Windows Kiosk Mode File
<?xml version="1.0" encoding="utf-8"?> <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"> <Profiles> <Profile Id="MultiAppKiosk"> <AllAppsList> <AllowedApps> <App DesktopAppPath="C:\Program Files\MyApp\app.exe" /> <UWP AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" /> </AllowedApps> </AllAppsList> <StartLayout> <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="..." ...>]]> </StartLayout> </Profile> </Profiles> <Configs> <Config> <Account>kioskuser@domain.com</Account> <DefaultProfile>MultiAppKiosk</DefaultProfile> </Config> </Configs> </AssignedAccessConfiguration> Apply with PowerShell (local):
Choose the app to run at login. If your app is not listed, install it first.
start msedge --kiosk https://your-website.com --edge-kiosk-type=fullscreen --kiosk-idle-timeout-minutes=1 windows kiosk mode
Click Close – Windows auto-creates the local account.
What is Windows Kiosk Mode? Windows Kiosk Mode (officially Assigned Access ) locks a Windows device to run only one specific app or a restricted set of apps. It is designed for public-facing scenarios (e.g., information displays, self-service check-in) or single-purpose corporate devices (e.g., warehouse scanner, time clock). What is Windows Kiosk Mode
$EdgeArgs = "--kiosk https://portal.yourcompany.com --kiosk-idle-timeout-minutes=2 --edge-kiosk-type=fullscreen" Start-Process -FilePath "msedge.exe" -ArgumentList $EdgeArgs Place this script in the kiosk account’s Startup folder. Ctrl + Alt + Del → Sign out (or Alt + F4 if allowed). Method 4: Using Microsoft Intune (for enterprise fleets) If you manage many kiosks (e.g., retail stores, hospital check-ins), Intune is best.
Get-WmiObject -Class Win32_UserProfile | Where-Object $_.LocalPath -like "*kioskuser" | Remove-WmiObject Set-AssignedAccess -Remove Need single, locked-down full-screen app? → Yes → Single-app kiosk (Settings) → No, need multiple apps? → Windows Enterprise? → Yes → Multi-app kiosk via XML + Intune → No → Upgrade edition or use Edge kiosk as workaround For most simple public kiosks, Method 1 (single-app) is enough. For corporate fleets, use Method 4 (Intune) to manage updates, policies, and multiple devices at scale. $EdgeArgs = "--kiosk https://portal
Test: Sign out and sign in as the kiosk account. The chosen app launches full-screen. To exit kiosk mode temporarily: Press Ctrl + Alt + Del → Sign out (requires admin password to return to desktop). Method 2: Multi-App Kiosk (via XML + PowerShell / Intune) More complex but flexible. Requires Windows Enterprise/Education.
