Windows - 11 Kiosk

| Limitation | Workaround | |------------|-------------| | Only UWP apps in single-app mode | Use Edge kiosk to host a web app / PWA | | No multi-app in Pro | Upgrade to Enterprise or use 3rd-party launcher (e.g., KioWare) | | App must handle fullscreen crashes | Implement watchdog script restarting app | | No mouse auto-hide | Use SetCursorPos in background script | | Windows key still opens Start (sometimes) | Remap via Set-WinUserLanguageList or AutoHotkey |

There are several methods to deploy kiosk mode, depending on the scale of your operation: 1. Local Configuration (Best for 1-5 devices) windows 11 kiosk

| Attack vector | Mitigation | |---------------|-------------| | | Filter keys / disable via FilterAdministratorToken , GPO | | Sticky keys / accessibility | Delete sethc.exe , utilman.exe backups | | USB storage | GPO: Administrative Templates > System > Removable Storage Access | | Task Manager | Disable via HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System → DisableTaskMgr = 1 | | Windows Update interruptions | Configure active hours, use kiosk_mode servicing policy | | On-screen keyboard | Disable via GPO or remove osk.exe | windows 11 kiosk