Category Archives: Kiosk Mode

Kiosk Software – KioWare for Windows – new version

New KioWare kiosk software for Windows

KioWare released version 8.5 of KioWare kiosk software for Windows with a KioWare Kiosk Softwareton of new features and enhancements.  See press release online at KioWare site.

James Kruper, President of KioWare notes, “system security should be reliable and easy to configure with a strong feature set for kiosk customization. This update of KioWare for Windows adds RFID scanners & Flatbed scanners, along with system monitoring tools and even more options for customization.”

The latest release adds support for

  • RFID Scanners,
  • Flatbed Scanners,
  • Watchport Devices,
  • System Battery Monitors
  • now supports Chrome 49.
  • The latest version adds support for switching between virtual keyboard languages.
  • There is also a new User Interface for File Upload Controls and choosing a file download destination.
  • This provides kiosk deployers with the ability to manage file uploads and downloads without opening the entire file system to kiosk users.
kiosk software security
Click to expand for complete view

Monitored devices such as the Watchport/H and Watchport/T (for Humidity & Temperature monitoring) are also now supported.  System Battery Monitoring is also now available. For a full device list, visit our supported devices tool.

 

Link to press release:

http://www.kioware.com/news.aspx?nid=270

PC Security Advice & Resources

PC Security for Kiosks is a big deal for sure.

Hacks into PCs bring to mind words like “Payload”.  We manage this website and just the security threats to your basic WordPress website is unprecedented.

A few days ago a new “Attack Platform” showed up for WordPress.

The first inclination is to shrug it off a bit and point out we speak of a website, yet many kiosks are running content and are connected to that very infrastructure. Thus they are at risk.

There are a couple of “goes without saying” precautions that should be considered:

  • Use a lockdown. There are several from KioWare, PROVISIO, KioskSimple, TIPS and KIOSK Core.  These all “lock down” the common entry points like when the OS boots up, where the browser goes, and at what privilege level a user has available (and it won’t be root or admin).
  • Use a secure OS.  Powering off a machine and back up is a critical juncture.  Are there USB ports exposed, and which are enabled?  Windows Embedded, POSReady and other windows iterations are designed for this industrial type use (also known as unattended).
  • Physical access to the machine and PC needs to be controlled.
  • “Tweaking” windows with assigned access and policies is fine but it usually takes multiple tries to finally lock down some of what the lockdowns lock down.
  • Windows Patch management (or Linux) — how are you going to implement that remotely and unattended?
  • How do you manage all those terminals.
  • What about the backoffice?  Many “breaches” are into the datastores that the kiosks are building/using back in the office. Security begins at home…
  • Do you have contractors logging into your network?  Take some advice from Target. Eliminate it or force them to log in only on secured terminals, not cheap PCs running freeware Malware protection (which doesn’t always update).

That’s some quick advice.

Here are some interesting and useful whitepapers out there.

 

More articles

Kiosk Software – The latest version of KioWare for Windows simplifies the kiosk set up process.

Newest KioWare for Windows Released

Highlights are:

  1. New KioWare Classic Importer Tool.  KioWare has added an importer tool that allows users of KioWare Classic for Windows to import their configuration settings easily for use with the new KioWare for Windows (nice feature for existing user base).
  2. Super easy/simple attract screen set up.  KioWare has added a new option to make it extremely easy for users to set up an attract screen with multiple images.  Good as Attractor and call to action but also to reduce burn-in on your screen.
  3. EMV support via Credit Call’s Chip DNA.  There are a number of new devices being added, one of which is an EMV ready magstripe device, making it easy for customers to create and configure EMV compliant and certified kiosks using KioWare.  This is the only EMV solution and the savings are substantial when you consider QSA and recertification costs.
  4. HTML keyboards available for more than 50 language locales.

Here is the full press release

Tuesday, October 06, 2015

New KioWare Kiosk Software for Chrome BrowserThe latest version of KioWare for Windows simplifies the kiosk set up process. 

With a new import tool to transition your KioWare Classic configuration file, an easy drag and drop attract screen tool, and other new features and customization options, KioWare for Windows makes it easy to display – and secure –browser-based applications using the Chromium browser engine. 

Analytical Design Solutions Inc. (ADSI) has released an update for the new KioWare for Windows (Version 8.2), focusing on simplifying the configuration process and providing more customization capabilities.  This update is available to existing KioWare for Windows and KioWare Classic for Windows license holders (with current support).

