March 05, 2009
Kiosk Mode under Firefox
Want to lockdown your browser but want to use Firefox? There are plugin's for that.
A simple way to initiate Kiosk Mode, with a lightweight plugin, in Firefox. This is a true kiosk mode as it prevents the user from doing anything but use the Internet.
Firefox 2’s Kiosk Mode | Samanathon.com
January 30, 2008
Codetalk - Running website in Kiosk mode with c#
Kiosk mode -- how to display a website in kiosk mode and to disable to browser related hot keys using c#. Nice article with breakdown and code on one way to do it. Should be noted that for mainstream deployment, this is just showing one aspect of unattended configuration. Putting machine in kiosk mode is not the complete solution in itself.
Running a web site in Kiosk mode with c#
Introduction:
This article addresses a simple approach to supporting the display of a web site in kiosk mode using a simple win forms application. Kiosk mode is used to display the contents of a web page without the browser controls visible. The notion for doing something like that is that one can use a website to display some specific information to a user without allowing the user to navigate away from the website. For example, if one needed to display a building map in the lobby of a business or allow a user to investigate a product line and place a sales order from a mall display, a kiosk might be just the ticket.
Naturally, as with anything, there are problems with keeping a user locked on to a page or set of pages on the site. Most of these are easily handled but the design of the site has be carefully considered in advance (for example, one would not want to display advertisements that would allow the user to link off to a different website). Of course if the user has a keyboard, it might be a good idea to disable certain hot key combinations to prevent the user from opening a new browser window or closing the current browser window. One may even need to violate default security policy on the machine to prevent the user from opening the task manager or start menu. This example addresses disabling hot key combinations that don't violate SAS; however, if it is necessary, one can investigate making registry changes or other alternative methods for disabling CTRL+ALT+DEL and CTRL+ESC including third party controls or the MSGina.DLL (which I understand to no longer work with Vista).
A better answer might be to investigate the use of a touch interface, a touch interface virtual keyboard, or a kiosk keyboard that will not permit a user to input such key combinations; the easiest way to keep a user from messing around with the operating system and other applications on the machine is of course be to remove the standard keyboard from the equation.
An alternative to kiosk mode websites would be to use full screen win forms applications; the same issues still apply in terms of CTRL+ALT+DEL and CTRL+ESC but they can be managed differently; for example one could use key previews to block certain key combinations from going through.
Figure 2: Displaying a Website in Kiosk Mode
Getting Started:
In order to get started, unzip the included project and open the solution in the Visual Studio 2008 environment. In the solution explorer, you should note these files (Figure 3).
Figure 3: Solution Explorer
The Main Form (frmKioskStarter.cs).
The main form is the only form contained in the application; all of the application specific code required to display the web site in kiosk mode is contained in this form as is all of the code used to block certain hot key combinations. The code shows how to shut down many of the browser related hot key combinations but does not do anything to violate the default security policies of the machine.
The code is pretty simple, if you'd care to open the code view up in the IDE you will see that the code file begins as follows:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Runtime.InteropServices;
The imports are per the default configuration for a Windows application; some unnecessary libraries were omitted, generics were dropped from the collections reference and Interop services was added to the list.
Following the imports, the namespace and class are defined.
namespace KioskMode
{
public partial class frmKioskStarter : Form
{
Following the class declarations, a region is defined and the DLL imports needed to alter the global hot keys and to disable the status bar are included.
#region Dynamic Link Library Imports
[DllImport("user32.dll")]
private static extern int FindWindow(string cls, string wndwText);
[DllImport("user32.dll")]
private static extern int ShowWindow(int hwnd, int cmd);
[DllImport("user32.dll")]
private static extern long SHAppBarMessage(long dword, int cmd);
[DllImport("user32.dll")]
private static extern int RegisterHotKey(IntPtr hwnd, int id, int
fsModifiers, int vk);
[DllImport("user32.dll")]
private static extern int UnregisterHotKey(IntPtr hwnd, int id);
#endregion
Following the DLL imports, another region is defined and used to contain the modifier key constants and to declare a hot key Id variable; each hot key combination disabled by the application is assigned an ID number (a short) which is also used to remove the hot key restrictions whenever the application is stopped.
