KioWare - Kiosk System Software - Documentation

See All User Docs
Introduction
Quick Start Guide
Configuration Tool
Run KioWare
Exit KioWare
IE Setup
Installation
Unattended Installation
Automated Licensing
Configuration Tool Command Line Arguments
File Menu
Load Local Settings
Load Settings from a File
Save Local Settings
Save Settings to File
Reset Settings
Exit
Tools Menu
View Event Log
Preferences
System Reporting Tool
Multi-Settings Mode
Help Menu
User Guide
Licensing
Single User Licensing
Multi-User Licensing
Volume Licensing
Time Limited License
General Tab
Start Page URL
Browsing Access Control Lists
Restriction Messages
Domain Restriction
Page Restriction
Access List Logging
Scripting Access Control Lists
XML Configuration
KioWare Shutdown
Auto Logon
System Settings
Keyboard/Printing Tab
Keyboard Filtering
Virtual Keyboard
Printing
Attract/Inactivity Tab
Inactivity
Custom Timeout
Timeout/Warning
Attract Screens
Session End URL
Session End Browser Options
Session End Devices
Second Monitor
External Devices Tab
Security Devices
Input Devices
Input Device Access Control List
Device Specific Notes
Browser Tab
Browser Interface Settings
Popup Window Settings
Error Handling
External Applications
Dialog Box Settings
User Interface
Tool Bar Designer
Tool Bars
Add Tool Bar
Edit Tool Bar
Delete Tool Bar
Controls
Add Control
Edit Control
Skins Walkthrough
Button
Address Bar
Busy Indicator
Custom Link
Label
Picture
Align Controls
Skins Directory
Delete Control
Phone Tab
Phone Number List
KioWare Server Tab
General Settings
Usage Statistics Upload
Content Update
Remote Monitoring
Remote Monitoring Devices
Security Tab
Software Watchdog
Hardware Watchdog
Disable Devices
Dialog Box Blocking
Miscellaneous Security
User Security
Using KioWare
Running KioWare
Command Line Arguments
Troubleshooting
Exit KioWare
Using with Thin Client
Best Practices
Security
Desktop
LAN/WAN
Design Guide (Programming)
Attract Screens
HTML Title Tags
Scrollbars
Keyboard Filtering
Virtual Keyboard
Touchscreen
Popup Windows
Phone Dialing
Survey Data
Input Devices
User Sessions
Error Handling
User Agent
External Navigation Commands
Scripting
.Net Addins
Config Tool Addins
Additional Resources
Copyright
KioWare   |   Platform: Windows®   |   Version: 6.8.0

Configuration Tool

Security Tab:

Also see: Best Practices

KioWare makes it easy to enhance the security of your application by disabling hardware devices, disabling Windows features, enabling lockdown features, supporting software and hardware watchdog features, and disabling common dialog boxes.

KioWare can either lockdown a regular Windows desktop that is running MS Explorer as the shell (default condition), or the computer can be configured to run KioWare as the shell.  The assignment of what program to run as shell is based on a user account, so it is very important that an individual user account not use KioWare as the shell and have Windows features disabled for that same user.  In doing so, you may lock yourself out of the computer.  Instead, only disable Windows features when Explorer (default condition) is set as the user shell.

Refer to the following screenshot.

Watchdog Support

Software Watchdog

  • KioWare has a special service running that monitors the health of the KioWare exe.  When the service determines that the KioWare exe is not behaving properly, it will restart the exe.  If this section is grayed out, then the service needs to be started – see Watchdog Service Control below.

Enable Crash Detection

If checked, the service will monitor and restart if KioWare crashes.

Enable Hang Detection

If checked, the software watchdog will monitor and restart if KioWare is unresponsive.

Hang Detection Timeout

The length of time (sec) the software watchdog will go without being able to communicate to KioWare before restarting.  Default is 60 seconds.  Value must be less than the Hardware Watchdog Response Timeout.


Hardware Watchdog

  • KioWare supports hardware watchdogs which are used to make sure the KioWare software watchdog is functioning.  When the hardware watchdog determines that the KioWare software watchdog is not behaving properly, it will restart the service.

Checkbox

If checked, the service will monitor the KioWare watchdog service

Response Timeout

The length of time(sec) the hardware watchdog will go without being able to communicate with the KioWare service before restarting the service.  Default is 180 seconds.  Value must be greater than the Software Watchdog Response Timeout.

Watchdog Device

Select the hardware watchdog device installed in the PC.

Watchdog Service Control

Startup Type

Determines how the watchdog service will behave upon system startup.

  • Automatic - service will start upon system startup
  • Manual - service will not start upon system startup and must manually be started.
  • Disabled - service will not start upon system startup and is disabled

Start

Start the watchdog service

Stop

Stop the watchdog service


Miscellaneous

Disable Windows Admin Tools Menu

If checked, Administration Menu will not be available to the user.

Empty Temporary Internet Files upon Exit

If checked, Windows will clear Internet Explorer cache before the OS shuts down.

Reboot Windows after a Crash

If checked, the PC will automatically reboot if the OS has crashed

Disable Messenger Service

If checked, Windows Messenger Service will be disabled.


Device Security

Log Device Changes as

Logs messages from KioWare to the Windows Application event log when a device is added to the system or removed.  Devices such as USB thumb drives are included.  You may choose to log the change as an error or informational.


Disable Devices

CD-ROM

If checked, AutoRun will be disabled for the CD-ROM drive.  Vista and Windows 7 do not have AutoRun; they have AutoPlay.  AutoPlay is similar but not the same.  Disabling AutoPlay is explained in our Best Practices section.
Note: You will probably need to reboot before this change takes effect.

