WIN10 使用POWERSHELL 设置单应用KIOSK模式(win10家庭版或企业版)

win10 使用PowerShell 设置单应用kiosk模式

win10 家版或企业版PowerShellshell 启动器 v1Autologon.exe

注意事项

• win10 家庭版或企业版。
• 下载安装Autologon.exe。
• Shell 启动器 v1调用的应用程序不可有黑窗(类似cmd)。
• 以下示例采用账号：
  - 账户：'KIOSK'
  - 密码：'KIOSK'

设置步骤

新建用户

1.进入windows设置->账户->其他用户，点击'将其他人添加到这台电脑'；

2.右键用户，点击新用户,如图下操作：

下载并执行Autologon.exe：自动输入 Windows 登录用户密码

  

1. 开启功能：输入正确账号和密码后，点击图片'Enable'。
2. 关闭功能：输入正确账号后，点击图片‘Disable’。

使用 PowerShell 配置自定义 shell

新建文件'kiosk.ps1'(文件名随意)

'kiosk.ps1'文件内容

1. 文件内部关于'KIOSK'的地方都要修改成你新建用户的名称。
2. 文件内部'$ShellLauncherClass.SetCustomShell'第二个参数为调用程序的路径。
3. 文件最后有3段代表'开启'，'删除'，'禁用'，需要使用其中一个功能的时候，一定要注释其他两段，如下。

 

# Check if shell launcher license is enabled
function Check-ShellLauncherLicenseEnabled
{
    [string]$source = @"
using System;
using System.Runtime.InteropServices;

static class CheckShellLauncherLicense
{
    const int S_OK = 0;

    public static bool IsShellLauncherLicenseEnabled()
    {
        int enabled = 0;

        if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
            enabled = 0;
        }
        
        return (enabled != 0);
    }

    static class NativeMethods
    {
        [DllImport("Slc.dll")]
        internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
    }

}
"@

    $type = Add-Type -TypeDefinition $source -PassThru

    return $type[0]::IsShellLauncherLicenseEnabled()
}

[bool]$result = $false

$result = Check-ShellLauncherLicenseEnabled
"`nShell Launcher license enabled is set to " + $result
if (-not($result))
{
    "`nThis device doesn't have required license to use Shell Launcher"
    exit
}

$COMPUTER = "localhost"
$NAMESPACE = "rootstandardcimv2embedded"

# Create a handle to the class instance so we can call the static methods.
try {
    $ShellLauncherClass = [wmiclass]"\$COMPUTER${NAMESPACE}:WESL_UserSetting"
    } catch [Exception] {
    write-host $_.Exception.Message; 
    write-host "Make sure Shell Launcher feature is enabled"
    exit
    }


# This well-known security identifier (SID) corresponds to the BUILTINAdministrators group.

$Admins_SID = "S-1-5-32-544"

# Create a function to retrieve the SID for a user account on a machine.

function Get-UsernameSID($AccountName) {

    $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
    $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])

    return $NTUserSID.Value
    
}

# Get the SID for a user account named "KIOSK". Rename "KIOSK" to an existing account on your system to test this script.

$KIOSK_SID = Get-UsernameSID("KIOSK")

# Define actions to take when the shell program exits.

$restart_shell = 0
$restart_device = 1
$shutdown_device = 2

# Examples. You can change these examples to use the program that you want to use as the shell.

# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. 

$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)

# Display the default shell to verify that it was added correctly.

$DefaultShellObject = $ShellLauncherClass.GetDefaultShell()

"`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction

# Set Internet Explorer as the shell for "KIOSK", and restart the machine if Internet Explorer is closed.

$ShellLauncherClass.SetCustomShell($KIOSK_SID, "c:program filesinternet exploreriexplore.exe www.microsoft.com", ($null), ($null), $restart_shell)

# Set Explorer as the shell for administrators.

$ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")

# View all the custom shells defined.

"`nCurrent settings for custom shells:"
Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction

# Enable Shell Launcher

$ShellLauncherClass.SetEnabled($TRUE)

$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()

"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled

# Remove the new custom shells.

#$ShellLauncherClass.RemoveCustomShell($Admins_SID)

#$ShellLauncherClass.RemoveCustomShell($KIOSK_SID)

# Disable Shell Launcher

#$ShellLauncherClass.SetEnabled($FALSE)

#$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()

#"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled

管理员权限执行.ps1文件

编程好.ps1文件，使用管理员权限在'powerShell'上执行该文件，显示如下结果表示成功。

 

用户SID查询

powerShell执行'wmic useraccount get name,sid'即可，如下。

 

重启开机

重启开机后，黑屏，只显示唯一调用的程序界面。

相关连接

• https://docs.microsoft.com/zh-cn/windows/configuration/kiosk-shelllauncher
• https://stackoverflow.com/questions/33364908/how-to-run-an-application-as-shell-replacement-on-windows-10-enterprise
• https://github.com/microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleConfigXmls/README.md