Windows 7 – It LockDown for Kiosks

The Perfect Kiosk Platform

Windows 7 is a mainframe operating environment for running kiosk or single-purpose applications such as POS or multimedia systems. Its ability to accommodate any program from a variety of development environments makes it an ideal platform. Adobe Flash, Silverlight, Java, Microsoft.Net, and HTML are just a few of the development languages ​​available for building an interactive and single-purpose rich kiosk of applications that run on Windows 7. Additionally, there are several Windows 7 variants available to run your application from cheap (Windows Home Premium), to fully functional (Windows Enterprise). The Windows version chosen will depend on the functionality needed for your application and your budget.

There is another version of Windows 7 called Windows 7 Embedded. Windows 7 Embedded offers full OS customizations, is lightweight, and is primarily for single-purpose application use. It’s stripped-down Windows with no value-added services or applications. You add to this what you need for your application. This seems perfect for kiosk and single-purpose implementations, however, a high degree of IT skill is required to implement it and it is expensive unless a high volume of licenses is purchased. Also, Microsoft only makes it available to OEM hardware vendors.

Lock Down Windows 7 with Inteset Secure Lockdown

One advantage of using Windows 7 Embedded is stripped of its out-of-the-box operation. Conversely, retail versions of Windows 7 are loaded with OS enhancing applications, utilities, and services. In this case, if a retail version of Windows 7 is used for kiosk implementation, it is very important to optimize it and lock it down so that users do not have access to unwanted features and operations. This can be accomplished in several ways. One is through the Windows 7 Group Policy Editor. However, this utility is designed for large enterprises that need to control employee access to operating system functions and not so much for kiosk implementations. Additionally, the Group Policy Editor does not

A cheap, flexible, yet simple alternative to Windows 7 Embedded or the Group Policy Editor is available through the use of a utility called Secure Lockdown v2 by Inteset, LLC (1). Secure Lockdown works on any version of Windows 7. This utility creates an integrated virtual environment that allows your master application to be the only one accessible by the end-user. It removes access to Windows 7 Desktop environment and unwanted keystrokes and runs them on your master application exclusively. It can be enabled by simply applying a few configuration settings and checking the Enable option.

Optimizing Windows 7 for your application

Before enabling Secure Lock, it first makes sense to optimize the operating system environment for use with your kiosk application. Preparing a retail version of Windows 7 with Lockdown Secure is the reverse of preparing a Windows 7 Embedded environment. Instead of adding functionality, getting rid of superfluous Windows programs and services. Windows 7 makes this easy to do with its Windows features and service tools. Note that removing Windows features does not optimize disk space. It just removes the apps from being accessible. However, many applications are only free services that will be removed which increases system startup speeds and increases memory availability. Removing services will increase boot times and memory significantly depending on which services and how many are removed. Scan the ones where the startup type is automatic and disable the ones you don’t need.

Some other recommendations to improve the performance and usability of your application by using a secure Lockdown kiosk are:

Use a solid-state drive (SSD) for the OS. A 32GB solid-state drive exclusively used for OS partition is relatively inexpensive and improves overall system performance significantly over its SATA drive counterpart.

Disable the Windows System Restore feature. This is an unnecessary feature and will save disk space if disabled. Set Windows Sleep, Power, and Screen Saver settings according to your environment. Remove the Microsoft logo from the boot sequence. This can be accomplished by editing the “No Graphical Boot” option under the Boot tab using the MSConfig Windows snap-in tool. Customize Windows 7 Welcome/Login screen with your company or product logo. be accomplished using a Windows registry tweak (2). Customize the Windows wallpaper with your company or product logo.

Once you have prepared and tested the system with your kiosk application, it is wise to make an operating system backup image using tools such as Norton Ghost or Acronis TrueImage. Additionally, creating an image will also easily allow you to port your installation to other machines that use the same hardware.

Now you have Windows 7 optimized for your kiosk application. As the last step, activate Inteset v2 Secure Lockdown and your system will be ready for the masses.