Policies enforced on kiosk devices
- Windows 10 Pro, Enterprise, and Education
It is not recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
The following local policies affect all non-administrator users on the system, regardless whether the user is configured as an assigned access user or not. This includes local users, domain users, and Azure Active Directory users.
|Remove access to the context menus for the task bar||Enabled|
|Clear history of recently opened documents on exit||Enabled|
|Prevent users from customizing their Start Screen||Enabled|
|Prevent users from uninstalling applications from Start||Enabled|
|Remove All Programs list from the Start menu||Enabled|
|Remove Run menu from Start Menu||Enabled|
|Disable showing balloon notifications as toast||Enabled|
|Do not allow pinning items in Jump Lists||Enabled|
|Do not allow pinning programs to the Taskbar||Enabled|
|Do not display or track items in Jump Lists from remote locations||Enabled|
|Remove Notifications and Action Center||Enabled|
|Lock all taskbar settings||Enabled|
|Lock the Taskbar||Enabled|
|Prevent users from adding or removing toolbars||Enabled|
|Prevent users from resizing the taskbar||Enabled|
|Remove frequent programs list from the Start Menu||Enabled|
|Remove Pinned programs from the taskbar||Enabled|
|Remove the Security and Maintenance icon||Enabled|
|Turn off all balloon notifications||Enabled|
|Turn off feature advertisement balloon notifications||Enabled|
|Turn off toast notifications||Enabled|
|Remove Task Manager||Enabled|
|Remove Change Password option in Security Options UI||Enabled|
|Remove Sign Out option in Security Options UI||Enabled|
|Remove All Programs list from the Start Menu||Enabled – Remove and disable setting|
|Prevent access to drives from My Computer||Enabled - Restrict all drivers|
When Prevent access to drives from My Computer is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
Some of the MDM policies based on the Policy configuration service provider (CSP) affect all users on the system (i.e. system-wide).
|Experience/AllowCortana||0 - Not allowed||Yes|
|Start/AllowPinnedFolderSettings||0 - Shortcut is hidden and disables the setting in the Settings app||Yes|
|Start/HidePeopleBar||1 - True (hide)||No|
|Start/HideChangeAccountSettings||1 - True (hide)||Yes|
|WindowsInkWorkspace/AllowWindowsInkWorkspace||0 - Access to ink workspace is disabled and the feature is turned off||Yes|