Many organizations across various sectors use kiosk devices, but they are sometimes challenging to set up.
Healthcare organizations, for example, use kiosks as part of their check-in process to confirm personal data and collect payments, while retail organizations may use them as point-of-sale devices. Kiosks also became popular in restaurants and carry-outs during the pandemic to order food.
Organizations that want to deploy kiosk devices have several endpoint options from which to choose, including Android tablets, iPads and Windows devices.
4 methods for deploying Windows 11 kiosks
Windows 10 was the first OS to support Kiosk mode natively, so IT pros can lock down the OS and only allow users to use one or a few applications on any Windows 10 device. Organizations should still feel free to set up and deploy Windows 10 kiosks, especially with older devices, as it's still quite capable for kiosk deployments.
Here are four distinct methods IT professionals can use when setting up Windows 11 kiosk mode.
Setting up Windows 11 kiosk mode from the machine's local settings
Kiosk mode in Windows 11, or Assigned Access, requires Windows 11 Pro. IT should only choose this option if they plan to set up one or two Windows 11 devices in kiosk mode, as manually setting up multiple kiosks can be time-consuming and prone to human error.
When setting up a kiosk in Windows 11, a desktop admin is also creating a kiosk user account. They must turn kiosk mode on by going into Accounts under the desktop settings. Then, the desktop admin must choose Set up a Kiosk from the Other Users option. Next, the admin must click Get started. Then they must enter a name for the new account. There's also an option to use a local standard user account already on the device.
The desktop admin must next choose the app to run when the kiosk account signs in. They can only select apps that run above the lock screen, as shown in the list of available apps. Here are some guidelines for choosing an app for a kiosk:
- Windows apps must be provisioned or installed for the assigned access account before a Windows admin can select them as the assigned access app.
- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app requiring the Desktop Admin to update the assigned access settings to launch the updated app.
- Apps that the IT department generated using the Desktop App Converter (Desktop Bridge) can't be used as kiosk apps.
Once the admin selects an app, the desktop admin must choose Close.
Setting up Windows 11 kiosk mode with Windows PowerShell
The next option IT admins can choose to set up and configure kiosk mode on Windows 11 is the PowerShell cmdlets method. PowerShell cmdlets are lightweight commands for use in the Windows PowerShell environment. This method provides a flexible, scripted and repeatable approach to configure and deploy kiosk devices.
IT admins must sign into the kiosk as an administrator, then create a user account for Assigned Access. After the admin signs in as the Assigned User account, they can install the Universal Windows apps that meet the assigned access/above the lock guidelines. When the installation is complete, they sign out of Assigned User account and back in as an administrator.
The PowerShell approach is especially effective for organizations that need to deploy several types of devices. Figure 2 shows some of the cmdlets that IT must use during the setup.
Removing Assigned Access with PowerShell requires running the following cmdlet: Clear-AssignedAccess.
Use the kiosk wizard in Windows Configuration Designer
Microsoft offers another way to manage and configure Windows devices without having to create a base image for them: the Windows Configuration Designer application, available for free from the Microsoft Store. IT admins can more easily define a kiosk configuration with the app and deploy it to any managed device because the app's kiosk wizard is user-friendly.
However, it's important to note that only one instance of Windows Configuration Designer can run on a computer at a time. And while it can open multiple projects, it can build only one project at a time.
Deploy kiosk settings from an MDM platform or Microsoft Intune
Another method is to use mobile device management (MDM) tools to deploy and manage kiosk devices. This option works well for organizations with many kiosks in different physical locations, such as retail stores or restaurants, that require centralized IT management.
Platforms such as VMware Workspace ONE UEM and Microsoft Intune provide MDM capabilities that allow desktop admins to set up Windows 11 kiosk mode to manage devices remotely. These remote commands include the ability to lock some elements of Windows 11, turning these devices into kiosks.
These tools can proactively alert IT when device problems require attention relating to storage, CPU usage, system errors or going offline. Using an MDM for remote kiosk management also helps IT ensure the kiosk devices receive the security patches and OS updates they need to remain secure and compliant.