How to lockdown an Windows XP machine to be used as a Kiosk machine.

I want to take a windows XP Pro PC and using the local policy and or additional reg hacks or other solutions, lock the machine down to prevent use other than IE browsing.  I would lso like users to be able to open PDF documents for viewing but not download them to the desktop.  Again I want to prevent all any and all ability to access functionality to modify the system by a user who is using the PC.
Who is Participating?
Microsoft recently released the Shared Computer Toolkit, designed to help with this sort of thing, available here:
What about running IE6 in Kiosk mode:

Is this PC part of a domain?
You would want to ensure they were running as limited users firstly.  You would then install software (such as Acrobat) they require.  Modify the start menu so they only have access to required areas and ensure the desktop and quicklaunch areas only contain authorised links.  To prevent saving to the desktop you should set NTFS permissions.  The actual local policy contains numerous settings and I wont list them here but you will need to work through each one and enforce the policies you want to apply.  Pay special attention to access to the local drives, control panel, windows explorer and Internet Explorer restrictions.  Many local policy settings may not apply or can be otherwise mitigated through other policy options.

Hope this helps.
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Are you just worried about people tampering with settings?  I have several PC that I use here that are avalible to all employees.  I'm using IE in Kiosk mode, along with mandatory profiles.  You can just rename the ntuser.dat file to  That way if someone gets in there and srcews with any settings, all the changes they make are lost as soon as they log out.  Just a thought...  Hope this helps.
kaparaAuthor Commented:
I understand that I would want to lock down the PC.  What I am looking for is some type of cheat sheet of keys within local policy and or other locations which I should lockdown.  I posted this question to get the detailed steps.  Not the general concept.  I am hoping someone out there has a step by step guide on how to lock down the PC for this type of use.

kaparaAuthor Commented:
In regards to the  Can you still make changes to the local policy and have thos settings apply even though you have changed the ntuser.dat?  Also this is a workgroup (Stand Alone) PC.
Load the group policy editor.  Start/Run/ mmc.exe
add snapin group policy.

You can limit a number of things in windows. Stick in administrative templates to limit what you need. There are soo many options in here it's kind of hard to just do a cheat sheet for you. Looking around will help you because most of them are self explanatory.


User Configuration/Administrative Templates/System/Ctrl+Alt+Del options
Here you can remove task manager, change password, and lock computer, You can even disable log off if you want.

Then in

User Configuration/Administrative Templates/Windows Components/Desktop
You can remove active desktop, my documents, my computer, etc

User Configuration/Administrative Templates/Windows Components/Internet Explorer
here you can lock out many of the features of internet explorer, users could still download and view PDF's from IE but run IE in kiosk mode like said above and only allow them to run adobe reader.

Just look around and you'll see ways of lockin XP down really well.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.