From Windows 8.1 you can use Assigned Access . This may have worked well in Windows 8.1 however from my testing i could not get Edge as assigned access only works for "Apps". In windows 8.1 IE could run in "Metro app" style therefore may have worked. AppLocker could be used to lock down a machine and restrict access to only specific programs, however setup for this is tedious and there are simply too many variables to lock down. Internet Explorer can be run in "Kiosk Mode" (iexplore -k). This is fine if you were using the Kiosk for a single website however does not allow users to easily navigate to other sites. This approach would work fine for a Library catalogue machine or similar.





The approach i ended up taking was to take advantage of an old group policy called "Custom User Interface". This is located in User>Admin Templates>System.



This policy takes advantage of :





Key path: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value name: Shell Value type: REG_SZ

















With this approach you can replace explorer.exe with iexplore.exe and you are away, of course you would need to lock the machine down with settings like "Remove Task Manager" etc but this approach works well..





However.





Of course within a Kiosk environment i would like to prevent the users from being able to close Internet Explorer, because if they would there would be no way to restart it besides rebooting the machine.





File Menu: Disable closing the browser and Explorer Windows.









The issue i now faced was, I cant prevent IE from causing issues when using tabs, and i cant allow IE to stay closed as users would be left with nothing...





The solution was simple, build what under other circumstances would be the most annoying program ever.





"Loop IE" is simple, it will run as a hidden process and force open iexplore.exe every time its closed after a delay of 5 seconds.





Edit: Updated below version to v2.





You can download HERE

Download and then place the file on the machines local disk (eg c:\Program Files\LoopIE\LoopIE.exe). The settings file controls two options.





1. The URL to lauch

2. Kiosk mode, on or off.





Configure the below registry key (Or Custom User Interface GPO)





Key path: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value name: Shell Value type: REG_SZ

Value: c:\Program Files\LoopIE\LoopIE.exe







There you have it, users can close IE however it will come back, forever!









Here is a report of the group polices i have applied to my Kiosk OU.













Cheers,





Dan



















