win10 使用PowerShell 设置单应用kiosk模式
注意事项
- win10 家庭版或企业版。
- 下载安装Autologon.exe。
- Shell 启动器 v1调用的应用程序不可有黑窗(类似cmd)。
- 以下示例采用账号:
- 账户:'KIOSK'
- 密码:'KIOSK'
设置步骤
新建用户
1.进入windows设置->账户->其他用户,点击'将其他人添加到这台电脑';
2.右键用户,点击新用户,如图下操作:
下载并执行Autologon.exe:自动输入 Windows 登录用户密码
- 开启功能:输入正确账号和密码后,点击图片'Enable'。
- 关闭功能:输入正确账号后,点击图片‘Disable’。
使用 PowerShell 配置自定义 shell
新建文件'kiosk.ps1'(文件名随意)
'kiosk.ps1'文件内容
1. 文件内部关于'KIOSK'的地方都要修改成你新建用户的名称。
2. 文件内部'$ShellLauncherClass.SetCustomShell'第二个参数为调用程序的路径。
3. 文件最后有3段代表'开启','删除','禁用',需要使用其中一个功能的时候,一定要注释其他两段,如下。
1 # Check if shell launcher license is enabled 2 function Check-ShellLauncherLicenseEnabled 3 { 4 [string]$source = @" 5 using System; 6 using System.Runtime.InteropServices; 7 8 static class CheckShellLauncherLicense 9 { 10 const int S_OK = 0; 11 12 public static bool IsShellLauncherLicenseEnabled() 13 { 14 int enabled = 0; 15 16 if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) { 17 enabled = 0; 18 } 19 20 return (enabled != 0); 21 } 22 23 static class NativeMethods 24 { 25 [DllImport("Slc.dll")] 26 internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value); 27 } 28 29 } 30 "@ 31 32 $type = Add-Type -TypeDefinition $source -PassThru 33 34 return $type[0]::IsShellLauncherLicenseEnabled() 35 } 36 37 [bool]$result = $false 38 39 $result = Check-ShellLauncherLicenseEnabled 40 "`nShell Launcher license enabled is set to " + $result 41 if (-not($result)) 42 { 43 "`nThis device doesn't have required license to use Shell Launcher" 44 exit 45 } 46 47 $COMPUTER = "localhost" 48 $NAMESPACE = "rootstandardcimv2embedded" 49 50 # Create a handle to the class instance so we can call the static methods. 51 try { 52 $ShellLauncherClass = [wmiclass]"\$COMPUTER${NAMESPACE}:WESL_UserSetting" 53 } catch [Exception] { 54 write-host $_.Exception.Message; 55 write-host "Make sure Shell Launcher feature is enabled" 56 exit 57 } 58 59 60 # This well-known security identifier (SID) corresponds to the BUILTINAdministrators group. 61 62 $Admins_SID = "S-1-5-32-544" 63 64 # Create a function to retrieve the SID for a user account on a machine. 65 66 function Get-UsernameSID($AccountName) { 67 68 $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) 69 $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) 70 71 return $NTUserSID.Value 72 73 } 74 75 # Get the SID for a user account named "KIOSK". Rename "KIOSK" to an existing account on your system to test this script. 76 77 $KIOSK_SID = Get-UsernameSID("KIOSK") 78 79 # Define actions to take when the shell program exits. 80 81 $restart_shell = 0 82 $restart_device = 1 83 $shutdown_device = 2 84 85 # Examples. You can change these examples to use the program that you want to use as the shell. 86 87 # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. 88 89 $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) 90 91 # Display the default shell to verify that it was added correctly. 92 93 $DefaultShellObject = $ShellLauncherClass.GetDefaultShell() 94 95 "`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction 96 97 # Set Internet Explorer as the shell for "KIOSK", and restart the machine if Internet Explorer is closed. 98 99 $ShellLauncherClass.SetCustomShell($KIOSK_SID, "c:program filesinternet exploreriexplore.exe www.microsoft.com", ($null), ($null), $restart_shell) 100 101 # Set Explorer as the shell for administrators. 102 103 $ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe") 104 105 # View all the custom shells defined. 106 107 "`nCurrent settings for custom shells:" 108 Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction 109 110 # Enable Shell Launcher 111 112 $ShellLauncherClass.SetEnabled($TRUE) 113 114 $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() 115 116 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled 117 118 # Remove the new custom shells. 119 120 #$ShellLauncherClass.RemoveCustomShell($Admins_SID) 121 122 #$ShellLauncherClass.RemoveCustomShell($KIOSK_SID) 123 124 # Disable Shell Launcher 125 126 #$ShellLauncherClass.SetEnabled($FALSE) 127 128 #$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() 129 130 #"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
管理员权限执行.ps1文件
编程好.ps1文件,使用管理员权限在'powerShell'上执行该文件,显示如下结果表示成功。
用户SID查询
powerShell执行'wmic useraccount get name,sid'即可,如下。
重启开机
重启开机后,黑屏,只显示唯一调用的程序界面。
相关连接
- https://docs.microsoft.com/zh-cn/windows/configuration/kiosk-shelllauncher
- https://stackoverflow.com/questions/33364908/how-to-run-an-application-as-shell-replacement-on-windows-10-enterprise
- https://github.com/microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleConfigXmls/README.md