- Feb 14, 2004
- 50,028
- 6,320
- 136
Windows 8.1 Pro has a cool featured called "Assigned Access" which basically puts the computer into Kiosk mode with no special lockdown settings required. This is useful in a variety of settings, such as limiting what apps employees or kids or the public has access to. I've found it handy for using a computer as a thin client using the RDP app. The two catches are that (1) you must be running a Pro (or Enterprise) version of Windows 8.1, and (2) you can only run Modern Apps (aka Metro apps). Fortunately, Microsoft has a Modern App version of Remote Desktop available. This works awesome for remoting into say a Terminal Server. I don't really care for the typical Wyse-style thin clients (from experience), so this is another nice alternative.
The procedure in a nutshell:
1. Install Windows 8.1 Pro
2. Create an admin user & a local user
3. Setup RDP under the local user account
4. Setup Assigned Access
5. Tweak login & power settings:
1. Install Windows 8.1 Pro:
Assigned Access mode doesn't work in the basic versions of Windows 8.1. If you have a computer that came with say Windows 8.1 with Bing, you can upgrade it to Pro using the Pro Pak for $95: (instant key delivery on Amazon)
http://www.amazon.com/Microsoft-Windows-Pack-Upgrade-Online/dp/B00HG0460M/
On the Android devices I setup as locked-down thin clients (such as the HP Slate 21 Pro), I typically use SureLock. They have a version for Windows, but it's $99 per license, so you might as well upgrade to the better version of Windows ($5 cheaper!), which also lets you join a domain & have Windows Media Center. Here's a link to SureLock for reference:
http://www.42gears.com/surelock/windows8purchase.html
Bottom line: you need an industrial version of Windows 8.1 to use this feature, not a consumer version. Side note: I've read that Windows 8.1 Embedded lets you lock down desktop apps, although that OS is not readily accessible
2. Create an admin user & a local user
You don't need an online Microsoft Account to setup a Pro computer; you can create local accounts instead . I create a password-protected local admin account, and then a non-password-protected local account for Assigned Access. You can use "admin" & "kiosk" or whatever usernames you want.
3. Setup RDP under the local user account
For starters, you can't run desktop programs in Assigned Access; they must be "Modern apps" (for Metro). Thankfully, Microsoft has an updated version for Metro available for free in the Windows Store. Here's a link, but just search for "remote app" in the Windows store on your 8.1 Pro computer:
http://apps.microsoft.com/windows/en-us/app/remote-desktop/051f560e-5e9b-4dad-8b2e-fa5e0b05a480
Because Windows Store apps are not shared across accounts, you will need to install the Modern app on the local account (not admin account) you want to setup for Assigned Access. You will need an online Microsoft Account in order to do this, which will want you to switch to that Microsoft Account locally as the user account & also want you to enter a payment method. The workarounds are:
1. Launch the Windows Store, go to Account at the top, and sign in from there. Then download the app. If you try to download the app without signing in globally, it will prompt for a payment method (despite being a free app) & won't let you past that screen.
2. You do not have to switch the local account to a Microsoft Account locally; there is a link to allow access for just the particular app that you're downloading from your Microsoft Account ("Sign into each app separately instead"). So you'll still have to sign in to download (which you can do without entering a payment method), but you can keep your local account:
http://img10.imageshack.us/img10/2355/v6p4.png
4. Setup Assigned Access:
Procedure here: (screenshots)
http://blogs.technet.com/b/askpfepl...ssigned-access-in-windows-8-1-kiosk-mode.aspx
Basically go to PC Settings (gear icon in Metro) > Accounts > Other Accounts> Set up an account for assigned access, then select the local account you want & select the RDP app. Super easy.
5. Tweak login & power settings:
Next, you'll want to enable automatic login to make things easier by doing 3 things:
1. Disable login screen
2. Disable sleep login screen
3. Adjust power settings
From the admin account, start out by disabling the login screen:
1. Press the Windows button & R to launch the Run dialog
2. Type in "control userpasswords2" & hit OK
3. Uncheck the "Users must enter a user name and password to use this computer" box & click apply
4. Enter the local user name (should pop up default) & password (I left it blank) & click OK
This removes the lockscreen & login prompt at boot. Next, do the same thing for the lock screen (the wallpaper screen you see when it wakes from sleep); this will allow you to tap the keyboard & have it come right back to the desktop:
1. Press the Windows button & R to launch the Run dialog
2. Type in " gpedit.msc" & hit OK
3. Navigate to Computer Configuration -> Administrative Tools -> Control Panel -> Personalization
4. Double-click on "Do not display the lock screen, set to "Enabled", and click OK
Finally, go into the power settings and disable computer sleep, but enable display sleep (set however many minutes you want). This way the unit stays on all the time, but lets the monitor go to sleep. You can adjust PC & display sleep per your own requirements. Finally, reboot & make sure everything works!
On my test station, I powered up, it went through BIOS, then flashed the orange RDP app screen for a second & loaded the RDP app. You can log back into admin mode by tapping the Windows key five times (requires your admin password to login for security). As far as computers go, there are a bunch of neat machines coming out based on Intel's low-power quad-core Z3735F chip. I am currently testing a $180 MINIX NEO Z64 (requires the $95 Pro Pack, which makes the total $275 for the PC with power supply - BYO KVM), which has a load wattage of a little under 9 watts & an idle of just under 5 watts:
http://www.amazon.com/Windows-installed-Quad-Core-Streaming-Player/dp/B00TD8MTFY/
So you basically get a computer that boots straight into a native Windows RDP app for $275. Awesome!
