How to lock Firefox in fullscreen mode?
January 10, 2007 5:30 PM Subscribe
How can I lock Firefox open in fullscreen mode so that unless you do some hotkey, no one can get at anything else (including Ctrl-Alt-Del and Alt-Tab)
Alright, so I'm creating a "kiosk" type of thing for my uncle's store, and I'm basically just creating a web page to run locally on his machine. What I want to do is be able to have Firefox run on Fullscreen (F11) mode, but I'm worried someone's going to just minimize the window and poke around Windows. Any suggestions?
To keep it simple for my uncle, the solution has to be Windows based.
Alright, so I'm creating a "kiosk" type of thing for my uncle's store, and I'm basically just creating a web page to run locally on his machine. What I want to do is be able to have Firefox run on Fullscreen (F11) mode, but I'm worried someone's going to just minimize the window and poke around Windows. Any suggestions?
To keep it simple for my uncle, the solution has to be Windows based.
I'd recommend Open Kiosk, on the page chrisamiller linked.
Properly locking a system down into kiosk mode is a non-trivial task. I used to work at an ATM software company, who required IE to run 24/7 unattended, with Ctrl-Alt-Del disabled, and every single system message dealt with in the background. Your requirements will perhaps be less stringent than theirs, but if you can get away with not having a keyboard that simplifies things a lot.
posted by matthewr at 5:47 PM on January 10, 2007
Properly locking a system down into kiosk mode is a non-trivial task. I used to work at an ATM software company, who required IE to run 24/7 unattended, with Ctrl-Alt-Del disabled, and every single system message dealt with in the background. Your requirements will perhaps be less stringent than theirs, but if you can get away with not having a keyboard that simplifies things a lot.
posted by matthewr at 5:47 PM on January 10, 2007
Not free... but I have had good experiences with Kioware Lite to give a nice locked-down web site access interface. It will block CTRL-ALT-DEL for you, as well as quite a bit more.
That in conjunction with Windows Disk Protection (part of Shared Computer Toolkit, free) which will roll back all harddrive changes on reboot make for a pretty well secured kiosk.
posted by icebourg at 6:05 PM on January 10, 2007
That in conjunction with Windows Disk Protection (part of Shared Computer Toolkit, free) which will roll back all harddrive changes on reboot make for a pretty well secured kiosk.
posted by icebourg at 6:05 PM on January 10, 2007
If there's not any particular reason to be using Windows (which there isn't unless you have more requirements that you're not posting), why not run FF off a Linux LiveCD, that way you don't have to deal with locking down Windows, and even if someone does manage to screw with things it can be fixed with a simple reboot?
posted by wierdo at 6:45 PM on January 10, 2007
posted by wierdo at 6:45 PM on January 10, 2007
At the risk of, again, going against your specification, I have to agree with wierdo. There are free Kiosk linux distributions available that, once you've installed them, would probably actually be a lot simpler, more secure, and more stable than trying to hack Windows into a kiosk.
You say you need to use Windows so it's simple for your uncle, but the question is, what is your uncle going to be doing on it that requires Windows? Ie. what will he be doing with it besides using it as a web kisok? If he just needs to update files on it for the local website you're running, setting up network file sharing, or even FTP access, is trivial.
posted by Jimbob at 7:26 PM on January 10, 2007
You say you need to use Windows so it's simple for your uncle, but the question is, what is your uncle going to be doing on it that requires Windows? Ie. what will he be doing with it besides using it as a web kisok? If he just needs to update files on it for the local website you're running, setting up network file sharing, or even FTP access, is trivial.
posted by Jimbob at 7:26 PM on January 10, 2007
Response by poster: Basically, the reason it needs to be Windows only is because I am going to be accessing it from afar. He uses GoToMyPC, and I know there are ways to do this on Linux, but I want to make it as simple of an environment for him to use, should he ever have to fix something himself. I don't want to have to be giving him bash commands over the phone, I'd much rather he have some understanding of the operating systems.
