Watchdog Support
Software Watchdog
- KioWare has a special service running that monitors the health of the KioWare exe. When the service determines that the KioWare exe is not behaving properly, it will restart the exe. If this section is grayed out, then the service needs to be started – see Watchdog Service Control below.
Enable Crash Detection
If checked, the service will monitor and restart if KioWare crashes.
Enable Hang Detection
If checked, the software watchdog will monitor and restart if KioWare is unresponsive.
Hang Detection Timeout
The length of time (sec) the software watchdog will go without being able to communicate to KioWare before restarting. Default is 60 seconds. Value must be less than the Hardware Watchdog Response Timeout.
Hardware Watchdog
- KioWare supports hardware watchdogs which are used to make sure the KioWare software watchdog is functioning. When the hardware watchdog determines that the KioWare software watchdog is not behaving properly, it will restart the service.
Checkbox
If checked, the service will monitor the KioWare watchdog service
Response Timeout
The length of time(sec) the hardware watchdog will go without being able to communicate with the KioWare service before restarting the service. Default is 180 seconds. Value must be greater than the Software Watchdog Response Timeout.
Watchdog Device
Select the hardware watchdog device installed in the PC.
Watchdog Service Control
Startup Type
Determines how the watchdog service will behave upon system startup.
- Automatic - service will start upon system startup
- Manual - service will not start upon system startup and must manually be started.
- Disabled - service will not start upon system startup and is disabled
Start
Start the watchdog service
Stop
Stop the watchdog service
Miscellaneous
Disable Windows Admin Tools Menu
If checked, Administration Menu will not be available to the user.
Empty Temporary Internet Files upon Exit
If checked, Windows will clear Internet Explorer cache before the OS shuts down.
Reboot Windows after a Crash
If checked, the PC will automatically reboot if the OS has crashed
Disable Messenger Service
If checked, Windows Messenger Service will be disabled.
Device Security
Log Device Changes as
Logs messages from KioWare to the Windows Application event log when a device is added to the system or removed. Devices such as USB thumb drives are included. You may choose to log the change as an error or informational.
Disable Devices
CD-ROM
If checked, AutoRun will be disabled for the CD-ROM drive. Vista and Windows 7 do not have AutoRun; they have AutoPlay. AutoPlay is similar but not the same. Disabling AutoPlay is explained in our Best Practices section.
Note: You will probably need to reboot before this change takes effect.
USB
If checked, USB storage devices will not be available to the user. This feature is not available in Vista or higher. Those users should instead use group policy to lock down USB storage.
ClickOnce Security Config
ClickOnce is a Microsoft technology that allows execution of .Net programs from the browser. This can pose a very serious security risk because it is enabled by default. The following dialog will allow you to disable ClickOnce.
The recommended minimum settings are to disable "Internet" and "Untrusted Sites".
User Security Settings
Also see: Best Practices
The following settings are tied to the particular user account that is currently logged onto the computer. As such, these settings are not saved in a KioWare XML file, nor are they saved when KioWare settings are saved. The first step is to select the user account these settings should apply to.
Select a User
When selecting a user, it is important to note that the config tool will not allow you to select the user that is currently logged in. This is so that you cannot lock yourself out of the system. Best practice is to select a non-admin user as the user to run KioWare anyway.
Important Note:
When creating the user you may need to do so using the Computer Management console rather than the XP User applet.
Username
Select the user account from the list.
Password
Enter the password for the user account
Refer to the following screenshot.
User Shell
Select User Shell
Select the shell to load:
- Windows Explorer - the normal Windows Desktop
- KioWare - The most secure and highly recommended way to run KioWare because the Windows Desktop is not available upon exit from KioWare.
If you use the KioWare shell; Very important: Set KioWare to logoff when passcode is entered (General Tab).
User Security Settings
These settings only apply when the Windows Explorer shell is selected.
Disable Start Menu Help
If checked, the Start Menu Help button will not be available to the user.
Disable Start Menu Search
If checked, the Start Menu Search button will not be available to the user.
Disable Start Menu Logoff
If checked, the Start Menu Logoff button will not be available to the user.
Disable Start Menu Run
If checked, the Start Menu Run button will not be available to the user.
Disable Start Menu Taskbar Settings
If checked, the Start Menu Settings Taskbar button will not be available to the user.
Disable Start Menu 'My Network Places'
If checked, the Start Menu ‘My Network Places' button will not be available to the user
Disable Taskbar Toolbars
If checked, the Taskbar Toolbars will not be available to the user
Disable System Tray
If checked, all system tray items will not be available to the user.
Disable Taskbar Context Menu
If checked, clicking the mouse right button will not display the Taskbar Menu.
Disable Task Manager
If checked, Task Manager will not be available to the user.
Very important: Set KioWare to logoff when passcode is entered (General Tab).
Hide Desktop Items
If checked, all Desktop icons will not be available to the user
Disable System Context Menus
If checked, all system mouse right click context menus will not be available to the user.
Disable Control Panel, Network, Printer Settings
If checked, the Start Menu Settings Control Panel, Network Connections and Printers and Faxes buttons will not be available to the user.
Managed Dialogs
- KioWare
- can prevent the display of dialog boxes and windows. KioWare ships with a list of blocked dialogs/windows; however, additional entries can be manually entered. If you are connected to the internet, you can update your default list from our website. Select Load Recommended Dialog Management on the Files dropdown menu.
Remove Selection
Remove the selected item.
Edit Selection
Edit the selected item.
Add New
Add a new entry.
Edit Dialog
To enter a new, or edit an existing, dialog/window to block, refer to the following.
Rule Description
A descriptive title of the dialog/window to be blocked. For informational purposes only.
Window Class
The window class ID of the dialog/window to block. The class ID must be an exact match and for dialogs is usually #32770. Using the 3rd party software Spy, it is the value specified by Class Name in the Class tab of the Windows Properties dialog.
Window Title
The window title of the dialog/window to be blocked. For maximum pattern matching utility, the window title is treated as a regular expression. For more information on regular expressions, go to http://en.wikipedia.org/regular_expressions.
Block Dialog
If checked, the dialog/window will be blocked. This will generally be checked; however, in the case where a set of generic dialogs/windows needs to be blocked but let a specific one display, enter the information for the specific dialog/window, but don't check the Block Dialog checkbox, and make sure the specific entry is listed above the generic entry.
Close ID
Determines how the dialog/window will be closed. Although not always the case, typical examples are as follows:
| Values | Action |
| 0 | Click the 'X' button closing the dialog/window |
| 1 | Click the 'OK' button |
| 2 | Click the 'Cancel' button |
Using the 3rd party software Spy, it is the value specified by Control ID in the General tab of the Windows Properties dialog.
Display Blocked Message
If checked, the message defined in Blocked Message Text will be displayed.
Blocked Message Text
Enter the message to display when the dialog/window has been blocked.
Dialog Children
A list of objects that must exist on the dialog/window for a match to occur.
Edit Dialog Child
To enter a new, or edit an existing, child object, refer to the following.
Control Description
A descriptive title of the child object. For information purposes only.
Control Class
The object class name. The control class must be an exact match. For static text fields, the value will be Static.
Control ID
The control ID of the object.
Control Text
The value of the control. For static text fields, this will be the actual text. For maximum pattern matching utility, the control text is treated as a regular expression. For more information on regular expressions, go to http://en.wikipedia.org/regular_expressions.