This section is where you would modify the shell you intend on configuring for the locked down user account: "`nDefault Shell is set to " + $DefaultShellObject.Shell + " and the default action is set to " + $faultaction $DefaultShellObject = $ShellLauncherClass.GetDefaultShell() # Display the default shell to verify that it was added correctly. This section just provides an output indicating what the default shell was configured as: $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device) # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed. You can change these examples to use the program that you want to use as the shell. It is possible to change this to the regular explorer.exe shell but for this example, we’ll modify the admin account’s shell instead: This section typically confuses most administrators because it indicates that the command prompt is being configured as the default shell and the reason for this is because when Shell Launcher is enabled, the default shell is set to cmd.exe. # Define actions to take when the shell program exits. $Cashier_SID = Get-UsernameSID("Cashier")ĭefining actions to take when the shell program exits (pretty much what the comment says): Rename "User" to an existing account on your system to test this script. # Get the SID for a user account named "User". $NTUserObject = New-Object ($AccountName) # Create a function to retrieve the SID for a user account on a machine.
# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.Ĭreate a function to retrieve the SID for a local account on the thin client then assigns a variable with the SID of the Windows 10 local user account: Write-host "Make sure Shell Launcher feature is enabled"Īssigning a variable with the SID of the Windows 10 local admin account: If (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) :WESL_UserSetting" Public static bool IsShellLauncherLicenseEnabled()
# Check if shell launcher license is enabledįunction Check-ShellLauncherLicenseEnabled However, those who may not be familiar with the behavior of customizing the shell on a Windows OS may be confused so here is a breakdown of the script and the changes required. Use Shell Launcher to create a Windows 10 kiosk Microsoft provides the following 2 articles with a PowerShell script to configure the custom shell: It is also possible to add the feature with the following command:ĭism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncherĬonfiguring the customized shell with a PowerShell Script
This is different than where you would find the feature on a regular Windows 10 OS:
You must ensure that the Shell Launcher feature is installed before beginning the configuration and although the OS on this thin client indicates it is Windows 10 Enterprise 2015 LTSB, there are some subtle differences with a full desktop and one of them is that the Shell Launcher is labeled as the following in the Windows Features: The Dell Wyse 7020 (Z90QQ10) thin client I was working with is the following: These thin clients will not be joined to the Active Directory domain in the organization so users should not have to log into the thin client and the thin client OS should never lock.
Restart the TP AutoConnect Service in the View session, and, if necessary, also on the virtual machine and the View Client.I’ve recently had to assist a client with configuring their Dell Wyse 7020 Windows 10 IoT thin clients with a custom shell launcher mimicking a kiosk type of mode where only the VMware Horizon View Client is available to the user but the local admin account should still have the regular explorer shell. On 64-bit operating systems in: hkey_local_machine\software\Wow6432Node\ThinPrint\Client On 32-bit operating systems in: hkey_local_machine\software\ThinPrint\Client TimeOutVirtualChannelRead “130” (decimal) TimeOutClientExecution “150000” (decimal) on a virtual desktop in: hkey_local_machine\software\ThinPrint\TPAutoConnect.
If the manual creation of the printer with AutoConnect from the command line is successful, check that the following Timeout values are set in the Windows registry and, if not, set them: