The Perfect Kiosk Platform
Windows 7 is a great operating system environment to run kiosk or single-purpose applications such as POS or multimedia systems. Its ability to host just about any program from a variety of development environments makes it an ideal platform. Adobe Flash, Silverlight, Java, Microsoft.Net, and HTML are just a few of the development languages available to build rich interactive kiosk and single-purpose applications that will run on Windows 7. In addition, there are several variations of Windows 7 available to run your application from the inexpensive (Windows Home Premium), to the fully functional (Windows Enterprise). The Windows version chosen will depend on the functionality needed for your application and your budget. For example, if you don’t need corporate networking abilities, Windows 7 Home Premium is a lower cost solution.
There is another version of Windows 7 called Windows 7 Embedded. Windows 7 Embedded provides complete OS customizations, is light-weight, and is primarily for single-purpose application use. Basically, it is Windows stripped down with no added services or applications. You add to it what you need for your application. This sounds perfect for kiosk and single-purpose implementations, however, a higher degree of IT expertise is required to implement it and it is expensive unless a high volume of licenses are purchased. In addition, Microsoft only makes it available to OEM hardware vendors.
Lock Down Windows 7 with Inteset Secure Lockdown
A benefit of using Windows 7 Embedded is its stripped down out-of-the-box operation. Conversely, retail versions of Windows 7 are loaded with OS enhancing applications, utilities, and services. In this case, if a retail version of Windows 7 is used for kiosk implementation, it is very important to optimize it and lock it down so users do not have access to undesired features and operations. This can be accomplished a few ways. One is through the Windows 7 Group Policy Editor. However, this utility is designed for larger companies that need to control employee access to the operating system functions and not so much for kiosk implementations. In addition, the Group Policy Editor is not available on Windows 7 Home Premium.
An inexpensive, flexible, yet simple alternative to Windows 7 Embedded or the Group Policy Editor is available through the use of a utility called Secure Lockdown v2 by Inteset, LLC(1). Secure Lockdown runs on any retail version of Windows 7. This utility creates a virtual embedded environment whereby your master application is the only one accessible by the end user. It essentially removes access to the Windows 7 Desktop environment and unwanted keystrokes and runs your master application exclusively. It can be enabled simply by applying a few configuration settings and checking the Enable option.
Optimizing Windows 7 for Your Application
Before enabling Secure Lockdown, it first makes sense to optimize the operating system environment for use with your kiosk application. Preparing a retail version of Windows 7 with Secure Lockdown is the reverse of preparing a Windows 7 Embedded environment. Instead of adding features, you strip out superfluous Windows programs and services. Windows 7 makes this easy to do with its Windows Features and Services tools. Note that removing Windows features does not optimize disk space. It simply removes the applications from being accessible. However, many applications do have complimentary services that will be removed thereby increasing system startup speeds and increasing memory availability. Removing services will increase boot times and memory significantly depending on which services and how many are removed. Analyze the ones where the Startup Type is Automatic and disable those you do not need.
Some other recommendations to improve performance and usability for your kiosk implementation using Secure Lockdown are:
Use a solid state drive (SSD) for the OS. A 32gb SSD drive used for the OS partition exclusively is relatively inexpensive and will improve overall performance of the system significantly over its SATA drive counterpart.
- Disable the Windows System Restore feature. This is an unnecessary feature and will conserve disk space if disabled.
- Set the Windows Sleep, Power, and Screen saver settings to suit your environment.
- Remove the Microsoft logo from the bootup sequence. This can be accomplished by editing the “No GUI Boot” option under the Boot tab using the Windows MSConfig Snap-in tool.
- Customize the Windows 7 Welcome/Logon screen with your company or product logo. This can be accomplished using a Windows Registry tweak(2).
- Customize the Windows Desktop background with your company or product logo.
Once you have prepared and tested the system with your kiosk application, it’s wise to make a backup image of the operating system using tools such as Norton Ghost or Acronis TrueImage. In addition, creating an image will also easily allow you to port your setup to other machines that use the same hardware.
Now you have Windows 7 optimized for your kiosk application. As the last step, enable Inteset Secure Lockdown v2 and your system will be ready for the masses.