And now for the long awaited conclusion to the epic story of setting up the Wyse Xenith 2 as an information kiosk. Reasons for the long delay between segments range from "really busy with end/beginning of semester stuff" to "couldn't be asked".
So today we'll be going over setting up of the web browser (chrome) in kiosk mode, getting everything to start automatically through logon scripts, and preventing users from accessing unauthorized websites.
Setting up Chrome in Kiosk Mode
This is actually really easy. Simple run from the command line (or append to the end of a shortcut command) <pathtochrome>/chrome.exe --kiosk. This will start chrome in kiosk mode, which will give user no access to the URL bar or any chrome settings. The key redirection we set up previously will insure users are unable to escape from the chrome window, or access any chrome console/debug windows/etc.
At this point you'll also want to set the homepage to whatever information page you want users to see first.
I choose chrome because it's easy to setup for a kiosk and some of the other extensions will be useful for website blocking. If you want to use another browser you may be able to find extensions/plugins to make it work.
Logon Scripts
The next thing we need to do is make sure everything starts when the user logs in. Having an auto-login thin client is pointless if you have to go start all of the software manually.
There's a few different ways you could handle this, and they way I did it is almost surely not the most efficient. The issue I ran into trying to combine everything into one script is that windows would not execute both commands simultaneously. It would run the chrome launch command, then wait for chrome to exit before running the auto hot key command. So here's what I did.
In group policy under users>policies>windows settings>scripts>logon create two separate scripts. One will be to run chrome, the other to start autohotkey with the appropriate script. They will look something like this
program: c:\windows\system32\cmd.exe
parameters: /C
"\\this.is.my.domain\SysVol\this.is.my.domain\Policies\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}\User\Scripts\Logon\launchchrome.bat"
program: c:\windows\system32\cmd.exe
parameters: /C "\\this.is.my.domain\SysVol\this.is.my.domain\Policies\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}\User\Scripts\Logon\launchAHK.bat"
The contents of the batch file will look something like this:
LaunchAHK.bat
"C:\Program Files\AutoHotkey\AutoHotkey.exe" "\\this.is.my.domain\SysVol\this.is.my.domain\Policies\{AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA}\User\Scripts\Logon\DisableKeys.ahk"
Launchchrome.bat
"C:\Program Files\Google\Chrome\Application\chrome.exe" --kiosk
Blocking users access to other websites
The easiest way to handle this is to craft a special web page for the kiosk that doesn't have links to any external sites. Because kiosk mode keeps people from accessing the URL/search bar, this will effectively block non-authorized usage.
However, if you (or your web guys) don't have time to setup a special website, there are other options.
The first, and most cumbersome is using windows firewall. Setting up firewall rules can allow you to block/allow certain IP addresses. However, this method cannot limit based on URL; so if a website has a non-static IP, or there are some pages on a website you don't want users to have access to this method will be insufficient.
Luckily there are chrome plugins to do the job. The one I ended up using was Whitelist for Chrome because I needed to allow access to our companies public site and block everything else. After installing the plugin all I had to do was add *.my.company.com to the whitelist and we were all set.
Actually, I did use firewall to block access to a few web authentication servers, just to prevent employees from logging into their personal stuff from the public terminal.
Conclusion
So with all of that, you should be all set. A few things I have found out since I started writing this guide.
Nightly Reboot - If a user clicks a link that opens in a new tab/window the new tab/window will open but since it's in kiosk they won't be able to close it. This isn't much of an issue from a usability standpoint but can cause chrome to start taking up all system resources if left unmanaged for too long. I setup a nightly reboot to clear out everything. Note that you need to reboot the thin nightly as well (possible to set this up in the Xen.ini file) so that it reconnects after the vm reboots.
Screen Saver - The people I set this up for insisted that the machine not go to sleep. This makes sense from a usability standpoint; a kiosk is more approachable if there's something on the screen. However when had burn in (low end LCD monitor) within about a month of it being on ~24/7. So if you have similar requests find a way to do some sort of screen saver.
Well that's that. Post in the comments if you have any questions.
No comments:
Post a Comment