Windows 10 IoT Enterprise: Customizing

Lockdown means adapting a Windows operating system to your own needs with the help of specific restrictions. In the following, we will explain the lockdown features that are used to customize the operating system. We explain the features that ensure greater security here.

Unbranded Boot

With the Unbranded Boot function, Windows elements that appear when the operating system starts can be suppressed. These include the boot logo, the status ring and the status text - either individually or all at the same time. It can also be set so that a black screen appears instead of a blue screen (= an error message under Windows) and the device restarts automatically so that users cannot see it if the system crashes. A dump file is created in the background to read out the error afterwards.

Embedded Logon

The embedded logon makes it possible to suppress elements of the Windows 10 user interface when starting and shutting down the operating system. For example, the login screen can be hidden and an automatic login configured instead. It is then possible to show an application directly after the boot screen. The Embedded Logon can also be used to personalize the login screen by hiding some elements.

Shell Launcher

With the Shell Launcher, a Windows 10 app or a classic Win32 program can be opened automatically on request with the aim of hiding the standard Windows user interface. This means that as soon as the PC is started, the application also starts and the operating system remains invisible. It is also possible to configure different shells for different users so that, for example, two accounts run on the PC: one with the application as a shell and another with the classic desktop shell for administrative tasks. You can also set what should happen in the Shell Launcher if the program crashes or is closed. It could restart, shut down or do nothing at all.

Assigned Access

The Assigned Access has similar functions to the Shell Launcher. It is particularly interesting for so-called "single-function devices", i.e. devices that are only intended to fulfill a single function. These include, for example, kiosk systems, cash registers at the POS or displays at trade fairs. Assigned Access means roughly "assigned access". If an account is configured for this, a selected Windows app runs on top of the lock screen for the selected user account. Users of this account will then not be able to access any other function on the device. With some optional elements, the Assigned Access can be further personalized. For example, in terms of power button availability and welcome elements. To block access to the system, certain touch and mouse gestures and key combinations can also be blocked. Exiting the application is done via a special breakout key that takes you to the login screen.

Customized OEM information

Another feature that allows you to customize your PC is the option to adjust the OEM information. This allows you to state your own manufacturer and model name and insert your own logo. You can also store the support times, telephone number and URL so that your customers can see directly who the system comes from and where they can go if they have a problem. Overview page Windows 10 IoT Enterprise