win10 使用PowerShell 設置單應用kiosk模式
注意事項
- win10 家庭版或企業版。
- 下載安裝Autologon.exe。
- Shell 啟動器 v1調用的應用程序不可有黑窗(類似cmd)。
- 以下示例采用賬號:
- 賬戶:'KIOSK'
- 密碼:'KIOSK'
設置步驟
新建用戶
1.進入windows設置->賬戶->其他用戶,點擊'將其他人添加到這台電腦';
2.右鍵用戶,點擊新用戶,如圖下操作:
下載並執行Autologon.exe:自動輸入 Windows 登錄用戶密碼
- 開啟功能:輸入正確賬號和密碼后,點擊圖片'Enable'。
- 關閉功能:輸入正確賬號后,點擊圖片‘Disable’。
使用 PowerShell 配置自定義 shell
新建文件'kiosk.ps1'(文件名隨意)
'kiosk.ps1'文件內容
1. 文件內部關於'KIOSK'的地方都要修改成你新建用戶的名稱。
2. 文件內部'$ShellLauncherClass.SetCustomShell'第二個參數為調用程序的路徑。
3. 文件最后有3段代表'開啟','刪除','禁用',需要使用其中一個功能的時候,一定要注釋其他兩段,如下。 
1 # Check if shell launcher license is enabled 2 function Check-ShellLauncherLicenseEnabled 3 { 4 [string]$source = @" 5 using System; 6 using System.Runtime.InteropServices; 7 8 static class CheckShellLauncherLicense 9 { 10 const int S_OK = 0; 11 12 public static bool IsShellLauncherLicenseEnabled() 13 { 14 int enabled = 0; 15 16 if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) { 17 enabled = 0; 18 } 19 20 return (enabled != 0); 21 } 22 23 static class NativeMethods 24 { 25 [DllImport("Slc.dll")] 26 internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value); 27 } 28 29 } 30 "@ 31 32 $type = Add-Type -TypeDefinition $source -PassThru 33 34 return $type[0]::IsShellLauncherLicenseEnabled() 35 } 36 37 [bool]$result = $false 38 39 $result = Check-ShellLauncherLicenseEnabled 40 "`nShell Launcher license enabled is set to " + $result 41 if (-not($result)) 42 { 43 "`nThis device doesn't have required license to use Shell Launcher" 44 exit 45 } 46 47 $COMPUTER = "localhost" 48 $NAMESPACE = "root\standardcimv2\embedded" 49 50 # Create a handle to the class instance so we can call the static methods. 51 try { 52 $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting" 53 } catch [Exception] { 54 write-host $_.Exception.Message; 55 write-host "Make sure Shell Launcher feature is enabled" 56 exit 57 } 58 59 60 # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group. 61 62 $Admins_SID = "S-1-5-32-544" 63 64 # Create a function to retrieve the SID for a user account on a machine. 65 66 function Get-UsernameSID($AccountName) { 67 68 $NTUserObject = New-Object System.Security.Principal.NTAccount($AccountName) 69 $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier]) 70 71 return $NTUserSID.Value 72 73 } 74 75 # Get the SID for a user account named "KIOSK". Rename "KIOSK" to an existing account on your system to test this script. 76 77 $KIOSK_SID = Get-UsernameSID("KIOSK") 78 79 # Define actions to take when the shell program exits. 80 81 $restart_shell = 0 82 $restart_device = 1 83 $shutdown_device = 2 84 85 # Examples. You can change these examples to use the program that you want to use as the shell. 86 87 # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. 88 89 $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) 90 91 # Display the default shell to verify that it was added correctly. 92 93 $DefaultShellObject = $ShellLauncherClass.GetDefaultShell() 94 95 "`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $DefaultShellObject.defaultaction 96 97 # Set Internet Explorer as the shell for "KIOSK", and restart the machine if Internet Explorer is closed. 98 99 $ShellLauncherClass.SetCustomShell($KIOSK_SID, "c:\program files\internet explorer\iexplore.exe www.microsoft.com", ($null), ($null), $restart_shell) 100 101 # Set Explorer as the shell for administrators. 102 103 $ShellLauncherClass.SetCustomShell($Admins_SID, "explorer.exe") 104 105 # View all the custom shells defined. 106 107 "`nCurrent settings for custom shells:" 108 Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting | Select Sid, Shell, DefaultAction 109 110 # Enable Shell Launcher 111 112 $ShellLauncherClass.SetEnabled($TRUE) 113 114 $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() 115 116 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled 117 118 # Remove the new custom shells. 119 120 #$ShellLauncherClass.RemoveCustomShell($Admins_SID) 121 122 #$ShellLauncherClass.RemoveCustomShell($KIOSK_SID) 123 124 # Disable Shell Launcher 125 126 #$ShellLauncherClass.SetEnabled($FALSE) 127 128 #$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled() 129 130 #"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
管理員權限執行.ps1文件
編程好.ps1文件,使用管理員權限在'powerShell'上執行該文件,顯示如下結果表示成功。
用戶SID查詢
powerShell執行'wmic useraccount get name,sid'即可,如下。 
重啟開機
重啟開機后,黑屏,只顯示唯一調用的程序界面。相關連接
- https://docs.microsoft.com/zh-cn/windows/configuration/kiosk-shelllauncher
- https://stackoverflow.com/questions/33364908/how-to-run-an-application-as-shell-replacement-on-windows-10-enterprise
- https://github.com/microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleConfigXmls/README.md