#region Modifier Constants and Variables
// Constants for modifier keys
private const int USE_ALT = 1;
private const int USE_CTRL = 2;
private const int USE_SHIFT = 4;
private const int USE_WIN = 8;
// Hot key ID tracker
short mHotKeyId = 0;
#endregion
Within the constructor; a series of hot key combinations are disabled to make is a little more difficult to navigate way from the kiosk site.
public frmKioskStarter()
{
InitializeComponent();
// Related browser window key combinations
// -- Some things that you may want to disable --
//CTRL+A Select all
//CTRL+B Organize favorites
//CTRL+C Copy
//CTRL+F Find
//CTRL+H View history
//CTRL+L Open locate
//CTRL+N Open new browser window
//CTRL+O Open locate
//CTRL+P Print
//CTRL+R Refresh
//CTRL+S Save
//CTRL+V Paste
//CTRL+W Close
//CTRL+X Cut
//ALT+F4 Close
// Use CTRL+ALT+DEL to open the task manager,
// kill IE and then close the application window
// to exit
// Disable ALT+F4 - exit
RegisterGlobalHotKey(Keys.F4, USE_ALT);
// Disable CTRL+W - exit
RegisterGlobalHotKey(Keys.W, USE_CTRL);
// Disable CTRL+N - new window
RegisterGlobalHotKey(Keys.N, USE_CTRL);
// Disable CTRL+S - save
RegisterGlobalHotKey(Keys.S, USE_CTRL);
// Disable CTRL+A - select all
RegisterGlobalHotKey(Keys.A, USE_CTRL);
// Disable CTRL+C - copy
RegisterGlobalHotKey(Keys.C, USE_CTRL);
// Disable CTRL+X - cut
RegisterGlobalHotKey(Keys.X, USE_CTRL);
// Disable CTRL+V - paste
RegisterGlobalHotKey(Keys.V, USE_CTRL);
// Disable CTRL+B - organize favorites
RegisterGlobalHotKey(Keys.B, USE_CTRL);
// Disable CTRL+F - find
RegisterGlobalHotKey(Keys.F, USE_CTRL);
// Disable CTRL+H - view history
RegisterGlobalHotKey(Keys.H, USE_CTRL);
// Disable ALT+Tab - tab through open applications
RegisterGlobalHotKey(Keys.Tab, USE_ALT);
// hide the task bar - not a big deal, they can
// still CTRL+ESC to get the start menu; for that
// matter, CTRL+ALT+DEL also works; if you need to
// disable that you will have to violate SAS and
// monkey with the security policies on the machine
ShowWindow(FindWindow("Shell_TrayWnd", null), 0);
}
The next button click event handler is used to launch browser window in kiosk mode; passing the 'k' argument to Internet Explorer is all that is required. The URL entered into the form's textbox is used to identify what page will be opened into IE.
///
/// Launch the browser window in kiosk mode
/// using the URL keyed into the text box
///
///
///
private void button1_Click(object sender, EventArgs e)
{
System.Diagnostics.Process.Start("iexplore", "-k " +
txtUrl.Text);
}
The next bit of code is used to register a hot key combination; in this instance we are using it to override an existing hot key combination.
private void RegisterGlobalHotKey(Keys hotkey, int modifiers)
{
try
{
// increment the hot key value - we are just identifying
// them with a sequential number since we have multiples
mHotK eyId++;
if(mHotKeyId > 0)
{
// register the hot key combination
if (RegisterHotKey(this.Handle, mHotKeyId, modifiers,
Convert.ToInt16(hotkey)) == 0)
{
// tell the user which combination failed to register
// this is useful to you, not an end user; the user
// should never see this application run
MessageBox.Show("Error: " + mHotKeyId.ToString() + " - " +Marshal.GetLastWin32Error().ToString(),"HotKey Registration");
}
}
}
catch
{
// clean up if hotkey registration failed -
// nothing works if it fails
UnregisterGlobalHotKey();
}
}
The next method is used to unregister the hot keys set up by the application; this is used to restore normal functioning after the application is closed. The combinations are identified by the hot key ID value stored for each replaced by the application; to disable all of them this bit of code loops through each ID and disables it:
private void UnregisterGlobalHotKey()
{
// loop through each hotkey id and
// disable it
for (int i = 0; i < mHotKeyId; i++)
{
UnregisterHotKey(this.Handle, i);
}
}
The next bit of code is used to handle the receipt of a hot key combination whenever the application is running. The code merely disregards all registered hot key combinations.
protected override void WndProc(ref Message m)
{
base.WndProc(ref m);
// if the message matches,
// disregard it
const int WM_HOTKEY = 0x312;
if (m.Msg == WM_HOTKEY)
{
// Ignore the request or each
// disabled hotkey combination
}
}
The last bit of code is called when the form closes; this code unregisters all of the hot key combinations and shows the taskbar once again.
private void Form1_FormClosed(object sender, FormClosedEventArgs e)
{
// unregister the hot keys
UnregisterGlobalHotKey();
// show the taskbar - does not matter really
ShowWindow(FindWindow("Shell_TrayWnd", null), 1);
}
Summary
Even though this application shows how to display a website in kiosk mode and to disable to browser related hot keys; the application does not violate the security policy. In building a kiosk; it would be best if the user did not have access to a full keyboard or any keyboard at all. If alphanumeric input is required, consideration of the use of custom kiosk keyboards or a virtual keyboard should be considered.
June 30, 2007
Kiosk Mode with Mozilla and Firefox
Nice writeup on kiosk mode requiring cross-platform support using latest Firefox. Open Kiosk Port to Firefox 2.
Mozdev Group, Inc. : www: /clients/bm/index
Client Profile - Brooklyn Museum
** NEW - Open Kiosk Port to Firefox 2 **
Firefox v,2.0
* Install For Firefox Now! [ June 29, 2007] (Powered by jsLib)
** Administrators: please read the Install as Admin Instructions before installation if you wish to install the Kiosk and run as a limited user. **
Mozilla v,1.7.13
** Please read the INSTRUCTIONS before installation. **
* Install Now! [ April 04, 2007] (Powered by jsLib)
About Brooklyn Museum
Brooklyn Museum Logo The Brooklyn Museum is the second largest art museum in New York City and one of the largest in the United States. One of the premier art institutions in the world, its permanent collection includes more than one and a half million objects, from ancient Egyptian masterpieces to contemporary art, and represents almost every culture. It is housed in a 560,000 square foot, Beaux-Arts building that welcomes approximately half a million visitors each year. Located in Central Brooklyn, a half-hour from midtown Manhattan with its own subway stop, the Museum is set on Eastern Parkway and one block from Grand Army Plaza in a complex of 19th-century parks and gardens that also contains Prospect Park, the Brooklyn Botanic Garden, and the Wildlife Center.
The Task
Our task was to deliver a customized Mozilla browser for a Kiosk, basically a full-screen, locked-down, browser with access to settings disabled. The Kiosk browser would be initially deployed on the Windows platform, but the code had to be as cross-platform as possible for easy porting to other platforms. An XPI package installer would be the preferred distribution option, but a custom Mozilla distribution would be acceptable if necessary.
Kiosk in full screen mode
Figure 1 : Kiosk in full screen mode
The Result
It became clear early on in the project that a custom Mozilla distribution would not be necessary. The browser code base is flexible and powerful enough to be able to build your own fully customised browser using XPFE tools. Thus an XPI package is a much more flexible option for the client, enabling it to be installed on multiple stations in a faster time.
The primary feature of any Kiosk is that the application has to be locked down. Firstly, that there is no access to the operating system and other applications, and secondly that the user can not change any of the browser settings. The former is largely taken care of in this project by the fact that the keyboards in place at the museum do not have the standard keys for moving around on the system. This includes the Tab, Ctrl and Shift keys. So the main development challenge was to remove access to all browser settings, which was achieved with a fully customized user-interface.
Features
Here are just some of the features included in the Museum Kiosk.
Full Screen
The browser has a full-screen mode, without a title bar and mimimize/close icons. This is a staple of any Kiosk environment. There is an option to have true full-screen mode with no UI visible. The advantage of this is that it provides a maximized content vieiwing area and less distraction for users. There is also an option to include a toolbar and/or statusbar in the UI to make available certain functionality, such as navigation (see section - Customizable User-interface)
Administration Settings Dialog
This is a secure, password protected window that the Kiosk administrator launches from the command line to set up the Kiosk browser for a particular station. The settings persist across sessions, and are available to all users logged into the system. A per-system settings system was the preferred option here, as opposed to per-user, to minimize the setup time needed. Features include the setting of the home page, turning on/off tabbed browsing, choosing filters and timers for resetting the station after a period of inactivity.
Customizable User-interface
UI Customization Options
Figure 2 : UI Customization Options
Figure 2 illustrates the UI customization options available to the Kiosk Admin. The radio option offers a choice to show widgets, or hide them which gives you true full-screen mode. If you choose to show, then there are futher options via a list where you can choose which buttons and other items appear. These settings are sticky across sessions until changed by the Kiosk administrator.
Content Filtering
One of the main purposes of many Kiosk environments is to display content on a particular topic or a certain group of topics. Here we had to accommodate this in a Web context, and the best way to achieve it is with a content filter. This takes the form of a flat text file on the filesystem, which has entries in the form of URLs. When this feature is enabled, the list is read by the software, and any time the user tries to access a site not in the list, the request is denied and they are informed with a status message. The filter has 2 modes. STRICT only allows an exact match on a URL. ALL is the second mode, and requires a little more explanation. In ALL mode, the browser will load any page that is in the domain of a particular URL (*.brooklynmuseum.org), or sub-area of a site (www.mozdev.org/docs/).
JavaScript Filtering
Complimentary to the content filter is a special request for turning JavaScript ON/OFF on a per site basis. When enabled, each request loaded into the browser will pass through the filter (a similar URL filter to the content one), and if there is not a match the request will still load but JavaScript will be turned off. No script will execute on that page, including onload handlers, onclick events and DHTML.
Command-line Handling
The Kiosk comes packaged with various command line options including:
* mozilla -kiosk : Launch the Kiosk in full screen mode
* mozilla -kiosk mode=title : Launch the Kiosk with a titlebar
* mozilla -kiosk about : Launch the About window
* mozilla -kiosk admin : Launch the Admin Settings window
Session Reset
Session Reset Alert The functionality is available to reset the Kiosk session, either via a button accessible to users, or an automatic timer which kicks in after a certain period of inactivity. What does resetting the session mean? What happens is that the browser returns to the homepage, cookies set during the session are deleted, memory cache is cleared (disk cache is always off), and the session history is deleted. Essentially, any trace of a previous session is eliminated. The option to turn on the reset timer, and the period in minutes before it does, are both available to be configured.
About Window
The Kiosk is by design almost free of branding, yet there are 2 options for identification. An optional banner above the toolbar, and an About window. The About window gives versioning and build information that is valuable for feature tracking and updates.
May 16, 2007
Software Resources - Kiosk Mode and Pocket PC
Resource for developing Pocket PC applications in kiosk mode. Features full WIndows Mobile support and supports Terminal Services Client.
Spb Kiosk - Development - Spb Software House
One very common application for Pocket PCs is their use as a specialized device where access to many functions is restricted or disabled and only a few applications can be used — this is called kiosk mode. Several vertical market applications require kiosk mode. For example, a kiosk mode can disable all games and other entertainment programs on the Pocket PC.
Spb Kiosk Explorer uses Pocket Internet Explorer to run in kiosk mode. Spb Kiosk Terminal is the Terminal Service Client running in kiosk mode. Spb Kiosk Engine allows you to run your custom application(s) in kiosk mode. In this mode, the target application(s) are the only ones that can be used on a specific Pocket PC device.
June 07, 2005
Kiosk Lockdown with Linux and KDE
Step by step configuration of KDE desktop to lockdown the desktop in kiosk mode. Includes desktop, context menus, icons and setting up custom system wide desktop icons.
Kiosk mode lockdown admin tool for Linux is available for download.
Lock Down KDE with Kiosk Mode
Hack No. 43 in Linux Desktop Hacks.
System administrators typically spend a lot of their time fixing trivial problems for users who have accidently changed their settings in some way. When an inexperienced user moves a desktop icon into the wastebin or sets a mimetype to open with the wrong programme they may be unable to reset their changes. Calls to the system administrator for help are a poor use of everyone's time. It would be better if the user had never been able to make undesirable changes.
Perhaps you just want to set up a GNU/Linux desktop for your grandmother but she keeps changing the layout of the application toolbars without meaning to. The new look confuses her so much that she calls you all the time asking for help, or worse, she gives up on GNU/Linux or her computer. Wouldn't it be great if you could protect your grandmother from herself?
For computers in a public setting such as an internet cafe or library these problems turn into more than just timewasters, they can prevent others from using the machine or cause distress as with the common anecdote of a library where a scriptkiddy had changed the background wallpaper on all the machines to pornographic photos.
Enter the Kiosk
KDE is one of the most configurable desktop environments but KDE 3.2.3 added the Kiosk framework which allows for any or all of the configuration options to be marked as unchangeable. With Kiosk you can create profiles which are attached to users or groups of users. A profile can define any KDE setting but will usually include the contents of the desktop, panel and k-menus as well as the look of the wallpaper, default fonts and widget style. You can also specify important system settings such as the network proxy and file associations. Most importantly all of these options can be set to be unchangeable by the user. This means grandma will never accidentally delete her web browser icon, and a bored teenager can't change the library's computer wallpaper to something that will give grandma a heard attack.
The easiest way to setup a Kiosk profile is to use the Kiosk Admin Tool. Some distributions include this by default, for others you can download the source from its website at http://extragear.kde.org/apps/kiosktool.php.
Start the Kiosk tool (as your normal user, there's no need to run as root) by selecting K-menu -> System -> Kiosk Admin Tool, or with the kiosktool command, and click Add New Profile. Give this profile a name such as 'locked-down' and click OK to save. You will be asked for your root password to save the new profile. Now click Manage Users and add a user policy to link a user to your new locked-down profile. It is also possible to link a whole group to the policy, you can see and change which users are in which groups by looking at the file /etc/group.
To configure a profile, select it in the list and click Next. The next screen presents numerous moules, each witrh specific configuration options in it. Ticking an option will lock down its corresponding feature. The settings will be saved when you click Back.
Some of the modules offer graphical setup for their settings. For example under the Desktop Icons module you can load a temporary desktop to replace your normal one. Switch to a different virtual desktop (Ctrl-F2) if you have windows covering your background. You can add, remove and move any of the icons on the temporary desktop. When you click Save in Kiosk Admin Tool, the settings for this desktop will be saved and your normal desktop will be loaded again. This makes configuring the setup for your Kiosk profile as easy as configuring your own desktop.
A general breakdown of the types of settings you will find in the most important modules follows:
General
Contains the settings that control the global properties for al KDE programs and inclues the ability to run commands, log out or move toolbars. Disabling Konsole removes not onlt its entry from the K-menu, but also the embedded Konsoles in Konqueror and Kate. Desktop Icons
Settings to prevent users from moving or deleting desktop icons. KDE Menu
Controls which programs are available in the K-Menu Themeing
Prevents users from changing the widget style, colour or font settings. Konqueror
Stops the user from being able to browse outside their home directory. Menu Actions
Turns off standard menu actions such as open, print, paste, settings etc from all KDE applications. File Associations
Ensures that files can be opened only with the specified programs Network Proxy
Enforces the use of your web proxy. Uses a web proxy to restrict which web sites a user can browse. Panel
Used to lock down the panel, prevents users from adding or removing the items you place here, and enables you to prevent context menus from working
The Kiosk framework has been used in large enterprise deployments of KDE. Administrators report that is cuts their time taken up by user support by half, because it reduces the number of small but time consuming problems users have.
If you are considering using Kiosk in a public setting you may want to make yourself familiar with the KDE configuration file format. Browse through /etc/kde-profile to see the setting made by the Kiosk Admin Tool. Adding [$i] to a configration option, group of options or file makes them unchangeable by users.
Kiosk is not a substitute for using Unix filesystem permissions or other security settings. You should also make sure you set X to not be killable with control-alt-backspace and prevent users from changing to a text console. Finally make sure the login manager does not allow users to log in to any other desktop environment which has not been locked down.
Copyleft Jonathan Riddell 2004
Links