoped there was some other way, editing the Windows registry
somehow.... something in that way.
No need for shutting down the client automatically, only a way of
removing start-menu, controlpanel, etc....
Still hoping that there are a way to do this!

regards,
Keisha
 
The best way may be to replace the explorer shell with IE?

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGIN\SHELL
 
Keisha,

Are you trying to run Internet Explorer as the shell? You can do that no
problem by following the XPe documentation on creating a custom shell. Or
follow this link.....
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnxpembed/html/custshell.asp

You can also start IE in "kiosk" mode with the -k switch. Something like
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -k

This will start IE full screen with no menus, etc...

HTH,
--
Brad Combs
Imago Technologies, LLC

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Tell
Microsoft!
https://www.windowsembeddedeval.com/community/newsgroups
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Hi guys, I have tried a couple of your suggestions. Exchanging the
shell under HKLM\Software\microsoft\windows NT\current
version\winlogon\shell to iexplore.exe, and this could have been a
great solution IF I could add a shourtcut to Internet Explorer to the
USER profile's Startup dir (which I can't - I get a message saying
"This feature is not available"). I also tried to add the string
iexplore.exe -k to the HKLM\Software\microsoft\windows\current
version\Run key, but obviously this needs Explorer.exe as the shell,
otherwise it won't start..........

If I keep the explorer.exe as the shell and add the Iexplore.exe to
the Run subkey, this would be fine if the user wouldn't be able to
shut it down by Alt + F4.


Installing the development tools and start learning programming API's
and design a new shell is a way too big a project...

Well... I hope I'll find something on the winguides.com page, or that
someone have another suggestion. Anyway, thanks a lot for your input.
/K
 
Hi again!

Now I've reached a probable solution - connected to the T5700 from an
ordinary PC through MMC and added the group policy snap-in.
Here I could do a lot!!

BUT!! The problem is that these settings also apply to the local
administrator account on the T5700........!!!....!!...
 
You may want to look at third party IE lockdown products. These are offered
by a variety of Kiosk vendors. Netshift springs to mind.

Howard
 
Keisha,

Why would you need to run IE shortcut as a StartUp item (which would not be
supported if you change Shell from Explorer) if you have IE as a shell?

If you need more things to launch at start up, you may set CMD as you shell
([HKLM\...\Winlogon],"Shell" reg.value) and launch it with a batch file (/C
or /K <your batch file path>). The batch file may launch anything you want
to.
 
KM said:
Keisha,

Why would you need to run IE shortcut as a StartUp item (which would not be
supported if you change Shell from Explorer) if you have IE as a shell?

If you need more things to launch at start up, you may set CMD as you shell
([HKLM\...\Winlogon],"Shell" reg.value) and launch it with a batch file (/C
or /K <your batch file path>). The batch file may launch anything you want
to.
Click to expand...

Hi again KM!
First I only switched the shell to Iexplorer, but this didn't launch
internet explorer at all, I got an empty screen instead - which I also
wanted to have, to start with.
Thanks a lot for the tip on the batch-file!

Anyways, I think I will go for the last one - editing the group policy
from another computer, even if this locks down the admin profile too.
Admin can always open it up again, and also run task manager, open the
regeditor etc.

Thanks a lot guys, I have at least learned a lot.

best regards,
Keisha
 
Back
Top