Locking down a Public Kiosk
Posted: Wed Feb 27, 2013 11:21 am
This issue has been on my mind so here is what I have found on how best to lock down a Kiosk PC so that a patient cannot mess around too much.
1. Create a User account in Windows for the Kiosk and have an Admin backdoor.
2. Create a "Kiosk" account in OD. There is no such thing but what I mean is create a KIOSK group in Setup>>Security and disable most modules of OD.
3. Set the Kiosk password in Kiosk Manager>>Password. Since this is plain text and not masked do not enter it in the presence of a patient.
4. Mirror your Kiosk screen to another monitor that a staff member can monitor. if you have an All-in-One Kiosk PC you can still use an USB-DVI or USB-VGA converter. Newer all in ones have an HDMI output.
5. if you are able to run XP, you are lucky since you can download a Windows utility called Steady State that will help you lock down your PC. Steady Sate has been discontinued so you have to Google a bit. Bear in mind that once Microsoft withdraws XP support (08/2014) you will be out of HIPAA compliance for running an unsupported OS.
6. For Windows 7 you can use the following link from Microsoft to get an Excel Spreadsheet with step by step instructions for locking down each item. http://www.microsoft.com/en-us/download ... x?id=19990 Need updates for Windows 8. Anyone?
7. Use a fake (local) C:\OpenDentalImages folder. If you do this remember that updates have to be run manually by navigating to actual //Server/OpenDentalImages. Also be sure to ensure that any form backgrounds are copied over to C:\OpenDentalImages\SheetImages
8. Additionally you should implement other security measures: BIOS password, disable F8 (Safe Mode) on the Kiosk keyboard (superglue?), remove all devices from Boot Sequence except the primary Hard Disk, disable Autoplay, delete unnecessary Screen Icons.
9. For Windows 8 I think it would be prudent to disable the Metro UI altogether using some or the other utility. Specifically disable Hot Corners and Charm bar.
10. If the Kiosk has a wireless keyboard get an encrypted one, again for HIPAA. They cost about the same. http://www.amazon.com/Logitech-Wireless ... B004YLAYHA
I intend this to be a starting point. I am sure there are experts here who can weigh in and add more measures to this list. I know there are many Kiosk softwares out there but I don't want to pay for more software and configure things outside of Windows. To disable/remap certain keys it might be easier to use Sharpkeys and/or AutoHotKeys (both free) but I haven't tried either.
Please add to the list or tell me what you guys think.
1. Create a User account in Windows for the Kiosk and have an Admin backdoor.
2. Create a "Kiosk" account in OD. There is no such thing but what I mean is create a KIOSK group in Setup>>Security and disable most modules of OD.
3. Set the Kiosk password in Kiosk Manager>>Password. Since this is plain text and not masked do not enter it in the presence of a patient.
4. Mirror your Kiosk screen to another monitor that a staff member can monitor. if you have an All-in-One Kiosk PC you can still use an USB-DVI or USB-VGA converter. Newer all in ones have an HDMI output.
5. if you are able to run XP, you are lucky since you can download a Windows utility called Steady State that will help you lock down your PC. Steady Sate has been discontinued so you have to Google a bit. Bear in mind that once Microsoft withdraws XP support (08/2014) you will be out of HIPAA compliance for running an unsupported OS.
6. For Windows 7 you can use the following link from Microsoft to get an Excel Spreadsheet with step by step instructions for locking down each item. http://www.microsoft.com/en-us/download ... x?id=19990 Need updates for Windows 8. Anyone?
7. Use a fake (local) C:\OpenDentalImages folder. If you do this remember that updates have to be run manually by navigating to actual //Server/OpenDentalImages. Also be sure to ensure that any form backgrounds are copied over to C:\OpenDentalImages\SheetImages
8. Additionally you should implement other security measures: BIOS password, disable F8 (Safe Mode) on the Kiosk keyboard (superglue?), remove all devices from Boot Sequence except the primary Hard Disk, disable Autoplay, delete unnecessary Screen Icons.
9. For Windows 8 I think it would be prudent to disable the Metro UI altogether using some or the other utility. Specifically disable Hot Corners and Charm bar.
10. If the Kiosk has a wireless keyboard get an encrypted one, again for HIPAA. They cost about the same. http://www.amazon.com/Logitech-Wireless ... B004YLAYHA
I intend this to be a starting point. I am sure there are experts here who can weigh in and add more measures to this list. I know there are many Kiosk softwares out there but I don't want to pay for more software and configure things outside of Windows. To disable/remap certain keys it might be easier to use Sharpkeys and/or AutoHotKeys (both free) but I haven't tried either.
Please add to the list or tell me what you guys think.