Key new features of KioWare for Windows Version 8.2 include:

A tool to import KioWare Classic for Windows xml files into a usable KioWare for Windows configuration file (JSON).  This feature is a valuable time saver for existing KioWare Classic for Windows users as they transition to the new KioWare for Windows. Import a current configuration file into the tool and out comes a new configuration file for use with KioWare for Windows 8.2.import KioWare Classic config to KioWare for Windows config

A simplified attract screen drop downallows users to drop attract screen assets into a specified folder in order to easily create a custom, auto playing, attract screen via simple drag and drop.

The Configuration Tool layout and design has been modified in order to improve user experience, particularly when used on a touch screen device.

Using the pop up color picker, you can now customize tab colors and background colors to create an end user experience that is fully integrated with your brand, website, or application styles.

New HTML keyboards are now available for more than 50 language locales.

Pop up dialogs can now be customized and styled to create a cohesive experience for end users.

New options have been added to the “open new window” scenario.  By default, KioWare automatically determines if a new url should be opened via new tab or pop up (based on size).  KioWare can be set to open new urls all in new tabs or (new feature) allin new pop up windows.

Users now have the ability to set a timeout warning dialog for users before session restarts due to inactivity.  Called “Show inactivity warning”, the custom text box appears, and can be modified, below the selection.

Newly added to KioWare for Windows, command line install options can be used for unattended/scripted installation.

Users can now import both settings files and package files to KioWare for Windows (previously only package files were supported).

KioWare Basic for Windows and KioWare Full for Windows also offer device support. 

The following new devices have been added.  ChipDNA, already supported in KioWare Classic for Windows, is now supported by new KioWare for Windows.  ChipDNA (1.7) supports a variety of different EMV PINpads and communication protocols for those PINpads.  This addition makes KioWare for Windows a great solution for EMV compliant credit card processing.

Also added is the Code Corp Code Reader™ 1000 (CR1000), a compact, cabled barcode reader that takes up limited workspace.

The Sankyo SHT1610-0730 Dispenser is also now supported. This dispenser handles a variety of card options, allowing for dispensing of cards to end users.

The new KioWare for Windows has one single installer for all models (Lite, Basic, & Full) of the product. Potential and current customers can download KioWare for Windows and determine which model is needed before purchasing the appropriate license.

KioWare for Windows Version 8.2 is available for download and purchase: http://www.KioWare.com/windows.aspx.  Licensing is perpetual and annual support is recommended in order to maintain access to the most recent version of the product.  If you would like to convert your licenses from KioWare Classic for Windows to the new KioWare for Windows, log into your customer account, select a transaction, and click the “transition license(s)” button.

All KioWare kiosk software products secure devices such as tablets, desktops, and smartphones running Android or Windows Operating Systems.  KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.  KioWare Kiosk Management tools (KioCloud, KioWare Server, & KioWare Server ASP) allow for remote kiosk management, usage statistics, reporting, monitoring kiosk health, content management and more.

Read this important article about Flash, Java and the changes to this function in KioWare 8.2.

All of these products are available as a free trial with nag screen.

About KioWare:

KioWare kiosk software secures your application or website on Windows or Android devices, restricting user access to approved behaviors and protecting user and network data.  KioWare is fully customizable and offers solutions ranging from browser lockdown to full server-based kiosk management.  From simple out of the box configurations to more complex integrations, KioWare is trusted by developers, IT professionals, marketers, Fortune 100 corporations, and small business owners. The KioWare team is based in York, Pennsylvania, with an office located in Reading, UK.  Choose the best KioWare product for your self-service project and download a fully functioning free trial at KioWare.com.

Contact:
Laura Miller
KioWare Kiosk Software
Analytical Design Solutions, Inc.
+1 717 843-4790 x220
lmiller@kioware.com
http://www.kioware.com

Test Drive KioWare

KioWare Chrome for Windows

The transition from IE to Chrome is something on the minds of many businesses and our new software simplifies that transition for kiosks. While this may sound like a small piece of the pie, Chrome’s

KioWare For Windows
KioWare For Windows

overwhelming market dominance (50.4% according to Statcounter 7/2015) and the developer preference for Chrome, mean that kiosk software must support applications/websites built for & tested on the Chrome Browser.  [On kioskindustry.org IE browsers are 20% ]

KioWare has been a longtime favorite and  was a welcome sight to see the latest iteration coming with Chrome.  We have loaded and configured KioWare on hundreds of machines so this is perfect opportunity to take it for a test drive!

