Making a publicly accessed computer safe can be a challenging project, especially if you are concerned about what web sites are allowed. Although there are quite a few methods for making a kiosk, such as pre-engineered hardware and software, there is always a cheaper method of accomplishing the same task. I am not here to argue that one is better than the other, only to share my experiences with creating a kiosk using products and knowledge I already had around.
There are a few pieces to the puzzle for any kiosk:
1. computer hardware, preferably equipment that can be physically locked down.
2. user interface restriction software, including Internet access restriction.
3. operating system state lock down.
Piece 1
For piece 1, I have used machines such as a Dell Optiplex and an Intel-based Apple Mac Mini. The Mini was a much better because of the size of the case and limited drives (one CD). For some public areas, I would recommend a physical enclosure for the computer case to prevent any physical access.
Piece 2 and 3
In some cases, the Microsoft SteadyState product can handle 2 and 3. Prior to SteadyState, step 3 would require an additional product such as DeepFreeze to “lock” the operating system state. You might be thinking, can SteadyState stand up to the 13 year old hacker that is going to break into your Kiosk? Unfortunately, I do not have the answer – however, a quick Google search might help you determine that because DeepFreeze is more popular there are more articles towards cracking it versus SteadyState.
Besides the disk “freezing”, SteadyState locks down the operating system using Windows policy configuration. Obviously if the computer is joined to a domain, the group policy objects (GPO) will override similar SteadyState configuration.
More on Piece 3
Controlling web access has been a problem in enterprises for years and a Kiosk is no exception. From a legal standpoint, you can’t fire outside users of a Kiosk if they do something inappropriate. This means that control of Internet has to be even more restricted, which can be quite difficult.
I would recommend the combination of two applications: (a) using a product such as NetNanny to lock down inappropriate categories; and (b) build a custom web browser such as shown in my article, creating your own custom web browser using Microsoft Visual Studio Express 2008. The custom web browser will allow you to control functionality of Internet Explorer programmatically, such as a minimal interface, predefined control bar, et cetera.
As a final note, SteadyState allows the administrator to lock Internet Explorer down to specific web URLs. To save space on domain name restriction, (there is a character limit), use the following format to get the entire domain, *devtrends.com.
Have fun and do your research before you put a Kiosk out for everyone to use! As with all of my other posts, I am not responsible for your failures and guarantee nothing. Article is for educational purposes only.
-Aaron Gilbert
IT is not just a job but also a passion. Everything I have accomplished, both personally and professionally, has been generally entertaining, bordering on fun. Some of my projects, such as working with SharePoint Services workflow actions in Visual Studio or building a custom iSCSI SAN using the OpenSolaris, ZFS and COMSTAR, has been quite rewarding. You may think nerd...I think developing a new trend!