Use your application as a Windows 10 shell instead of explorer

  1. Ensure two user accounts are set up, an Admin, and a user that we want to lock down. In this case DSL was our admin and Engineer the account we want to lock down.
  2. Log in to the Admin account
  3. Enable Shell Launcher by going to Control Panel > Programs > Programs and Features > Turn windows features on or off. Then expand ‘Device Lockdown’, tick ‘Shell Launcher’ and Click ‘Ok’
  4. Launch “Windows Powershell ISE” and click File, then New. Paste the code into the open window. Save the file somewhere with your preferred name – in this case it was on the desktop called lockdown.ps1
  5. Edit the lockdown file to have the desired actions. The default for the user account in the Microsoft example was “cashier” so I went through and changed any occurrences of cashier to engineer. This I believe should be lines 75, 77, 97 and 99. * Below shows the code with the user already changed to Engineer
  6. Set the required action in line 99, for when Internet explorer is closed, in this case I chose restart_shell, but the actions we have available are shown on lines 81-83
  7. Run the script, but you may want to change line 99 to point to your program rather than Internet Explorer.
  8. Launch “Windows Powershell” as an admin and navigate to the location of the .ps1 file
  9. Type “lockdown.ps1” if given an error, try: “.\lockdown.ps1”
  10. If you still get an error at this point, i.e. the script couldn’t be run because execution of scripts is disabled on the system. To enable this, type “set-executionpolicy remotesigned” into powershell then try “.\lockdown.ps1” again