I loaded KioWare 8.0 on my Ubuntu 14.04 HP machine under Oracle Virtual Box,  I gave it 1.5G of RAM under Win7Pro vm.  I also have “Classic” windows 7.x version on my native Windows test machine to compare with.  KioWare 8 was a 51Mb download and installs quick.  There were no complaints or dependencies to resolve (.Net having been known to cause that).

It is a fast install (perhaps the quickest). Less than 2 minutes.

But let’s get some background on KioWare Windows Chrome and the new features.

Background KioWare Chrome
  • KioWare has been providing secure kiosk software solutions for over 10 years.
  • With users across multiple governments, financial institutions, healthcare facilities, and educational institutions, KioWare serves more than 100 countries and has offices in both the US and the UK.
  • KioWare is kiosk software to lockdown your Windows or Android device. With this new product release, the software now supports the Chrome browser engine and offers various new features to improve usability & allow for a truly custom kiosk interface.
  • Many applications and programs have been built with the Chrome browser engine in mind. Given that, customers have been requesting a kiosk software solution that supports the Chrome Browser. Other improvements are meant to improve the user experience and make deploying multiple kiosks a simple task.

Features of KioWare for Windows Version 8.0 include:

  • Chrome engine
  • A new, updated Config Tool, redesigned UI, and improved configuration options.
  • A simplified keyboard control interface.  Allows for the disabling of keyboard keys that provide access to operating system functionality.
  • An HTML Based toolbar and keyboard. Allows for simple out of the box configuration and the option for advanced, fully customizable HTML design.
  • Built in pop up management access control list to control pop ups and improve browsing experience.
  • Tabbed browsing for improved end user experience.
  • Custom protocols for exiting KioWare. Allows the administrator to have different passwords perform different functions: exit KioWare (ie, normal exit), restart KioWare, shutdown PC, restart PC, exit KioWare and logout of Windows account, navigate to a URL, or execute a program.
  • Updated configuration file that allows for resources (example: graphics used for custom toolbars) to be included in one file for easy deployment across multiple devices.
  • Fully customizable scheduler for an array of actions (sleep display, sleep kiosk, shut down kiosk, rebooting device, restart kiosk)

Old versus New —  let’s see what’s been changed.  The standard Windows version has those screens (and look) that many of us are used to, but they had definite room for improvement.  I think the new screens are nothing short of ideal.  Quantum leap in usability and as we say, time is money.

 

ScreenOldNew
General – Here is the opening screen when you first launch.  I like it better already with clean focus. Added new menu items on the right (and we’ll get to those). General lets you set the start page and exit codes.  KioWare uses 4 corner touch for exit.kioware-generalKioware Chrome General
Keyboard – much easier to see the buttons and check them off as you like.  They used to have a special setting for EZ Keypad but that is likely a special request.Kioware Chrome KeyboardKioWare Chrome Keyboard
Attract — set your attract screens here is easy. Attract screens should be designed to also prevent burn in on screens.  A lot of people used flash (swf files).kioware chrome attractkioware chrome attract
Browser — good setup. I am guessing we could add user agent info so if we browsed to website with a mobile version (there are still a few out there without) then we’d get the mobile version.  Tabbed is great feature.kioware chrome browserkioware chrome browser
Security  – whitelists & managed dialogs.  The managed dialogs come in handy for Windows exceptions.kioware chrome securitykioware chrome security

Ok.  That’s the old screens and how they compare.  I give you all an A+

Now how about these new six screens we get configure with.

 

Here are the new screens

 

User Interface  — I really like the configurable height and width for the virtual keyboard.  LCDs, orientation and resolution vary so much these dayski-user-interface1
Server Configuration — hopefully I can get this signed onto KioWare server and see the monitoring.kioware-server2
Devices — Not much here yet except for the Magtek HID MSR in javascript or form fill mode. That’s standard. Thought maybe I’d see scanners in here.kioware-device3
Schedule — complete set of programmable events, behavior for tasks.kioware-schedule4
Debug — sets the ports and that’s about it.kioware-debug5
License —kioware-license6

Another look at what’s new comes from KioWare


Nice video KioWare!

The latest iteration of KioWare is decidedly next generation and a major step forward.  The only shortcoming at this point is the device support but devices can be easily added and the fact is most times the major use for KioWare is in the protected secure browser mode.  It excels at that purpose.  We’ll follow up with separate article on remote management (which the new Chrome-based KioWare for Windows fully supports).

Great job KioWare!

Chrome Kiosk – KioWare now supports Chrome.

Chrome Kiosk — Just two weeks after initial product release, KioWare has an update that adds support for fully customizable HTML virtual keyboards.  It also allows users to restrict interaction on a second monitor (so the second monitor in a set up can be used as only digital signage, with no ability to interact).

There is another feature that should be compelling to those that want to use YouTube or other, similarly constructed websites.  In short, because of the way that YouTube navigates (and allows for viewing videos without changing the page URL), it can pose a security risk for restricting navigation.  The new version of KioWare for Windows is able to remove that risk and restrict users to only the allowed content, even when that content is part of a pushState or replaceState function (rather than navigating to a new URL).

Since Chrome support is one of the major features of the new product, it is worth mentioning support for Chrome Flags.  Flags tend to be more of a beta Chrome feature, but they allow for modified touchscreen browsing, or accelerated rendering, to improve performance and user experience.

There are also a few bug fixes, of course!

Full release with images below.

PRESS RELEASE AUGUST 12, 2015

We have released an update of the new KioWare for Windows (Version 8.1) software – rebuilt using the Chromium browser engine and supporting the Chrome™ Browser.  This update is available to existing KioWare for Windows license holders (with current support).

 

New KioWare for Windows 8.1 Fully Customizable Virtual Keyboard

The new KioWare for Windows has one single installer for all models (Lite, Basic, & Full) of the product. Potential and current customers can download KioWare for Windows and determine which model is needed before purchasing the appropriate license.  Once licensed, the software can be deployed without additional download or configuration delays.
Features of KioWare for Windows Version 8.1 include:
  • A fully customizable HTML keyboard for complete control over the look and feel of your virtual keyboard
  • Shell Mode & Auto Log in is now integrated into the configuration tool for simple set up
  • New support for Chrome™ Flags
  • Improved exiting options for the non-physical virtual keyboard
  • Virtual keyboard sizing via use of percentages rather than exclusively pixels
  • Ability to disable browser support for JavaScript pushState and replaceState functions as well as an option to force all JavaScript AJAX requests to go through the browsing access control list for permission – Particularly helpful for those using YouTube or other, similarly constructed websites
  • Other various bug fixes & configuration tool simplification
Virtual Keyboard example
Virtual Keyboard example
Virtual Keyboard example
KioWare Basic & KioWare Full for Windows now also allows for secondary monitors to be used as non-interactive displays.  With a new option for disabling secondary monitor interaction, KioWare now allows for your second monitor to be used exclusively as digital signage, if so desired.
KioWare for Windows Version 8.1 is available for download and purchase: http://www.KioWare.com/windows.aspx.  Licensing is perpetual and annual support is recommended in order to maintain access to the most recent version of the product.  If you would like to convert your licenses from KioWare Classic for Windows to the new KioWare for Windows, log into your customer account, select a transaction, and click the “transition license(s)” button.
All KioWare kiosk software products secure devices such as tablets, desktops, and smartphones running Android or Windows Operating Systems.  KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.  KioWare Kiosk Management tools (KioCloud, KioWare Server, & KioWare Server ASP) allow for remote kiosk management, usage statistics, reporting, monitoring kiosk health, content management and more.
All of these products are available as a free trial with nag screen. No credit card required.

 

keyboardcolors5 keyboardcolors4 keyboardcolors3 keyboardcolors2 keyboardcolors

Google Chrome kiosk Vidya Nagarajan

Google chrome kiosk

Configure Chrome devices to power your customer or employee kiosks

Source: www.google.com

Google for Work resource page on developing kiosks using Chrome kiosk. Chromebooks, Chromebox, ChromeBase, Chromebit, and more.  Javascript hooks & functions allow for USB device integrations with Credit Card, Printers, Bar Code Scanners and more. Bluetooth integration provided.

The devices are listed in gallery format. Up to 16 right now including Lenovo, HP, Toshiba, Asus, Acer, Dell and LG.  No ChromeBits listed yet.  Link

Digital signs are supported by Chrome kiosk in a big way.  See https://www.google.com/work/chrome/devices/for-signage/index.html

 

Chrome kiosk useful links

 

 

Kiosk Software – KioWare Europe & UK presence.

 KioWare Kiosk Software for Android and Windows Now Has UK Office Reading, United Kingdom March 16, 2015 – Analytical Design Solutions Inc. (ADSI) dba KioWare, headquartered in York, Pennsylvania, …

Reading, United Kingdom – Analytical Design Solutions Inc. (ADSI) dba KioWare, headquartered in York, Pennsylvania, has a new office location based just outside of London offering sales and service for current and prospective EMEA clients.

Joining the KioWare team & managing the KioWare Europe branch is long time kiosk industry leader & Netshift founder, Nigel Seed.  According to Seed, “KioWare’s expanding reach provides a local presence for EMEA clients interested in KioWare’s reliable & simple lockdown solution.  Of particular value is KioWare’s Android lockdown product line in the face of the growing market for customer facing Android tablets.”

The integration of Netshift’s customer base also highlights KioWare’s commitment to serving EMEA clients.  KioWare will provide Netshift customers with bridging technology to transition to KioWare Kiosk System Software.

Offering UK-based technical support & expertise will be Sascha Markham.  Markham offers many years of experience in developing & designing custom facing websites & applications specifically intended for self-service deployment.  KioWare President Jim Kruper believes, “with the addition of Nigel Seed & Sascha Markham, and the new Reading UK location, KioWare gains regional expertise and a dedicated local presence, highlighting our commitment to supporting KioWare’s valued EMEA clients.”

Clients may continue to reach out to support at +1 717 843 4790 Monday – Friday from 8 am – 6 pm East Coast time or contact International support at +44 (0) 118 976 6404 during the hours of 9 am and 5 pm London time.

All KioWare products can be used to secure mobile devices such as tablets, desktops, and smartphones running Android or Windows Operating Systems.  KioWare kiosk software products lock down your device into kiosk mode, which secures the overall operating system, home screen and usage of applications.  KioWare offers Lite, Basic, & Full products with such features as external device integration, monitoring of kiosk health, kiosk usage statistics  & remote kiosk management.

Press Release on KioWare website — http://www.kioware.com/news.aspx?nid=235

 


 

All KioWare products are available as a free trial with nag screen here.  Existing clients have the ability to upgrade here.  KioWare has been providing OS, desktop, and browser lockdown security for the kiosk and self-service industry since 2001.

KioWare
About KioWare:
KioWare kiosk software secures your application or website on Windows or Android devices, restricting user access to approved behaviors and protecting user and network data.  KioWare is fully customizable and offers solutions ranging from browser lockdown to full server-based kiosk management.  From simple out of the box configurations to more complex integrations, KioWare is trusted by developers, IT professionals, marketers, Fortune 100 corporations, and small business owners. The KioWare team is based in York, Pennsylvania, with an office located in Reading, UK.  Choose the best KioWare product for your self-service project and download a fully functioning free trial at KioWare.com.

Contact:
Laura Miller
KioWare Kiosk Software
Analytical Design Solutions, Inc.
+1 717 843-4790 x220
lmiller@kioware.com
http://www.kioware.com

Kiosk Mode or Assigned Access – what is it?

Kiosk Mode & Assigned Access Mode

Article reprinted from Kioware and author Jim Kruper date Feb 2014

Generally, kiosk mode is usually meant to refer to a particular “mode” that most browsers offer.  “Kiosk Mode” is offered by browser applications (Internet Explorer, Chrome, Firefox etc) to run the application full screen without any browser user interface such as toolbars and menus.  The intent of most people setting up “kiosk mode” is to prevent the user from running anything other than the browser based content in the full screen browser window.

What kind of security does a browser’s Kiosk Mode offer and is it a viable solution for users?  If “Kiosk mode” is meant to create a “Kiosk like environment”, the kiosk mode option on your browser is likely insufficient.

Kiosks tend to be deployed in a self-service environment which means the user of the kiosk is not formally associated with the kiosk.  In short, the user doesn’t own the kiosk and isn’t responsible for the proper functioning of the kiosk.  The user just wants the kiosk to provide a defined service.  This can cause a problem for Kiosk Mode browsers because of the following situations not handled by Kiosk Mode browsers.

