Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Sunday, February 11, 2018 10:35 PM
Hi we are upgrading our library computers from windows 7 to windows 10 and I would like to use the Multiapp Kiosk User mode. Configuring the Multiapp Kiosk User is no problem and i can get that to work. However, it also denys access to removable drives like dvd/blue ray and usb.
I would like to enable library users to access usb device storage and sd cards when they are plugged into the computer.
I am also having issues configuring temp home drive access and set it up to remove files on reboot.
We would like configure it as a local user.
N.B At the moment for we use windows 7 enterprise with deep freeze, a domain user with app locker and group policies to restrict a whole raft of things.
We have also changed our hardware model and they will go straight to the libraries rather than coming to us so having everything setup as a provisioning package and using usb or intune would be easier.
All replies (4)
Monday, February 12, 2018 9:30 AM âś…Answered | 1 vote
Hi,
There are a set of built-in policies on removable storage access and installation. It makes restricting USB mass storage device more easier.
1. Computer Configuration-->Policies-->Administrative Templates-->System-->Removable Storage Access
User Configuration-->Policies-->Administrative Templates-->System-->Removable Storage Access
It specify read and write permission on all kinds of removable storage device.
2. Computer Configuration-->Policies-->Administrative Templates-->System-->Device Installation-->Device Installation Restrictions
Also check the link below about Policies set by multi-app kiosk configuration.
Prevent access to drives from My Computer |
Enabled - Restrict all drivers |
Hope it will be helpful to you
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Tuesday, February 13, 2018 12:26 PM
Hi Carl
Thank for the help don't know why i didn't see it there myself before. Opened local group policy editor for the non-administrators group, sort for enabled under all settings and there it was. Change to c only and usb drives work. I will create a vhd file for documents and mount it as d drive and then somehow have it wipe on reboot.
Cant see it in the provision settings but can write a powershell script to fix that.
Regards
Kiwi
Friday, March 15, 2019 7:53 AM
Any tips on how you succesfully enabled the ability to view other drives?
I have set "Prevent access to drives from My Computer" to C:\ Drive only in Group Policy.
Potentially i need to set it in Local Group Policy but was unable to access this once in assigned access mode..
Tuesday, June 11, 2019 11:49 PM
I tried this as well and cannot allow USB for the kiosk assigned access account.
Is this going to be expanded perhaps in the "FileExplorerNamespaceRestrictions" CSP?