Assigned Access and IE Metro

Hi there,

We are trying to use a Surface RT tablet with windows 8.1 installed to open a website on an internal server. We don't want any other site to be accessable so we essentially need a Kiosk mode for the metro version of IE 11 using Assigned Access. The problem is that we can get the Assigned Access to work and IE loads as it should and loads the page we want it to all fine - but all it takes is for someone to swipe up and they have an address bar to change the address - thats no good to us and makes the so called WIndows 8.1 Kiosk mode (aka Assigned Access) not particularly useful. Using desktop IE in Kiosk mode is no good either becuase you get charms bar etc on a normal Surface RT logon and I cannot get it to start on logon, startup folder seems to be ignored. We need it to be a totally locked down metro IE with no address bar, charms bar or anything else available - and which starts immediately on login.

Anybody got any suggestions please?

October 30th, 2013 5:22am

Hi,

We can try to use both Assigned Access and also IE Enhance protected mode.

Understanding Enhanced Protected Mode

http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx

Since we have limited testing environment, to better help you, please contact Surface support:

This is the Windows RT forum link.

http://answers.microsoft.com/en-us/windows/forum/windows_rt?auth=1

The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.  Thank you for your understanding.

Free Windows Admin Tool Kit Click here and download it now
October 31st, 2013 12:22pm

OK Thanks - Will post there instead.
October 31st, 2013 9:59pm

Unfortunately, the subsequent post that the original poster submitted on the other site directed him or her to post a thread on this site...nice circular support, Microsoft.

Fortunately for those who may come across this thread in the future, I have a very similar situation with a surprisingly easy answer. My solution is for computers running Windows 8.1 with Kiosk Mode (Assigned Access) enabled. It may not be pretty but it works, nonetheless. The original issue was preventing unauthorized browsing on a device set up as essentially a kiosk. My solution is four-fold.

First, edit the Host file with the IP address of the site you want the Kiosk Mode user to access. For example, if you ping google.com, the IP address you get would be the address you append in the Host file. For those who do not know, the host file is located at c:\windows\system32\drivers\etc. Within the Host file, add a line entry like this:

# (IP address of site)   Name of site

Next, edit the preferred and alternate DNS servers for the network adapter. To access the Network Settings, open the Control Panel, change to either Small Icons or Large Icons, and select Network and Sharing Center. Click on Change Adapter Setting in the upper left hand side of the new window. Right click on the network adapter in question and select Properties. Right click on the appropriate option (Iv4 or Iv6) and select Properties. In my example, I used 1.0.0.0 and 1.0.0.1. No other network changes are made.

Third, the Kiosk Mode interface uses the settings specified by the main account. For example, if the main account has sleep mode disabled, the Kiosk Mode user will never go to sleep. Under the main account, go to the site you want to use under Kiosk Mode but make sure you use the corresponding IP address you determined after you pinged the site. When that loads, I would recommend setting this site as the homepage.

This final step is optional but recommended. Log into the Kiosk Mode user. Internet Explorer will automatically load and the page you set as the home page under the main account. Swipe up to see the tab options and the address bar of the browser. Click on the star to set the page as a favorite. Additionally, I would pin the page to Start as well. Taking these proactive steps will prevent the Kiosk Mode user from changing setting if and when the main account changes.

Now, it does not matter if a person can swipe up to access the address bar. Based on your settings, the only site any browser on this computer will access is the IP address appended in the Host file. If this computer is truly for kiosk purposes, there would never need to be a time to access other sites. If that time ever comes, you simply temporarily edit the Host file and remove the bogus DNS servers.


  • Edited by Kiosk Mode Saturday, November 16, 2013 4:11 AM
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2013 7:09am

"Kiosk Mode", a DNS workaround as you recommend are too easy to exploit.  For example, I could enter the following address http://74.125.239.113  (aka Google).  Once there, I can search for most of what I need to exploit it further.


  • Edited by GrantPH2 Tuesday, December 31, 2013 3:26 AM
December 31st, 2013 6:25am

Have you found a better way to do this yet?  I am looking to do the same thing.  I really just wish Modern UI IE 10 had a kiosk mode like the desktop version.  
Free Windows Admin Tool Kit Click here and download it now
January 16th, 2014 8:47pm

In the end I found a Kiosk App in the store that lets you specify an address and that's the only page that opens when the app starts - I set this app as the assigned access start up app - that was enough for our needs.

January 16th, 2014 9:22pm

Good luck with that in Assigned Access mode - no other apps can run, no downloads are possible, no desktop, no shell etc with a decent proxy as well, it wouldn't be easy

Maybe someone would figure out a way eventually..

Free Windows Admin Tool Kit Click here and download it now
January 16th, 2014 9:27pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics