kiosk software to lock down the laptops our employees will use on the road

Looking for a kiosk software to lock down the laptops our employees will use on the road, and should only be to connect vie remote desktop services to the terminal server in the office.

It’s for productive reasons but a wall for security, so not only should it lock down apps, but also control panel etc. USB and other removal drives etc.  

I will not join the laptops to the domain, this can also be accomplished with local policy’s but will be time consuming to do it on each laptop.

Any recommendation
LVL 4
Abraham DeutschIT professionalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
Easiest way is to set local group policy to restrict what you don't want users to have access to and then make sure they are not local administrators.
Andrew LeniartFreelance JournalistCommented:
Hi Abraham,

Recommendations are difficult to give without knowing all of the features and specifications that are important to "you".

That said, there are tons reviewed and able to be compared by Value, Deployment, and Features to choose from on this article at Capterra.

Find the best Kiosk Software for your business

Take a look. You'll surely find a suitable solution from those choices.

Hope that's helpful.

Regards, Andrew
Abraham DeutschIT professionalAuthor Commented:
Based on this link mobile lock pro is on top of the list compared to others with one or no ratings plus full five stars. In fact I used it on a android and was very easily bypassed by users
Get a highly available system for cyber protection

The Acronis SDI Appliance is a new plug-n-play solution with pre-configured Acronis Software-Defined Infrastructure software that gives service providers and enterprises ready access to a fault-tolerant system, which combines universal storage and high-performance virtualization.

Andrew LeniartFreelance JournalistCommented:
I wouldn't put a great deal of weight on the number of stars the linked site gives, nor where in the list products appear. Rather, I'd suggest selecting some solutions that support the features "you" are looking for, and then seeking reviews about them on the general web. Review sites like that will almost always have a bias for one product or another, however, they are a terrific resource for finding out what's available.

In so far as users being able to bypass protection, that can be done with just about any product imaginable if the user has sufficient technical knowledge on doing things like that. Given that you are seeking out this type of software for your employees, a well-worded clause in their employment agreements that details the consequences of trying to circumvent restrictions of any company owned resource that is provided for their use should be sufficient to make them think twice if they value their jobs in my opinion :)

Cheers, Andrew
McKnifeCommented:
A perfect solution for Windows 10 would be assigned access.
Steps are easy:

1 download the microsoft remote desktop app from the windows store
2 setup a restricted account (or take any existant domain account that is non-admin)
3 setup assigned access for that remote desktop app on the elevated powershell:
Set-AssignedAccess -UserName yourdomain\username -AUMID Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge

Open in new window


("username" is the name of that restricted account. In this example, I used edge as application. What you see at the end of the command is the so-called AUMID for edge. To find the AUMID for the remote desktop app [after installing it], use this process: https://docs.microsoft.com/de-de/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app )

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shaun VermaakTechnical SpecialistCommented:
I would do Windows 10 CIS level 2 on workstations and remove their administrator access
https://www.cisecurity.org/
Abraham DeutschIT professionalAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.