win10 使用PowerShell 设置单应用kiosk模式

win10 使用PowerShell 设置单应用kiosk模式

win10 家版或企业版PowerShellshell 启动器 v1Autologon.exe

注意事项

• win10 家庭版或企业版。
• 下载安装Autologon.exe。
• Shell 启动器 v1调用的应用程序不可有黑窗(类似cmd)。
• 以下示例采用账号：
  - 账户：'KIOSK'
  - 密码：'KIOSK'

设置步骤

新建用户

1.进入windows设置->账户->其他用户，点击'将其他人添加到这台电脑'；

2.右键用户，点击新用户,如图下操作：

下载并执行Autologon.exe：自动输入 Windows 登录用户密码

  

1. 开启功能：输入正确账号和密码后，点击图片'Enable'。
2. 关闭功能：输入正确账号后，点击图片‘Disable’。

使用 PowerShell 配置自定义 shell

新建文件'kiosk.ps1'(文件名随意)

'kiosk.ps1'文件内容

1. 文件内部关于'KIOSK'的地方都要修改成你新建用户的名称。
2. 文件内部'$ShellLauncherClass.SetCustomShell'第二个参数为调用程序的路径。
3. 文件最后有3段代表'开启'，'删除'，'禁用'，需要使用其中一个功能的时候，一定要注释其他两段，如下。

 

  1 # Check if shell launcher license is enabled
  2 function Check-ShellLauncherLicenseEnabled
  3 {
  4     [string]$source = @"
  5 using System;
  6 using System.Runtime.InteropServices;
  7 
  8 static class CheckShellLauncherLicense
  9 {
 10     const int S_OK = 0;
 11 
 12     public static bool IsShellLauncherLicenseEnabled()
 13     {
 14         int enabled = 0;
 15 
 16         if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
 17             enabled = 0;
 18         }
 19         
 20         return (enabled != 0);
 21     }
 22 
 23     static class NativeMethods
 24     {
 25         [DllImport("Slc.dll")]
 26         internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
 27     }
 28 
 29 }
 30 "@
 31 
 32     $type = Add-Type -TypeDefinition $source -PassThru
 33 
 34     return $type[0]::IsShellLauncherLicenseEnabled()
 35 }
 36 
 37 [bool]$result = $false
 38 
 39 $result = Check-ShellLauncherLicenseEnabled
 40 "`nShell Launcher license enabled is set to " + $result
 41 if (-not($result))
 42 {
 43     "`nThis device doesn't have required license to use Shell Launcher"
 44     exit
 45 }
 46 
 47 $COMPUTER = "localhost"
 48 $NAMESPACE = "root\standardcimv2\embedded"
 49 
 50 # Create a handle to the class instance so we can call the static methods.
 51 try {
 52     $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
 53     } catch [Exception] {
 54     write-host $_.Exception.Message; 
 55     write-host "Make sure Shell Launcher feature is enabled"
 56     exit
 57     }
 58 
 59 
 60 # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
 61 
 62 $Admins_SID = "S-1-5-32-544"
 63 
 64 # Create a function to retrieve the SID for a user account on a machine.
 65 
 66 function Get-UsernameSID($AccountName) {
 67 
 68     $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName)
 69     $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
 70 
 71     return $NTUserSID.Value
 72     
 73 }
 74 
 75 # Get the SID for a user account named "KIOSK". Rename "KIOSK" to an existing account on your system to test this script.
 76 
 77 $KIOSK_SID = Get-UsernameSID("KIOSK")
 78 
 79 # Define actions to take when the shell program exits.
 80 
 81 $restart_shell = 0
 82 $restart_device = 1
 83 $shutdown_device = 2
 84 
 85 # Examples. You can change these examples to use the program that you want to use as the shell.
 86 
 87 # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. 
 88 
 89 $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
 90 
 91 # Display the default shell to verify that it was added correctly.
 92 
 93 $DefaultShellObject = $ShellLauncherClass.GetDefaultShell()
 94 
 95 "`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction
 96 
 97 # Set Internet Explorer as the shell for "KIOSK", and restart the machine if Internet Explorer is closed.
 98 
 99 $ShellLauncherClass.SetCustomShell($KIOSK_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell)
100 
101 # Set Explorer as the shell for administrators.
102 
103 $ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe")
104 
105 # View all the custom shells defined.
106 
107 "`nCurrent settings for custom shells:"
108 Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction
109 
110 # Enable Shell Launcher
111 
112 $ShellLauncherClass.SetEnabled($TRUE)
113 
114 $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
115 
116 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
117 
118 # Remove the new custom shells.
119 
120 #$ShellLauncherClass.RemoveCustomShell($Admins_SID)
121 
122 #$ShellLauncherClass.RemoveCustomShell($KIOSK_SID)
123 
124 # Disable Shell Launcher
125 
126 #$ShellLauncherClass.SetEnabled($FALSE)
127 
128 #$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
129 
130 #"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled

管理员权限执行.ps1文件

编程好.ps1文件，使用管理员权限在'powerShell'上执行该文件，显示如下结果表示成功。

 

用户SID查询

powerShell执行'wmic useraccount get name,sid'即可，如下。

 

重启开机

重启开机后，黑屏，只显示唯一调用的程序界面。

相关连接

• https://docs.microsoft.com/zh-cn/windows/configuration/kiosk-shelllauncher
• https://stackoverflow.com/questions/33364908/how-to-run-an-application-as-shell-replacement-on-windows-10-enterprise
• https://github.com/microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleConfigXmls/README.md