USB

If checked, USB storage devices will not be available to the user.  This feature is not available in Vista or higher.  Those users should instead use group policy to lock down USB storage.


ClickOnce Security Config

ClickOnce is a Microsoft technology that allows execution of .Net programs from the browser.  This can pose a very serious security risk because it is enabled by default.  The following dialog will allow you to disable ClickOnce.

ClickOnce

The recommended minimum settings are to disable "Internet" and "Untrusted Sites".

User Security Settings

Also see: Best Practices

The following settings are tied to the particular user account that is currently logged onto the computer.  As such, these settings are not saved in a KioWare XML file, nor are they saved when KioWare settings are saved.  The first step is to select the user account these settings should apply to.

Select a User

When selecting a user, it is important to note that the config tool will not allow you to select the user that is currently logged in.  This is so that you cannot lock yourself out of the system.  Best practice is to select a non-admin user as the user to run KioWare anyway.

Important Note:

When creating the user you may need to do so using the Computer Management console rather than the XP User applet.

Username

Select the user account from the list.

Password

Enter the password for the user account


Refer to the following screenshot.

User Shell

KioWare can either lockdown a regular Windows desktop that is running MS Explorer as the shell (default condition), or the computer can be configured to run KioWare as the shell.  When KioWare is running as the shell, the Windows Desktop is no longer available upon exit from KioWare; therefore, it is not recommended to assign KioWare as the shell to your administrator account.

Select User Shell

Select the shell to load:

  • Windows Explorer - the normal Windows Desktop
  • KioWare - The most secure and highly recommended way to run KioWare because the Windows Desktop is not available upon exit from KioWare.
    If you use the KioWare shell; Very important: Set KioWare to logoff when passcode is entered (General Tab).

User Security Settings

These settings only apply when the Windows Explorer shell is selected.

Disable Start Menu Help

If checked, the Start Menu Help button will not be available to the user.

Disable Start Menu Search

If checked, the Start Menu Search button will not be available to the user.

Disable Start Menu Logoff

If checked, the Start Menu Logoff button will not be available to the user.

Disable Start Menu Run

If checked, the Start Menu Run button will not be available to the user.

Disable Start Menu Taskbar Settings

If checked, the Start Menu Settings Taskbar button will not be available to the user.

Disable Start Menu 'My Network Places'

If checked, the Start Menu ‘My Network Places' button will not be available to the user

Disable Taskbar Toolbars

If checked, the Taskbar Toolbars will not be available to the user

Disable System Tray

If checked, all system tray items will not be available to the user.

Disable Taskbar Context Menu

If checked, clicking the mouse right button will not display the Taskbar Menu.

Disable Task Manager

If checked, Task Manager will not be available to the user.
Very important: Set KioWare to logoff when passcode is entered (General Tab).

Hide Desktop Items

If checked, all Desktop icons will not be available to the user

Disable System Context Menus

If checked, all system mouse right click context menus will not be available to the user.

Disable Control Panel, Network, Printer Settings

If checked, the Start Menu Settings Control Panel, Network Connections and Printers and Faxes buttons will not be available to the user.


Managed Dialogs

    KioWare
  • can prevent the display of dialog boxes and windows.  KioWare ships with a list of blocked dialogs/windows; however, additional entries can be manually entered.  If you are connected to the internet, you can update your default list from our website.  Select Load Recommended Dialog Management on the Files dropdown menu.

Remove Selection

Remove the selected item.

Edit Selection

Edit the selected item.

Add New

Add a new entry.

Edit Dialog

To enter a new, or edit an existing, dialog/window to block, refer to the following.

Rule Description

A descriptive title of the dialog/window to be blocked.  For informational purposes only.

Window Class

The window class ID of the dialog/window to block.  The class ID must be an exact match and for dialogs is usually #32770.  Using the 3rd party software Spy, it is the value specified by Class Name in the Class tab of the Windows Properties dialog.

Window Title

The window title of the dialog/window to be blocked.  For maximum pattern matching utility, the window title is treated as a regular expression.  For more information on regular expressions, go to http://en.wikipedia.org/wiki/Regular_expressions.

Block Dialog

If checked, the dialog/window will be blocked.  This will generally be checked; however, in the case where a set of generic dialogs/windows needs to be blocked but let a specific one display, enter the information for the specific dialog/window, but don't check the Block Dialog checkbox, and make sure the specific entry is listed above the generic entry.

Close ID

Determines how the dialog/window will be closed.  Although not always the case, typical examples are as follows:

Values Action
0 Click the 'X' button closing the dialog/window
1 Click the 'OK' button
2 Click the 'Cancel' button

Using the 3rd party software Spy, it is the value specified by Control ID in the General tab of the Windows Properties dialog.

Display Blocked Message

If checked, the message defined in Blocked Message Text will be displayed.

Blocked Message Text

Enter the message to display when the dialog/window has been blocked.

Dialog Children

A list of objects that must exist on the dialog/window for a match to occur.

Edit Dialog Child

To enter a new, or edit an existing, child object, refer to the following.

Control Description

A descriptive title of the child object.  For information purposes only.

Control Class

The object class name.  The control class must be an exact match.  For static text fields, the value will be Static.

Control ID

The control ID of the object.

Control Text

The value of the control.  For static text fields, this will be the actual text.  For maximum pattern matching utility, the control text is treated as a regular expression.  For more information on regular expressions, go to http://en.wikipedia.org/wiki/Regular_expressions.