Kisok Script

[ioliver]

I did this a while back. It starts IE in kiosk mode, and does a few other things. It was usefull for trying to build an IE based kiosk. I can't remember if I ever posted it. So, here it is:

expandcollapse popup

; kioskwatch3.au3
; March 9, 2004

; Built with AutoIt3
; Starts Internet Explorer in Kiosk Mode and
; prevents any (Ctrl +) HotKeys from being used.

; March 3, 2004: Added Maintenance Mode
; Maintenance Mode starts a Command Prompt
; March 4, 2004: Script now block (Alt + Tab),
; and will close any Pop-up windows
; March 9, 2004: Added the function to check for 2 minutes of Idle Time

Global $StartTime

; Read in Maintenance Password
$maintpw = IniRead("C:\kw3.ini", "Settings", "PW", "")

Call ("StartTimer")

Run("runapp C:\Program Files\Internet Explorer\iexplore.exe -k http://URL")

AutoItSetOption("WinTitleMatchMode", 2);2 = Any Substring

While 1;Infinite Loop

; Handles IdleTime

  $MPos1 = MouseGetPos()
  $CPos1 = WinGetCaretPos()

; Handles Hotkeys

  If WinActive(" - Microsoft Internet Explorer") Then
    HotKeySet("!{TAB}", "Block")
    HotKeySet("^h", "Block")
    HotKeySet("^a", "Block")
    HotKeySet("^b", "Block")
    HotKeySet("^c", "Block")
    HotKeySet("^f", "Block")
    HotKeySet("^l", "Block")
    HotKeySet("^n", "Block")
    HotKeySet("^o", "Block")
    HotKeySet("^p", "Block")
    HotKeySet("^s", "Block")
    HotKeySet("^v", "Block")
    HotKeySet("^w", "Block")
    HotKeySet("^x", "Block")
    HotKeySet("^!z", "Maintenance")
  EndIf

; Block Pop-ups

  If WinExists("Connect to URL") Then
    WinClose("Connect to URL")
  EndIf

  If WinExists("Microsoft Internet Explorer", "&Yes") Then
    WinActivate("Microsoft Internet Explorer", "&Yes")
    Send("!y")
  EndIf

; Handles IdleTime (Continued)

  $MPos2 = MouseGetPos()
  $CPos2 = WinGetCaretPos()

  If $MPos1[0] <> $MPos2[0] Then
    Call("StartTimer")
  ElseIf $CPos1[0] <> $CPos2[0] Then
    Call("StartTimer")
  EndIf

  $EndTime = TimerStop($StartTime)

  If $EndTime > 120000 Then;120000 = 2 minutes
    Call("CloseIE")
    Call("StartTimer")
  EndIf

  Sleep(3);Reduces the load this script puts on the CPU time
Wend

Func Block()
EndFunc

Func StartTimer()
  $StartTime = TimerStart()
EndFunc

Func CloseIE()
  $title = WinGetTitle(" - Microsoft Internet Explorer")
  If $title <> "http://URL/ - Microsoft Internet Explorer" Then
    Send("!{F4}");Closes the Internet Explorer Window
  EndIf
EndFunc

Func Maintenance()
  $Password = InputBox("AutoIT3 - KioskWatch3 Maintenance Mode", "Enter KioskWatch3 Maintenance Mode Password:", "", "*")
  If $Password = $maintpw Then
    Run("cmd")
  Else
    MsgBox(0, "AutoIT3 - KioskWatch3 Maintenance Mode", "Invalid Password!", 3)
  EndIf
EndFunc

I hope it helps someone. Let me know what you think?

Thanks again for all your help,

Ian

Edit: Works well if you make this Script the shell, or make a BAT file that calls this script the shell, I'm not sure. It may work as the shell if you compile (AUT2EXE) it.

Thanks again

Edited August 27, 2004 by ioliver

[msb5150]

Just a few suggestions:

1) Perhaps use the following registry change to disable the ability to close internet explorer: [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\

Restrictions]

"NoBrowserClose"=dword:00000001

2) I can't find the settings now, but it is possible to disable the menu items in the ctrl-alt-del menu so that the unscrupulous user can only choose 'Cancel" Alternatively you could choose start the task manager upon ctrl-alt-del and then immediately close it from the script

3) Lastly you should constantly check that iexplore.exe is still running lest the user use the alt-f4 keystroke to get past it.

[scriptkitty]

Also need to disable the taskbar, windows keys, etc. Looks like you have a good start. Also make sure that you watch out for websites where they can add thier own links, like.

<a href="c:\">Access my Cdrive</a>

[ioliver]

Thanks for checking out the script, and I appreciate all the suggestions. I may try to implement all those things to make a production version of the script.

When I wrote this script it was to replace a Netscape based Netsetter Kiosk application. So I used the script in combonation with some Local Group Policy settings and some Registry Hacks to do a lot of the things you suggested. Like, disable the Task Bar and the Ctrl + Alt + Del Menu items.

Thanks again for all your help, please continue to make suggestions as to how I can improve it, and when I get time I'll try to implement those.

Ian

[Bartokv]

These other keys will also help to lock the system down a bit more:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktopChanges"=dword:00000001
"NoSetActiveDesktop"=dword:00000001
"NoNetHood"=dword:00000001
"NoFind"=dword:00000001
"NoRun"=dword:00000001
"NoChangeStartMenu"=dword:00000001
"NoFolderOptions"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoSetTaskbar"=dword:00000001
"NoTrayContextMenu"=dword:00000001
"NoFileMenu"=dword:00000001
"NoViewContextMenu"=dword:00000001
"NoMSAppLogo5ChannelNotify"=dword:00000001

...Although these keys help to secure the system, please keep in mind that some would-be attackers are very determined and could still gain control of the box. It would also help to make sure that people don't have physical access to the power cord, floppy/cd drives, or USB/network ports on the system.

BTW: Good job on the script!