Share via

Windows Mobile in Kiosk Mode

  • Article

This topic rates in my top 3 'soapbox' issues and it’s about time I vented some of my inner frustration... so let me just step up onto my soapbox and begin.

Imagine a large enterprise wants to roll out a line of business application to its field or store workers using mobile devices. The IT department starts looking around at the available platforms and proposes a rugedized Windows CE based device such as a Symbol or Intermec configured with a relatively minimal OS image - no games, no office apps and the one business app running as the shell. This is a Kiosk mode design.

What happens next in my experience is surprisingly common regardless of solution or industry. The bean counters get involved and look at the cost of a rugged device, the cost of building and maintaining the OS image (presuming the company doesn’t take one 'off the shelf' from the embedded device manufacturer) and come up with a price. Some bright spark in the IT department or worse at the upper management level takes one look at the numbers and says "flippin' hek! My [pocket pc | palm | blackberry | Psion] doesn’t cost a third that price, why don’t we use one of these pieces of hardware instead?". So the IT department goes back to the drawing board and is forced to take a commercial Pocket PC run the app on it, maybe add a semi rugged shell (there are some very viable metallic or rubber solutions out there today) and lock it down to kiosk mode using software. The price looks much better comparing retail Pocket PC to rugged Windows CE devices, and there is no OS development or maintenance involved. The IT department and bean counters satisfy themselves that the numbers work with support costs factored in and higher numbers of replacement devices. Everything looks great!

Development starts a couple of days later and, hey, its even easier than they thought using Compact Framework to develop the app, and the dev team were able to use devices bought from the high street over the weekend. The real problems start 3 months later when the IT department is in integration testing and looking to lock the device down.

Have you ever tried to lock down a Pocket PC? I mean really lock it down, so there is absolutely no way to run apps or even recover the device to a clean state? It’s usually about 2 weeks after the lockdown work has started that the support calls come in to Microsoft: 'How do we lock this thing down to Kiosk mode?'

Let me just highlight this: Its very, very difficult to lock a retail Pocket PC device into a kiosk mode so that only one app runs and the user cant get to any other applications or reset the device to a state where you can get to other apps. Windows Mobile is designed to be a multi purpose, commercial platform that can run lots of different applications. It’s designed to be user configurable, to provide lots of ways to run applications and navigate between them and its full extensible. It’s designed to be as far away from kiosk mode as you can get!

I've been working with mobile solutions for over 6 years now and in that time I must admit I have been involved in one project that succeeded completely. The results weren’t always pretty for the user and at the end of the project the application was locked to just one specific device. But it does run in a full kiosk mode on retail Pocket PC. From what I recall it took around 4 months working on the kiosk mode code to get it working correctly.

Why is this so hard?

... because Windows Mobile is designed to be a generic OS! There are many different ways of accessing applications and running code: through the start menu, from the file explorer, through the ‘New’ menu, by inserting an SD card with Autorun on it.

Probably the most difficult feature to block is the ‘run’ command prompt available from the home screen. Try this on your device or emulator:

1>    Go to the home screen, press and hold the ‘action’ key (that’s the middle button of the direction keys). By default the Pocket PC 5.0 emulator uses the right Alt key for ‘Action’.

2>    Tap and hold the clock in the top right.

3>    Select ‘Run’

4>    Type in ‘\windows\notes.exe’ or a path to any other exe on the device and see it execute

 

Removing or redirecting start menu shortcuts and new menu item’s is relatively easy. To stop the Run function requires a lot more work. The successful solution wrote stub exe files into the Windows directory for each application they wanted to block (which was all of them!) so for example they placed a stub file named "notes.exe" in the windows directory that ran the kiosk application. This is device specific as the OEM is free to add applications as they see fit so device to device the solution must change. There are many other ways of breaking applications or getting back to the system and undoing the hard work a developer puts in.

What about a hard reset? If the device has an inbuilt flash ROM storage card then it can be used to automatically provision the device following a hard reset (see my previous post). This again is OEM specific. Be aware that before WM5.0, installation using CAB files can be interrupted by the user – with WM5.0 there is a ‘silent’ option for WCELOAD.

So what my point?

Windows Mobile is not broken, its actually serving the design purpose. If you truly must have a kiosk mode device then use the software platform designed for this scenario: Windows CE. Build and control your OS so there are no additional applications present for the user to run. The cost in the long run is likely to be lower than the dev and support costs of forcing Windows Mobile into kiosk mode. Talk to the hardware manufacturer and ask if Windows CE is available for the device you want to use.

