The goal of this project is a simple Windows 7 Kiosk installation with nothing else as the newest version of internet explorer installed. A user should not be allowed to do something than can malfunction the system or even elevating the user privileges. I want to show you in this post which GroupPolicies I’ve used and what configurations I made to set up this type of installation.
First I want to commit my principles for working with ActiveDirectory and Group Policies:
- If not needed a GroupPolicy shouldn’t contain any registry keys.
- Group Policies instructions are much easier to read.
- Only AMDX templates are allowed, this means no AMD templates or anything else.
- AMDX won’t in contrast to AMD templates becopied to the client, they stay in the SYSVOL Policy Definition folder on the domain controller.
- The Group Policy objects should be reusable.
- Configuring the minimum.
The logged in user can…
- visit websites
- printing a document
- searching the internet
- and lock the computer, this was not supposed to be enabled, but I couldn’t find a way yet to disable this feature.
The setup of the windows workstation is very simple:
- Windows 7 Profession
- Internet Explorer 10
The Group Policy Management Console is equipped with newest Windows 7 AMDX templates.
The following section shows the policies I’ve used to restrict the access to the computer and it’s programs.
Add a desktop wallpaper.
Remove Desktop Icons
Remove the default desktop icons.
Remove System Buttons
Remove the start system buttons and the options showed after click Ctrl + Alt + Delete.
Restricted Start Menu
Remove the all items in the windows start menu.
Denie any possiblity to customize the windows taskbar.
Adds a simple icon to the desktop.
Delete the browser cache on exit.
Disable Save Passwords
Internet explorer is not allowed to prompt for saving password information.
Hide internet explorer menus.