Windows 11 Kiosk -

while ($true) $proc = Get-Process -Name "MicrosoftEdge" -ErrorAction SilentlyContinue if (!$proc) Start-Process "microsoft-edge://" Start-Sleep -Seconds 30

| Attack vector | Mitigation | |---------------|-------------| | | Filter keys / disable via FilterAdministratorToken , GPO | | Sticky keys / accessibility | Delete sethc.exe , utilman.exe backups | | USB storage | GPO: Administrative Templates > System > Removable Storage Access | | Task Manager | Disable via HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System → DisableTaskMgr = 1 | | Windows Update interruptions | Configure active hours, use kiosk_mode servicing policy | | On-screen keyboard | Disable via GPO or remove osk.exe | Recommended: Shell Launcher v2 (Enterprise only) Replace explorer.exe with your app → prevents any shell access. windows 11 kiosk

Set via registry:

Launch via PowerShell (run as kiosk user): windows 11 kiosk