 

Partial Kiosk

If you can live with a partial kiosk device and can accept that sometimes the user will get out of your application then go ahead and use Windows Mobile. There are utility packages available from 3rd parties that can help, like Spb Kiosk Engine: https://www.spbsoftwarehouse.com/products/kioskengine/?en . This tool simplifies the process of packaging and locking a device significantly. Remember, it is still only a partial solution - hard reset will bring back a clean device, and inserting a card with autorun on it will still allow the install to take place.

 

Tight integration vs Kiosk

Many situations where Kiosk mode is requested might be better served with a tightly integrated solution. What I mean is rather than fighting the OS, embrace it and deeply integrate your application using all the facilities of Windows Mobile like Today Screen plugins to show status and launch key apps, configuring the start menu, using hardware buttons to launch your app, adding links to the New menu, extending PIM apps to link to your application. Add in some user education about how to get back to the application when needed and how to use other applications on the device, and the result might be a more productive workforce, enthusiastically using their devices. One example where this approach worked very well was the Thames Valley Police project we worked on in 2003/2004: https://www.computing.co.uk/news/1161980

 

Before I put the soap box away let me just summarize my thoughts:

Think you need Kiosk mode? I would challenge you to think again, just be very, very sure that’s the right way to go. Why not run an open device vs partial kiosk trial first?

An open device with a tightly integrated application can be much more powerful in some circumstances.

If you really need a true kiosk mode device, use Windows CE, it will most likely end up cheaper and better in the long run.

 

 

Marcus

Comments

  • Anonymous
    June 20, 2005
    Thanks! You may have just saved us a lot of work. Great article!
  • Anonymous
    June 20, 2005
    The comment has been removed
  • Anonymous
    June 30, 2005
    http://www.aoe.vt.edu/~lscharf/samd/?topic=WinCE&title=Kiosk+Mode+in+Embedded+Visual+Basic


    --------------------------------

    Also, do you have any recommendations for wince devices we should use to host a kiosk app? doesn't need to be rugged. touch screen and color would be nice.
  • Anonymous
    July 03, 2005
    let’s see.. what’s been going on since TMM 98…  I went to O’Bannon Creek...
  • Anonymous
    July 03, 2005
    let’s see.. what’s been going on since TMM 98…  I went to O’Bannon Creek in Loveland on Wednesday...
  • Anonymous
    August 05, 2005
    The comment has been removed
  • Anonymous
    August 09, 2005
    Hi Marcus,

    Extremely informative article. Yes, In fact I myself have advised one of my clients about going for a kiosk mode application, and have recommended the third party (spbsoftwarehouse.com) app for doing that.
    But now after having read your article, I have my doubts.

    Yes, hard-resetting is one way to go about it, and the third party app doesn't holds on to a single app completely, user does gets hold of other apps at times.

    Then there is 1 way of running apps with AutoRun on SD card. I tried finding a way of how to stop running apps from SD card with AutoRun on, but couldn't find a way?
    Do you have an idea as to how could this be done or whether in the first place, this is possible or not?

    Regards,
    Asheesh
  • Anonymous
    August 20, 2005
    The comment has been removed
  • Anonymous
    August 31, 2005
    Hi Marcus,

    Only just found your blog and after reading this post I thought I'd add my comments on what I have found in trying to lock down devices.

    In the newer devices WM2003 and above (and i think ppc2002 as well but the reg keys are in different places) you can use a combination of reg keys to disable the running of applications on the device.

    If you set the following key to value 1:
    HLKMSecurityPoliciesShell
    DisallowRun (DWORD) = 1

    And then list the applications in this key, with the name of each value as a number and the value itself the exe name:
    HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerDisallowRun

    KeyName: 1
    Type: String
    Value: <exe name> e.g. notes.exe

    This will then display an error message when you try and run notes.exe.

    It doesn't stop you installing new applications, but I think it's easier than installing stub apps over the ROM apps to prevent them running!

    Cheers

    Matt
  • Anonymous
    July 19, 2006
  1. Con el VISUAL STUDIO .NET los forms se definen facilmente como fullscreen.

    2. Todo el mundo desactiva la barra "menu_worker" deberian tambien desactivar la barra "HHTaskBar". Con eso desactivais la barra superior con el INICIO o START segun el idioma.

    Saludos