Answered

At Westonci.ca, we make it easy to get the answers you need from a community of informed and experienced contributors. Explore our Q&A platform to find in-depth answers from a wide range of experts in different fields. Get detailed and accurate answers to your questions from a dedicated community of experts on our Q&A platform.

Buddys machine shop has a kiosk computer located in the lobby for customers to use. The kiosk computer has recently been updated to Windows 10 from Windows 7 and is not part of a domain. The local computer policy created for Windows 7 has been applied to Windows 10. This policy severely restricts the use of the computer, so that customers can only use the web browser.
Occasionally, an administrator needs to sign in to the kiosk computer to perform maintenance and update software. However, this is awkward because the administrator needs to disable settings in local policy be performing any task. Then, when the tasks are complete, the administrator needs to re-enable the settings in the local policy. Explain how this system can be improved upon.

Sagot :

Talanat
If your PC's are in an Active Directory domain, you can leverage Active Directory Group Policies to deploy the appropriate settings. Be sure to include the below settings in your Group Policy for the user accounts and workstations that will be running as a Kiosk. After creating this Group Policy, you can test by running gpupdate /force and then restarting the PC.

User Configuration
Administrative Templates
Start Menu and Taskbar
Change Start Menu power button (enabled) - set to "Lock" (I know this sounds weird, but Windows 7 won't completely disable Logoff if the Start Menu power button is defaulting to the Logoff action).
Remove Logoff on the Start Menu (enabled)
Remove and prevent access to the Shut Down, Restart, Sleep and Hibernate commands (enabled)
System
Ctrl+Alt+Del Options
Remove Lock Computer (enabled)
Remove Logoff (enabled)
Computer Configuration
Administrative Templates
System
Logon
Hide entry points for Fast User Switching (enabled)
For Windows PCs not in a Domain Environment

If your PC's are not in an Active Directory domain, then you'll need to make the below changes manually at each Kiosk PC. Note that you may be able to automate the changes via the use of operating system imaging tools and local mandatory user profiles - leave a comment below if you have interest in those steps.

Login at each Kiosk PC using a user account that will ultimately be used to run the Kiosk desktop applications.
Launch the Windows Registry Editor (REGEDIT.EXE) and make the following changes to the registry (note that you may need to temporarily grant local Administrative access to your Kiosk user account to do this if it is already in a very locked down state)
HKEY_CURRENT_USER
SOFTWARE
Microsoft
Windows
CurrentVersion
Policies
Explorer
We appreciate your time. Please come back anytime for the latest information and answers to your questions. Thanks for stopping by. We strive to provide the best answers for all your questions. See you again soon. Thank you for visiting Westonci.ca, your go-to source for reliable answers. Come back soon for more expert insights.