Windows 10 Kiosk Mode Shell Launcher ((top)) 🚀 💫

Windows 10 provides native capabilities to lock down a user account to a single application, commonly known as Kiosk Mode. While the default method restricts the device to a single Universal Windows Platform (UWP) app, the Shell Launcher component offers advanced flexibility by allowing any Windows desktop application (Win32, WPF, or custom .NET shell) to act as the system shell. This paper outlines the architecture, configuration, and security implications of deploying a custom shell using Windows 10 Shell Launcher.

$result = $shellLauncherClass.SetCustomShell($userName, $shellPath, $null, $null)

Enter .

Access denied when calling WMI. Solution: Run PowerShell as Administrator. Also ensure the user account exists locally.

Introduced in Windows 10, version 1809. It adds support for UWP apps and offers more robust monitoring through CustomShellHost.exe . It is typically configured via XML profiles or MDM solutions. Prerequisites Quickstart: configure a kiosk with Shell Launcher windows 10 kiosk mode shell launcher

$ShellLauncher = New-Object -ComObject "ShellLauncher.Configuration" $ShellLauncher.SetCustomShell($UserSID, "explorer.exe", $null, $null) $ShellLauncher.SetMode(0) # 0 = Default Mode (Explorer)

| Feature | Shell Launcher (Classic) | Assigned Access (Kiosk Mode) | | --- | --- | --- | | Supports Win32 apps | Yes | No (UWP only, except via XML hack in Enterprise) | | Supports multiple apps | Yes (app can launch others) | No (single app) | | Complexity | High (manual WMI) | Low (Settings UI) | | UWP support | No | Yes | | Recommended use | Custom launcher, legacy apps, multi-app kiosk | Simple content viewer, Edge kiosk | Windows 10 provides native capabilities to lock down

if ($result.ReturnValue -eq 0) Write-Host "Shell Launcher configured successfully for $userName" else Write-Host "Error: Return value $($result.ReturnValue)"

Run the following command in an elevated PowerShell session: $result = $shellLauncherClass