To build a professional-grade Windows 10 Kiosk solution by replacing the native explorer.exe with a custom Launcher, you are essentially creating a dedicated "Watchdog" environment. This approach ensures maximum security and reliability for industrial or commercial hardware.
Windows identifies the desktop environment via a registry key. By replacing explorer.exe, you prevent the Taskbar, Start Menu, and Desktop from ever loading, significantly reducing the system's attack surface.
To apply this to a specific user (e.g., KioskUser), modify the following:
Path: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value Name: Shell
Value Data: C:\Kiosk\Launcher.exe
The Launcher should be a lightweight, "invisible" (or branded) application that acts as a supervisor.
The Launcher monitors the Target Application's process. If it crashes or is closed, the Launcher logs the event and restarts it.
public void StartWatchdog() {
string appPath = @"C:\Kiosk\App\TargetApp.exe";
string processName = "TargetApp";
while (true) {
var processes = Process.GetProcessesByName(processName);
if (processes.Length == 0) {
Logger.Log("TargetApp crashed or was closed. Attempting restart...");
try {
Process.Start(appPath);
} catch (Exception ex) {
Logger.Log($"Critical Error during restart: {ex.Message}");
}
}
Thread.Sleep(5000); // Check every 5 seconds
}
}
Reset & Logging
Logging: Use a library like Serilog to write to a local file or a remote database.
System Reset: If the app fails to restart 3 times in a row, the Launcher should trigger a full system reboot:
Process.Start("shutdown.exe", "/r /t 0");
The Launcher should check for updates before starting the main application.
Monitor for drive insertion using WMI (Windows Management Instrumentation).
Detect U-Disk insertion.
Search for a specific file (e.g., update.zip) and a checksum/signature file.
Verify the signature, unzip, and replace the current binary.
Perform a "Check for Update" request to a central server:
Compare local version.json with the server's version.
If an update is available, download the payload via HttpClient.
Perform an atomic replacement (Rename current .exe to .old -> Write new .exe -> Restart).
| Feature | Technical Implementation |
| Auto-Login | Use netplwiz or Registry AutoAdminLogon to bypass the login screen. |
| Keyboard Blocking | Implement a Low-Level Keyboard Hook (Win32 API) to block Win, Alt+Tab, and Alt+F4. |
| Edge Gestures | Disable "Swipe from edge" via Group Policy if using a touchscreen. |
| Power Management | Disable Sleep, Hibernation, and Screen Off timers in the Power Profile. |
Develop: Build the Launcher.exe and the TargetApp.exe.
Configure: Create a standard user account on Win10.
Execute: Run a PowerShell script to set the Shell registry key and enable AutoAdminLogon.
Test: Reboot. The system should go directly into your Launcher and start your app.
