(128) Microsoft Intune - Kiosk Setup Windows 11
- Mr B SOE way
- Jun 17, 2024
- 2 min read
Updated: Jun 21, 2024
From my recent testing for the last few weeks with Kiosk and CIS 3.0 Windows 11 Benchmark, I have managed to narrow it down to get it working. For the value of DefaultUserName, ".\kioskuser0" must remain as is due. There is a known issue where kioskuser0 does not automatically as per Kiosk device profile not auto logging in. By creating the following application after using a "Self deploying mode" assigned profile, this application will install on the login page and auto-login with .\kioskuser0 as per "Multi-App Kiosk Profile" or "Single-App Kiosk Profile". Create Win32 App: Auto Logon Account For install.ps1:
Add-LocalGroupMember -Group "Administrators" -Member kioskuser0
Set-LocalUser -Name "kioskuser0" -PasswordNeverExpires 1
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName" -Value ".\" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName" -Value ".\kioskuser0" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon" -Value "1" -PropertyType String -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon" -Value "1" -PropertyType DWord -Force -ea SilentlyContinue;
New-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "LastUsedUsername" -Value "kioskuser0" -PropertyType String -Force -ea SilentlyContinue;
Restart-Computer -ForceFor uninstall.ps1
if((Test-Path -LiteralPath "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon") -ne $true) { New-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -force -ea SilentlyContinue };
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultUserName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoLogonCount"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "AutoAdminLogon"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "DefaultDomainName"
Clear-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name "ForceAutoLogon"
Restart-Computer -ForceProgram Command lines are as follows:
Install command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Install.ps1
Uninstall command:
%windir%\sysnative\windowspowershell\v1.0\powershell.exe -executionPolicy bypass -windowstyle hidden -file .\Uninstall.ps1
Detection: Rules format: Registry
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value name: DefaultUserName
Detection method: String comparison
Operator: Equals
Value: .\kioskuser0
Package the following application with https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool
Note: You must wait for 3 to 5 minutes dependent on your internet speed, this will apply the .\kioskuser0 to 'Administrators' group as well as apply the registries assigned as well as restart the device which will then auto login with the .\kioskuser0
Comments