Session Management – User Data Security

For most applications, a self-service or public access kiosk needs to clean itself of the current user’s data when the user leaves.  How does the kiosk know a user has left?  The simplest solution is an inactivity timer, but that can be a problem if the kiosk has a queue of users, and the next user steps up and begins using the kiosk before the inactivity timer runs out.  In this case, a proximity switch or security mat is required.  Regardless, when a user’s session is finished the kiosk needs to delete all record of the user.  This means clearing cache, user session data and potentially the print queue.

It is also important for the kiosk to reset to the start page of the application when a user session has ended.  There is nothing more confusing to the next user to see the kiosk at screen #20 of the application.

Full Keyboard Blocking

Sometimes the kiosk deployment uses the standard computer keyboard.  The standard keyboard has a long list of keys that a user should not be able to use.  In a Windows environment, the key combination of Ctrl-Alt-Del can create havoc to a device in a browser kiosk mode state.  In Windows, a sophisticated kiosk owner can change Group Policies to minimize the Ctrl-Alt-Del hazard, but the list of individual keys and key combinations which need to be blocked is extensive. The main issue with Group Policies is that they aren’t intuitive.  Group Policies are difficult to setup properly initially, and can be inadvertently and quickly undone by a future kiosk programmer/staff member.

Application Restart, Memory Management

Kiosks tend to run unattended for long periods of time, and many browser based applications are designed to be run once and then be closed (ex, internet websites).  This means that the application can continue to grab a larger chunk of memory with each run.  This is particularly an issue for a kiosk where the application is being run repeatedly.  At some point enough memory has been used that the operating system starts to suffer and the kiosk stops functioning properly.  The kiosk needs to be smart enough to monitor its own health and when necessary restart the application or even restart the kiosk.  Browser based Kiosk modes do not address this need.

Custom Toolbars

By definition Kiosk Mode removes all of the browser’s toolbars and menus. As such, the application needs to have navigation built-in or a navigation toolbar needs to be displayed.  Forward, Back and Home buttons are a minimum requirement with perhaps a print button and scroll buttons as necessary.

Printers and Other External Devices

For security reasons, it is critical to not show the normal OS print dialog when a user requests a print.  Even more critically for internet content which may have embedded print buttons, the device must properly handle inadvertent print button selection when the kiosk has no printer. This needs to be properly handled or else OS dialogs will be displayed.  This can be both confusing to the user and a serious security risk.

Internet Content, Domain “Allow” Lists

Often a kiosk provides access to a specific website or websites, and it is critical to keep the user on that specific website or websites, or even certain selected pages of that website/websites.  In addition, certain allowed website domains/pages may have links to download files.  These files can be confusing and distracting at best and serious security issues at worst.  As such, file downloading action needs to be blocked.  In addition, there may be links to enable the user to send an email using HTML’s [MailTo] tags.  Clicking this button will attempt to open an email tool which a) likely isn’t installed and will error out (again confusing to the user, potential security issue) or b) if an email tool happens to be installed, then this could almost certainly cause a huge security risk.  The kiosk needs to prevent [MailTo] tags from being clicked.

OS GUI

Windows, in particular, has a bad habit of popping up dialog windows, task bar, charms bar, etc., for a variety of reasons completely unrelated to the application. They are at minimum confusing to a kiosk user and serve as a potential security threat.  The kiosk needs to prevent these items from being displayed to the user.

It is clear that for a majority of self-service applications, browser Kiosk Mode options have limitations that prevent it from being a viable solution.  Moving to a kiosk software solution will provide you with the security that you need.  Using kiosk software solutions, you won’t inadvertently leave open a serious security hole or confusing user experience.   The user experience will benefit while keeping user and company data secure.

Full article and resources page here on KioskIndustry

Thanks to KioWare, Laura Miller and Jim Kruper for the article!

More Useful Links

Text for Easy Shell from thinclient.org which basically describes features of kiosk mode in a thin client or zero client environment using embedded.

HP has announced HP Easy Shell, a Windows-based application that allows HP Thin Client users to control, customize, and protect  their Windows Embedded user experience with intuitive and easy to deploy settings. Designed with simplicity in mind for both end users and admins, HP Easy Shell is the go-to solution for businesses looking to customize their user experiences for Cloud, VDI, single and multi-purpose app environments.