The procedure in a nutshell:
1. Install Windows 8.1 Pro
2. Create an admin user & a local user
3. Setup RDP under the local user account
4. Setup Assigned Access
5. Tweak login & power settings:
1. Install Windows 8.1 Pro:
Assigned Access mode doesn't work in the basic versions of Windows 8.1. If you have a computer that came with say Windows 8.1 with Bing, you can upgrade it to Pro using the Pro Pak for $95: (instant key delivery on Amazon)
http://www.amazon.com/Microsoft-Windows-Pack-Upgrade-Online/dp/B00HG0460M/
On the Android devices I setup as locked-down thin clients (such as the HP Slate 21 Pro), I typically use SureLock. They have a version for Windows, but it's $99 per license, so you might as well upgrade to the better version of Windows ($5 cheaper!), which also lets you join a domain & have Windows Media Center. Here's a link to SureLock for reference:
http://www.42gears.com/surelock/windows8purchase.html
Bottom line: you need an industrial version of Windows 8.1 to use this feature, not a consumer version. Side note: I've read that Windows 8.1 Embedded lets you lock down desktop apps, although that OS is not readily accessible
2. Create an admin user & a local user
You don't need an online Microsoft Account to setup a Pro computer; you can create local accounts instead . I create a password-protected local admin account, and then a non-password-protected local account for Assigned Access. You can use "admin" & "kiosk" or whatever usernames you want.
3. Setup RDP under the local user account
For starters, you can't run desktop programs in Assigned Access; they must be "Modern apps" (for Metro). Thankfully, Microsoft has an updated version for Metro available for free in the Windows Store. Here's a link, but just search for "remote app" in the Windows store on your 8.1 Pro computer:
http://apps.microsoft.com/windows/en-us/app/remote-desktop/051f560e-5e9b-4dad-8b2e-fa5e0b05a480
Because Windows Store apps are not shared across accounts, you will need to install the Modern app on the local account (not admin account) you want to setup for Assigned Access. You will need an online Microsoft Account in order to do this, which will want you to switch to that Microsoft Account locally as the user account & also want you to enter a payment method. The workarounds are:
1. Launch the Windows Store, go to Account at the top, and sign in from there. Then download the app. If you try to download the app without signing in globally, it will prompt for a payment method (despite being a free app) & won't let you past that screen.
2. You do not have to switch the local account to a Microsoft Account locally; there is a link to allow access for just the particular app that you're downloading from your Microsoft Account ("Sign into each app separately instead"). So you'll still have to sign in to download (which you can do without entering a payment method), but you can keep your local account:
http://img10.imageshack.us/img10/2355/v6p4.png
4. Setup Assigned Access:
Procedure here: (screenshots)
http://blogs.technet.com/b/askpfepl...ssigned-access-in-windows-8-1-kiosk-mode.aspx
Basically go to PC Settings (gear icon in Metro) > Accounts > Other Accounts> Set up an account for assigned access, then select the local account you want & select the RDP app. Super easy.
5. Tweak login & power settings:
Next, you'll want to enable automatic login to make things easier by doing 3 things:
1. Disable login screen
2. Disable sleep login screen
3. Adjust power settings
From the admin account, start out by disabling the login screen:
1. Press the Windows button & R to launch the Run dialog
2. Type in "control userpasswords2" & hit OK
3. Uncheck the "Users must enter a user name and password to use this computer" box & click apply
4. Enter the local user name (should pop up default) & password (I left it blank) & click OK
This removes the lockscreen & login prompt at boot. Next, do the same thing for the lock screen (the wallpaper screen you see when it wakes from sleep); this will allow you to tap the keyboard & have it come right back to the desktop:
1. Press the Windows button & R to launch the Run dialog
2. Type in " gpedit.msc" & hit OK
3. Navigate to Computer Configuration -> Administrative Tools -> Control Panel -> Personalization
4. Double-click on "Do not display the lock screen, set to "Enabled", and click OK
Finally, go into the power settings and disable computer sleep, but enable display sleep (set however many minutes you want). This way the unit stays on all the time, but lets the monitor go to sleep. You can adjust PC & display sleep per your own requirements. Finally, reboot & make sure everything works!
On my test station, I powered up, it went through BIOS, then flashed the orange RDP app screen for a second & loaded the RDP app. You can log back into admin mode by tapping the Windows key five times (requires your admin password to login for security). As far as computers go, there are a bunch of neat machines coming out based on Intel's low-power quad-core Z3735F chip. I am currently testing a $180 MINIX NEO Z64 (requires the $95 Pro Pack, which makes the total $275 for the PC with power supply - BYO KVM), which has a load wattage of a little under 9 watts & an idle of just under 5 watts:
http://www.amazon.com/Windows-installed-Quad-Core-Streaming-Player/dp/B00TD8MTFY/
So you basically get a computer that boots straight into a native Windows RDP app for $275. Awesome!
Last edited:
Facebook
Twitter