Thanks for the help so far guys--I'll look into everything and report back with what I use.
posted by deansfurniture5 at 7:45 PM on January 10, 2007
Thanks for the help so far guys--I'll look into everything and report back with what I use.
posted by deansfurniture5 at 7:45 PM on January 10, 2007
Response by poster: Also, after thinking a bit more, there won't be a keyboard available to the user, because the site will only need a mouse--I guess that makes it a lot easier to do, as Ctrl+Alt+Delete and such won't be a problem.
posted by deansfurniture5 at 7:46 PM on January 10, 2007
posted by deansfurniture5 at 7:46 PM on January 10, 2007
With the on-screen keyboard I can alt-tab, get out of firefox, and get into your base and kill your dudes, so to speak. I can run task manager and kill processes. With the mouse I can go to start > run and then you'll be in a world of hurt.
If you do go with windows at least run as a local user and not as an admin. Remove the on screen keyboard. disable the alt, control and windows keys. dont let the browser run anytype of control or javascript unless you need it. Remove IE. block windows media player. lock everything down with the group policy editor. use a bios password. reimage weekly. That would be bare minimum protection.
Best to stick with the linux-based kiosks.
posted by damn dirty ape at 8:20 PM on January 10, 2007
If you do go with windows at least run as a local user and not as an admin. Remove the on screen keyboard. disable the alt, control and windows keys. dont let the browser run anytype of control or javascript unless you need it. Remove IE. block windows media player. lock everything down with the group policy editor. use a bios password. reimage weekly. That would be bare minimum protection.
Best to stick with the linux-based kiosks.
posted by damn dirty ape at 8:20 PM on January 10, 2007
Oh, alt-f4 also works with the on screen keyboard. It kills the app behind it.
posted by damn dirty ape at 8:25 PM on January 10, 2007
posted by damn dirty ape at 8:25 PM on January 10, 2007
Almost forgot. Disable auto-run. Disable cd-rom drive. Disable USB ports. Disable SD/memory stick/whatver drive.
Now that's the bare minimum for an xp kiosk in public.
posted by damn dirty ape at 8:34 PM on January 10, 2007
Now that's the bare minimum for an xp kiosk in public.
posted by damn dirty ape at 8:34 PM on January 10, 2007
With a single button mouse (can you still get these?) and no keyboard, there's not much havoc a user can cause — I can't see a way of being able to move out of kiosk-mode Firefox with only a left mouse button. You say there's no requirement to enter text — if there was, you could create a clickable alphanumeric 'keyboard' in flash or javascript.
As always, physical security matters. An important part of ATM security is that the computer is only physically accessible to tech support people (not any old bank staff), so you don't have to worry about people plugging in keyboards or anything nasty like that. I'd consider unplugging the network cable (presumably only required for GoToMyPC, depending on what your app does) when it's not required.
In a shop environment, I would be more concerned with putting the kiosk in an area watched by staff to prevent people stealing it, than I would be about group policy etc.
posted by matthewr at 8:40 PM on January 10, 2007
As always, physical security matters. An important part of ATM security is that the computer is only physically accessible to tech support people (not any old bank staff), so you don't have to worry about people plugging in keyboards or anything nasty like that. I'd consider unplugging the network cable (presumably only required for GoToMyPC, depending on what your app does) when it's not required.
In a shop environment, I would be more concerned with putting the kiosk in an area watched by staff to prevent people stealing it, than I would be about group policy etc.
posted by matthewr at 8:40 PM on January 10, 2007
Putting the PC in some kind of locked box, or behind a wall or something is a good idea to prevent it from being stolen/vandalised, but also means you don't have to worry about hardware security like auto-run/USB etc.
posted by matthewr at 8:42 PM on January 10, 2007
posted by matthewr at 8:42 PM on January 10, 2007
Response by poster: Yeah, I'm not too worried about people accessing the actual physical box. The box will be behind the counter next to the register, and all the user will be able to access is the mouse and monitor.
I've realized that by putting Firefox in fullscreen mode, pretty much nothing is accessible with the mouse, as long as I disable all the toolbars first. I just need to figure out a way to make the start bar inaccessible.
posted by deansfurniture5 at 9:44 PM on January 10, 2007
I've realized that by putting Firefox in fullscreen mode, pretty much nothing is accessible with the mouse, as long as I disable all the toolbars first. I just need to figure out a way to make the start bar inaccessible.
posted by deansfurniture5 at 9:44 PM on January 10, 2007
set the start bar to autohide and don't allow it to 'always be on top'
posted by jedrek at 1:56 AM on January 11, 2007
posted by jedrek at 1:56 AM on January 11, 2007
This thread is closed to new comments.
posted by chrisamiller at 5:36 PM on January 10, 2007