Note: This article was originally published on an old version of my blog back in November 2014. I have reposted it here as back then a couple of people contacted me seeking further information as I never got around to adding screenshots. Well here it is again with them included.
I have recently been developing a Windows 8.1 application to be used in Kiosk Mode or Assigned Access Mode.
this was to be run on a domain joined workstation and to auto login
with a generic domain account I looked into whether the app could be run
as a Custom User Interface set via Group Policy.
Sadly this wasn't possible as you cannot run a Windows 8.1 app directly as it isn't a win32 application.
then tried to see that if I set a protocol in the application package
manifest. This also turned out to be a non starter as even though the
protcol worked a treat when logged into windows normally it could be run
as a Custom User Interface directly or if launched by using cmd start
(which again works if logged in normally to windows).
It was now
time to try and see how Assigned Access works, so i installed the app
under a local user account and logged out. Then under my administrator
account I set this local account up for assigned access.
did this I had Process Monitor running so i could see exactly what was
being changed registry and file wise for Assigned Access.
appears that it changes settings for Windows Embedded registry entries
and also create some files under the Windows -> Embedded directory.
fig 1. Process Monitor
These entries relate to the SID of the local account....interesting.
gathered the SID of the generic domain account we want the application
to run as from the profilelist in the registry and then changed the
directory name and the registry entry which had the local user account SID .
fig 2. Directory Name
fig 3. Registry Entry
So, with my fingers crossed I logged into the machine with
the generic domain account and hey presto, my windows 8.1 application
launched as an Assigned Access App/Kiosk Mode.
Now although this
worked for me in this instance I have not tried it on a fresh machine
where I haven't done any other tinkering, I think that will be my job
for tomorrow to put this little hack to the test.
I hope this
helps some of you out who I have seen posting in forums etc asking how
this could be done as Microsoft state that it isn't possible.
Give it a go and let me know how you get on.