Configuring Auto Login
The first step when approaching a thinkiosk deployment is deciding how you will login to the kiosks. ThinKiosk can be deployed to an auto login account, (domain or local) or can also be configured to run as the end user. The setup options are flexible to how you wish to deploy it.
Below you will find a breakdown on how to achieve each of these scenarios and the steps involved:
Deploying an “auto login” account with thinkiosk:
When deploying an auto login account, the kiosk will boot to windows thenautomatically log in as the specified user. This configuration is favourable as it removes the users group policys, login scripts, etc forcing the user to authenticate at the web interface and once the users desktop or application ends the kiosk is immediately accessible to the next user.
You can choose to use an active directory user to auto login or a local computer account. The benefits of using a Domain account are more favourable as the account can be centrally managed and maintained. For this reason I personally recommend using a domain account.
If you do choose a local account, deployment via group policy probably wont work. Consider a local account deployment for small implementations where you can manage the pc’s locally.
To configure an auto login account, use the ThinKiosk Group Policy from the downloads section. This Policy includes all relevant options to take advantage of this native functionality via group policy.
- This group policy can be configured on the local machine or via a Domain deployment.
- This group policy can be used with a default domain account or local.
Deploying an auto login account via group policy:
Follow the following guide (if neccessary) on how to import the group policy. Once you have the policy imported, Browse to:
Computer Configuration > Policies > Administrative Templates > Classic Administrative Templates > Thinkiosk Settings> AutoLogon settings.
Now configure each of the policies listed, I’ve included examples below:
- Autologon to workstation: Enable this option to specify you wish to use an auto login account
- ForceAutologon to workstation: By default Autologon on works for the first login, forcing auto logon will mean the pc will always login as the specified account
- Default User Name: The user nameof the account (domain or local) you wish to login as.
- Default Password: The password of the above account
- Default Domain: The Users domain if the user is a domain member, if not use the local machine name.
Using the guide above, you can configure the local machine policy of the computer by going to:
Start > run > GPEDIT.msc.
Bear in mind by configuring autologin via local policy, you must either be logged in as the user, or configure this policy at a machine level.
To replace the shell on a local machine, modify the below text to include your username, password and domain then save it as a batch file. Remember to run the batch file as an administrator.
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t reg_sz /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ForceAutoLogon /t reg_sz /d "1" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t reg_sz /d "kioskuser" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t reg_sz /d "Passw0rd" /f reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t reg_sz /d "computername or domain name" /f