Kiosk browser

Download file
Requires Windows 2000/XP or greater; only tested on XP
Free for personal, non-profit use; all others please email kioskbrowser@pacific22.com for licensing information / negotiations.
Screen shot of the configuration UI:
Configuration screen
Description:

This application is designed for use in a "kiosk" environment, where the user will have restricted access to only the browser itself, and (optionally) only restricted sites within that browser.

While the browser is loaded, the user will not have access to the desktop, any other applications, or any other part of the system whatsoever.

Special keys which could otherwise be used to get around this restriction (such as ALT+TAB, CTRL+ALT+DEL, CRTL+SHIFT+ESC, etc.) are disabled while the browser is loaded.

*Note: see this additional information about disabling the CTRL+ALT+DELETE function.

Instructions:
  1. Run the installer downloaded above.
  2. Run the KioskConfig.exe application to configure the parameters that will be used when the browser is launched. A starting URL and unlock password is required. Click save, then close the configuration application.
  3. The browser application (kioskbrowser.exe) can now be started at any time.
  4. You can also configure the launcher application (KioskLauncher.exe) to be loaded when the system starts up, before anyone even logs in, adding an extra measure of protection against any unintended uses of the system. This process is described further below.
User-configurable parameters:

There are several options described below that can be set using the graphical interface (see image above). These parameters are stored in an XML configuration file (kioskConfig.xml) so that your settings are preserved between sessions.

Starting URL

This is the page that will be loaded when the kiosk browser starts.

Unlock Password

This is the string of characters that will close the kiosk and return the browser to normal operation. *Note: the password must be typed consecutively to unlock. If you make a mistake, just start typing the password over from the beginning. Also, you don't need to enter the text into a text field, you can just type the letters without the cursor being visible anywhere on the screen.

Do not forget this, otherwise there may be no way to unload the browser and return to your desktop, without a hard reboot, depending on the restrictions you've configured.

Command to run on unlock

This is an optional command which, if supplied, will be executed when the browser is unlocked.

Screen Size and Position

Width & Height

The size of the browser window. *Note: if you set these values to "MAX" in the XML configuration file, the application will detect and use the complete available space of the screen.

Left & Top

This set the position of the window's upper left corner, relative to the upper left corner of the screen.

URL Restrictions

Allowed sites

If there are DNS names listed here, the browser will only be allowed to browse to these specified sites. If this list is empty, any sites are allowed, provided they meet any other requirements defined below. *Note: allowing unrestricted browsing could lead to a compromise of the kiosk browser, by allowing the user to "break out" of the kiosk by navigating to a page that executes code, etc.

URL Pattern Restriction

If there is a value in this field, then any URL the user navigates to must contain this value. For example, to restrict browsing to only URLs containing the text "/kiosk", you add that text to this field.

System Restrictions

Disable ...

These selections will disable keys which could otherwise be used to shut down the kiosk application or switch to a different application.

*Note: due to an unresolved bug in the disabling of the CTRL+ALT+DELETE function, it is still disabled once the browser is unloaded. ALT+TAB and other keys will still work properly after unlocking.

Load In Separate Desktop

A quick explanation is probably in order for this one. Windows makes use of what it calls "desktops", which are basically isolated displays in which windows applications run. Most windows users are familiar with at least three of these. The most familiar is the default, in which you can see the "normal" desktop, start menu, and most apps. Two other recognizable ones are for screen savers and "Winlogon" (which is what you see when you hit CTRL+ALT+DELETE). One noteworthy aspect of these alternate desktops as they relate to the kiosk browser is that when you are in an alternate desktop, the user has no way of accessing other windows, or the start menu, etc. Fortunately, the Windows API exposes a CreateDesktop function which can be used by application developers to take advantage of this functionality within their own applications.

So, all that to say this: when this is checked, the KioskLauncher.exe will launch the kiosk browser in a new desktop, which will be isolated from anything else on the system.

*Note: if you are using the method described below for running the launcher without a user logging in, it is recommended to not use the Load In Separate Desktop option. Trying to do this can be buggy, and it is also unnecessary, since if the user isn't logged in yet, there's nothing they can do even if they can get out of the kiosk browser.

Kill All New Windows

This is a kind of catch-all safeguard which will account for any unforeseen methods that the user could utilize to open another window or application.

When this is checked, the application will monitor (at the specified interval) for any newly opened applications or windows and automatically close any that it finds.

Browser Restrictions

Disable ...

These selections will disable the specified functions in the browser, which could potentially be used to circumvent the other kiosk restrictions.

Loading without logging in:

By using the group policy editor (gpedit.msc), an administrator of a Windows system can configure a series of scripts or applications to be run at various points, one of which is on startup (screenshot).

Putting an application in this position will cause it to be loaded and displayed right alongside the windows login page. The launcher app includes some additional functionality to only enable the launch button if an active network connection is present. This is to account for the common situation in which the network interface often will not establish a connection until a while after the system boots, especially with wireless adapters. When this happens, the button text will indicate that a connection is not currently active, and will continue to monitor the connection status, enabling the button when a connection becomes available.