Windows 10 Internet of Things (IoT) is widely used in embedded devices across various domains, including point-of-sale terminals, medical devices, banking, and automotive systems. One of the important features of Windows 10 is “Kiosk mode” for Universal Windows Platform (UWP) and Window Desktop Application that is widely used in embedded devices. Kiosk mode is a feature in Windows operating system that allows a device to run only specified applications and settings. An administrator can use Kiosk mode to configure a device to allow only one specific application to run, ensuring a focused and secure user experience. Kiosk mode helps developers create a dedicated and locked down user experience on these fixed purpose devices like ATM machines, point-of-sale terminals, and medical devices.
Windows 10 IoT Enterprise does not natively support multiple dependent applications in the Kiosk mode and has security concerns with desktop applications. Let’s take an example of a medical device that requires multiple applications in Kiosk mode. Application1 is responsible for checking the integrity of various peripherals, validating the database, performing database clean-up if necessary, and managing pending application update processes. Once all validations and pending tasks are completed, the system launches Application2, which serves as the primary application. There are a few technical challenges that the developer faces while designing this architecture. They are as follows:
Problem 1: Natively, Windows 10 IoT Enterprise does not support multiple applications in the Kiosk mode.
Problem 2: The native application in Kiosk mode permits the use of CTRL + ALT + DEL that provides access to various options like “Task Manager”, “Change Password”, and others. Through the Task Manager, a user can gain access to Windows, browse files, and potentially install malicious software or drivers, compromising system security. In the context of a medical device, this poses significant security risks, as such features should not be accessible to regular users.
Problem 3: If the device has USB access, regular users can connect a keyboard and mouse to gain access to the Operating System (OS).
Then what’s the solution? Well, here is the answer…
This article covers technical details to support multiple dependent applications to run in Kiosk mode along with the locked-down user experience that restricts access to specific applications and system functionalities. This development technique is referred to as Custom Kiosk Mode in this whitepaper.
Let’s tackle Problem 1 – Multiple applications in Kiosk mode
Implement Custom Kiosk Mode:
Develop a lightweight MFC (Microsoft Foundation Class Library)/WinForms application that can be set as a user initialization startup. This ensures that the application launches automatically as soon as Windows performs the auto-login. The application should be lightweight, so it loads quickly and is able to display any information like company branding or product loading information when it launches.
-
Once the application is loaded, you can create a thread to handle the sequential or dependent launch of applications. The first application initializes interfaces, the second validates the database, and finally, the main application is launched. Create an array of applications to be launched, use CreateProcess and WaitForSingleObject in C++ OR Process. Start and WaitForExit in C# to launch the application. The process waits for the application to exit and then only it starts another application.
Please note:
-
As you have noted, we are changing the “Shell” registry not “Userinit”. If you change your custom application in the “Userinit” registry, Windows may not initialize essential services like network connectivity and time synchronization. This could cause issues if your application requires these services. Therefore, it is preferable to change the “Shell” entry in Winlogon instead.
-
If the administrator wants to initiate Windows desktop for maintenance purposes, you can change the “Shell” value to “explorer.exe” and call “userinit.exe” from “C:\Windows\System32”.
The end user still has access to the CTRL + ALT + DEL function, to be able to open the Task Manager and access the Windows OS.
Let’s tackle Problem 2 – Disabling CTRL + ATL + DEL for restricted access
Apply the following registry changes to disable access to the CTRL + ALT + DEL options:
After applying the above changes in the registry, the end user can see only the Restart and Shutdown options in the CTRL + ALT + DEL screen. Most of the embedded devices have Display with touch screen support so we can enhance security by disabling the keyboard and mouse.
Let’s tackle Problem 3 – Disabling the Keyboard and Mouse access
Most of the embedded devices have USB access to export data and can back up the system or system updates. USB interface also enables access to the keyboard and mouse for regular users, who can access the system and data. However, it causes security issues.
Let’s understand Windows 10 IoT boot-up sequence for embedded devices before disabling the keyboard and mouse.
Upon powering on the device, U-Boot starts and initializes all the hardware interfaces. After initializing the hardware, U-Boot then initiates the loading of the Unified Extensible Firmware Interface (UEFI). UEFI takes control of the hardware interface from U-Boot and updates the required hardware settings and performs the Power on Self-Test (POST). UEFI then loads the Boot Manager (Bootmgr). The Boot Manager is responsible for loading the Windows OS. Bootmgr reads the Boot Configuration Data (BCD) store that contains boot configuration parameters. These parameters determine the OS to be loaded. The Windows Boot Loader (winload) is executed that loads the essential kernel drivers, the Windows kernel (ntoskrnl.exe), and the hardware abstraction layer (HAL). Then it starts initializing the user mode driver, the class driver (responsible for keyboard and mouse), and services.
So, if we must disable the keyboard and mouse, we must do that before the class driver initializing starts. The KMDF (Kernel-Mode Driver Framework) driver is a good option to disable the keyboard and mouse. Let’s create a KMDF driver to do so.
Please note:
-
After installing the KMDF driver, it loads during the OS boot-up and enforces restrictions on the keyboard, mouse, and CTRL + ALT + DEL. The advantage of applying these settings through the KMDF driver is that if a user modifies the registry settings, the KMDF driver reapplies the restrictions during the OS boot, preventing the user from gaining access to the OS.
-
As you can see, now we have the User SID. We can set different registry values like DisableTaskMgr, DisableLockWorkstation, DisableLogoff, DisableChangePassword, HideFastUserSwitching, and NoLogoff.
-
Please note:
-
The registry data type must be “REG_DWORD”.
-
If you would like to disable all the settings, then set the DWORD as 1 and 0 to re-enable those settings.
Conclusion:
Windows IoT is designed for robust equipment used in different industries like medical, automative, industrial automation, banking, and point-of-sales terminal. Windows 10 IoT operating system provides full enterprise management capability, enterprise-class power, and security. The implementation of Custom Kiosk Mode in Windows 10 IoT Enterprise involves creating a controlled and secure environment by developing a startup application and modifying registry keys from the Windows OS as well as the KMDF driver to restrict user access and disable potentially insecure options. This is an important feature that Windows 10 developers can implement while dealing with Windows 10 IoT devices.
References:
- https://learn.microsoft.com/en-us/windows/iot/iot-enterprise
- https://learn.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/writing-a-very-small-kmdf--driver
- https://learn.microsoft.com/en-us/windows/iot/iot-enterprise/customize/kiosk-mode
Author Bio:
Gaurav Dhol is a seasoned Technical Architect with over 14 years of experience in Windows 10 IoT, C++, embedded devices, QT, and Windows drivers. He has led numerous projects integrating IoT solutions with Windows systems and optimizing hardware performance with custom drivers. Gaurav is skilled in C++ and QT, developing high-performance applications and user interfaces. A mentor and thought leader, he is known for his problem-solving ability and strategic vision, driving innovation and operational efficiency across teams.
