0

On Windows 10 LTSC. Here is some backgrounds.

I have a system consists of several applications, they are launched with a batch file when system starts up. The Windows where the system runs on should be hardened, user can only access the software system, no other Windows tools, such as Desktop, explorer, task manager, gpedit, regedit, etc.

To achieve this, I was thinking to create a user "test" and to launch a script for it instead of explorer.exe, and user test should not be able to launch desktop. The only script it can launch is the one designated to it.

And for Administrator, everything should be normal, that is explorer is still the shell to launch and desktop works fine.

I tried this by adding key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell for user test. The application or script can be launched after user test logged on, but user test still can launch desktop after running explorer.exe command.

Then I modified key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell. Now the desktop is disabled, however every user including Administrator is affected by this setting.

Is there any way to set different shell for different user and disable desktop for specific user?

4
  • 1
    You have explained what, but not why. Are you trying to create a kiosk? Why not use Kiosk mode?
    – Gantendo
    Commented Aug 30, 2023 at 2:45
  • Our product consists of several executables, and they are launched in a sequence by a batch script. Is Windows Kiosk support launching batch script?
    – simo hauml
    Commented Aug 30, 2023 at 3:16
  • @simohauml - You made no mention of that fact
    – Ramhound
    Commented Aug 30, 2023 at 3:18
  • Windows Kiosk is Windows, and Windows supports batch scripts. learn.microsoft.com/en-us/windows/configuration/…
    – Gantendo
    Commented Aug 30, 2023 at 3:30

0

You must log in to answer this question.

Browse other questions tagged .