HP Easy Shell provides a more focused user experience without device domain connection requirements or complicated group admin policies. From denying and limiting access to apps and browsers, to fine-tuning the home display and control panels – nearly every security need can be 100% tailored.

Key features of HP Easy Shell:

  • Define user access to websites, single and multi-purpose apps
  • Customize user access to browsers, task manager, and control panels
  • Deploy rapidly across small or mass thin client environments

For more information, please see visit this link.

Whitepaper – Kiosk Mode VMware Horizon with View

Question and answer from VMware community on configuring kiosk mode and thin client.

View Kiosk Mode with Zero Client – Auto login

myvdi (1 posts since Jul 7, 2014) Jul 7, 2014 2:20 PM
We are looking to use a zero client to provide guest internet access and are currently testing various configurations. We currently have a zero client (Wyse D200) setup with View+Kiosk Mode, which works great, with one main issue. We ultimately are looking to deploy ~300 zero clients which will connect to a floating linked clone pool which refresh on log off, however we only want the zero client to connect to the pool when someone is there and not stay connected 100% of the time.

So my question is whether anyone knows how to configure the zero client with Kiosk mode so that a user would have to select ‘connect’ or something user initiated to tell the zero client to connect to the pool, rather than have the zero client atuo-connect when it powers on? We really like the Kiosk mode and using the mac address for negotiation rather than any type of generic user or anything like that, so it would be great if we can make this work.
1. Re: View Kiosk Mode with Zero Client – Auto login
NetManOne (12 posts since Aug 9, 2013) Feb 3, 2015 8:10 PM (in response to myvdi)
i have the same question
we want to deploy Wyse p20 so that users can deploy and run their results on a large common screen ie the output of their VM should display on a the zero client if there are more than one user, it would be handy if each users screen stays up for 20-30 seconds and then it round robins to the next user. if no user, then just display a world clock

any ideas anyone?

Report Abuse Like (0)
2. Re: View Kiosk Mode with Zero Client – Auto login
Hot Shot VMware Employees
Gaurav_Baghla (239 posts since Dec 19, 2012) Feb 5, 2015 1:04 AM (in response to myvdi)
Could you please refer to this if that helps

VMware-View-KioskMode-WP-EN

KioWare Releases New Versions of Kiosk Software

Version 3.4 of KioWare for Android is now available. Also available is Version 7.3.0 of KioWare for Windows. With External Device Support for a plethora of new devices, this latest release of KioWare Kiosk Software Products allows for integration with new payment, printing, and security devices.

Source: www.kioware.com

Disable status bar, Spanish language, and EMV compliance & devices added.

Kiosk Software Basics – Part 2 Kiosk Security

Kiosk Software Basics – Part 2 Kiosk Security

 Welcome to the second article in my series on kiosk softwareRedswimmer development. My goal for this series of articles is to give an overview on the basics of developing kiosk software that’s both a joy for your customers to use and adheres to the guidelines of PCI-Compliance. This is more of a series of general guidelines and tips based on my 7+ years of experience developing and dealing with other people’s kiosk
software not a comprehensive how-to guide. When I use the term “kiosk software” I’m referring to any  software running on a kiosk in a self-service (unattended) environment regardless of the technology  used.

This second article will focus on the security aspects of “hardening” your kiosk software to ensure that your kiosk is always running smoothly and your customer’s information is safe from malicious users.

Prevent the kiosk user from tampering with the Operating System

One malicious user can screw up your entire kiosk experience for all your other customers by tampering with the operating system (OS) or simply by shutting down your kiosk software. Protecting the OS requires that you ensure that your kiosk software is always running and that the user cannot do anything but use your kiosk exactly as intended. There’s many different ways the user can tamper with the OS including but not limited to pressing system hotkeys (i.e. ctrl-alt-del, alt-tab. etc…) or just plain shutting down your kiosk software. Follow along as I elaborate on one of the most challenging aspects of kiosk software development which is securing your kiosk software.

Filter the keyboard

You must block all system hotkeys like ctrl-alt-del, alt-tab, etc… otherwise it will be very easy for users to shutdown your kiosk software and tamper with the OS. This was probably the most difficult challenge we faced across all of our kiosk software projects. To accomplish this we ended up creating a kernel mode keyboard filter driver that can block any undesirable keystrokes. Microsoft has created a great example C++ project here to get you started http://code.msdn.microsoft.com/windowshardware/Kbfiltr-WDF-Version-685ff5c4.

Why must I create a kernel mode driver you ask? Because your kiosk software does not have the authority to block keystrokes like ctrl-alt-del. In order to overcome this limitation there needs to be a “partnership” between your kiosk software and the keyboard filter driver. Here is what a typical use scenario looks like:

    1. The kiosk software provides a way for the kiosk admin to define which keystrokes should be blocked
    2. The kiosk software stores these blocked keystrokes in the registry
    3. The keyboard filer driver checks the registry to see which keystrokes should be blocked and filters them from the keyboard buffer

Run your kiosk software under a Windows limited user account

As a general precaution it makes sense to run your kiosk software under a Windows limited user account NOT AS ADMINISTRATOR. This way it limits the likely hood that your kiosk software will do something naughty and mess with the OS. This may seem like overkill since it’s your kiosk software that’s running but it’s just a good precaution especially when dealing with 3rd party websites or dlls. This is not required but it is a good idea so don’t be lazy and run your kiosk software as Administrator.

Restrict the web browser’s surfing area

Assuming that your kiosk software allows the customer to view web pages you’ll want to restrict the web browser’s “surfing area” so the customer can only view the websites that you intend them to.

The easiest way to do this is by allowing the kiosk admin to define a whitelist in your kiosk software of acceptable URLs. Adding support for regular expressions can make the URL whitelist much more powerful. You’ll also want to make sure to configure the appropriate settings in the web browser to ensure that users cannot do things like download files or run ActiveX controls. Internet Explorer and other web browsers have built in support for “crippling” the web browser so check these out.

Block pop-up dialogs from 3rd party software

When most people think of pop-up windows they think of web browser popups. I’m actually referring to dialog windows that popup up from 3rd party software (i.e. it is time to update software X).  Dialog windows can interrupt the operation of your kiosk software or worse allow the user to perform operations that could compromise the security of your kiosk (i.e. launching explorer, task manager, etc).   In short your kiosk software should act as a police officer and shutdown all pop-up dialogs from 3rd party software running on your kiosk.

Summary

Securing your kiosk software is probably one of the most daunting tasks for beginners but is absolutely necessary in order to ensure that your kiosk software is always running smoothly and that your customer’s information is protected. Securing your kiosk requires getting out of the comfort zone of your own kiosk software and creating a partnership between your kiosk software and kernel mode drivers, Windows services, etc… If writing kernel mode drivers in C++ is not for you then please check out an off-the-shelf kiosk lockdown solution like our product KioskSimple (www.KioskSimple.com). This way you can focus on developing your kiosk software and leave the security of your kiosk to us.

The next article in my series will focus on PCI-Compliance and accepting payments from your kiosk software. Please follow me on Facebook at facebook.com/kiosksimple or Twitter @kiosksimple

iPad Kiosk Ergonomics

iPad Kiosk Ergonomics and what is a tall user versus a short user is addressed in reprinted blog entry from Lilitab

iPad Kiosk Ergonomics Explained

VMware and Kiosk Mode

Self-service kiosks can be used in many different situations,

Kiosk Mode VMware
Kiosk Mode VMware

such as healthcare, hospitality, and education. For
example, a majority of patients claim that the most challenging part of a hospital or doctor visit isn’t the visit
itself—it’s the check-in process. A kiosk station can help simplify the patient experience by allowing them to
update their personal information, order prescription refills, and pay their balances without having to wait in line.
Application-specific peripherals such as proximity card readers, biometric identification, insurance card
scanners, privacy screens, and payment transaction devices streamline patient and work flow, improve financial
performance, ensure HIPAA privacy compliance, and provide patients with dramatically improved service.
Eliminating paper forms means the information does not have to be re-entered, increasing accuracy and reducing
administrative overhead.
VMware View 4.5 and above supports the “hidden” Kiosk Mode, which transparently connects the locked-down
endpoint or thin client directly to a remote desktop session. Users do not need to specifically launch a VMware
View Client. All configuration and provisioning is executed in background. The user is presented with a familiar
interface—a dedicated kiosk application running on a virtual desktop session. VMware View implements any
additional authentication mechanisms that are required for secure transactions, while securing the physical
network against tampering and snooping. All devices connected to the network are trusted. For example,
automatic USB device redirection and connection can be enabled to allow secure connectivity for allowable
local devices.

VMware-View-KioskMode-WP-EN