Getty Images


Setting up Windows 11 kiosk mode with 4 different methods

Windows 11 kiosk mode offers improvements over previous versions for desktop admins. IT should learn these four methods and choose the best deployment for their organization.

Many organizations across various sectors use kiosk devices, but they are sometimes challenging to set up.

Healthcare organizations, for example, use kiosks as part of their check-in process to confirm personal data and collect payments, while retail organizations may use them as point-of-sale devices. Kiosks also became popular in restaurants and carry-outs during the pandemic to order food.

Organizations that want to deploy kiosk devices have several endpoint options from which to choose, including Android tablets, iPads and Windows devices.

4 methods for deploying Windows 11 kiosks

Windows 10 was the first OS to support Kiosk mode natively, so IT pros can lock down the OS and only allow users to use one or a few applications on any Windows 10 device. Organizations should still feel free to set up and deploy Windows 10 kiosks, especially with older devices, as it's still quite capable for kiosk deployments.

Here are four distinct methods IT professionals can use when setting up Windows 11 kiosk mode.

Setting up Windows 11 kiosk mode from the machine's local settings

Kiosk mode in Windows 11, or Assigned Access, requires Windows 11 Pro. IT should only choose this option if they plan to set up one or two Windows 11 devices in kiosk mode, as manually setting up multiple kiosks can be time-consuming and prone to human error.

When setting up a kiosk in Windows 11, a desktop admin is also creating a kiosk user account. They must turn kiosk mode on by going into Accounts under the desktop settings. Then, the desktop admin must choose Set up a Kiosk from the Other Users option. Next, the admin must click Get started. Then they must enter a name for the new account. There's also an option to use a local standard user account already on the device.

Screenshot of the Accounts > Other Users pane on Windows 11.
Figure 1. IT can configure which app or apps the kiosk can access in the desktop window.

The desktop admin must next choose the app to run when the kiosk account signs in. They can only select apps that run above the lock screen, as shown in the list of available apps. Here are some guidelines for choosing an app for a kiosk:

  • Windows apps must be provisioned or installed for the assigned access account before a Windows admin can select them as the assigned access app.
  • Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app requiring the Desktop Admin to update the assigned access settings to launch the updated app.
  • Apps that the IT department generated using the Desktop App Converter (Desktop Bridge) can't be used as kiosk apps.

Once the admin selects an app, the desktop admin must choose Close.

Setting up Windows 11 kiosk mode with Windows PowerShell

The next option IT admins can choose to set up and configure kiosk mode on Windows 11 is the PowerShell cmdlets method. PowerShell cmdlets are lightweight commands for use in the Windows PowerShell environment. This method provides a flexible, scripted and repeatable approach to configure and deploy kiosk devices.

PowerShell kiosk cmdlets
Figure 2. PowerShell cmdlets IT needs to deploy kiosk mode.

IT admins must sign into the kiosk as an administrator, then create a user account for Assigned Access. After the admin signs in as the Assigned User account, they can install the Universal Windows apps that meet the assigned access/above the lock guidelines. When the installation is complete, they sign out of Assigned User account and back in as an administrator.

The PowerShell approach is especially effective for organizations that need to deploy several types of devices. Figure 2 shows some of the cmdlets that IT must use during the setup.

Removing Assigned Access with PowerShell requires running the following cmdlet: Clear-AssignedAccess.

Use the kiosk wizard in Windows Configuration Designer

Microsoft offers another way to manage and configure Windows devices without having to create a base image for them: the Windows Configuration Designer application, available for free from the Microsoft Store. IT admins can more easily define a kiosk configuration with the app and deploy it to any managed device because the app's kiosk wizard is user-friendly.

However, it's important to note that only one instance of Windows Configuration Designer can run on a computer at a time. And while it can open multiple projects, it can build only one project at a time.

Deploy kiosk settings from an MDM platform or Microsoft Intune

Another method is to use mobile device management (MDM) tools to deploy and manage kiosk devices. This option works well for organizations with many kiosks in different physical locations, such as retail stores or restaurants, that require centralized IT management.

Platforms such as VMware Workspace ONE UEM and Microsoft Intune provide MDM capabilities that allow desktop admins to set up Windows 11 kiosk mode to manage devices remotely. These remote commands include the ability to lock some elements of Windows 11, turning these devices into kiosks.

These tools can proactively alert IT when device problems require attention relating to storage, CPU usage, system errors or going offline. Using an MDM for remote kiosk management also helps IT ensure the kiosk devices receive the security patches and OS updates they need to remain secure and compliant.

Dig Deeper on Desktop management

Virtual Desktop