Porteus Kiosk – Windows 7 Kiosk replacement

The Windows 7 Kiosk’s have been doing well over the last year, but have proven to be a bit of a pain with updates. Each month I set a reminder to perform Windows & AV updates. AV was fine (We use SEP) but Windows would always hang on a few .NET updates or cumulative roll ups for no reason. So I decided to look in to Porteus Kiosk once more and spend a bit more time customising it. The end result is a much easier to deploy and manage Kiosk. I have not gone down the path of setting up the server component for them yet which would be nice, due to the fact that we only have 2 and there is not much management needed. I may tinker with this sometime soon.


So to begin just download the standard ISO from the Porteus website

I wanted to change the default home page to be the same one used on the Windows 7 Kiosks, as well as the default wallpaper. So it was necessary to customise the ISO and rebuild it on a Linux machine.

Porteus uses modules in the .xzm format to house it’s file structure. After some research I decided it would be easiest to just modify one of the existing modules and add my files to it. Referring to the manual customisation page this is quite easy

On a Linux machine (I used a standard Ubuntu desktop) follow the customise process as described in the link above. Copy the standard Porteus ISO to the /tmp directory, then from the terminal create the kiosk_ISO directory, mount it, copy the files and unmount.

Inside the xzm directory I chose the 003-settings.xzm file to alter. To make changes you first need to unsquash the package, places your files in the folder structure where you need them (I placed my custom homepage in /opt/kiosk-home.), and resquash it again. All described in the modules page

Once you are done with your customisations, move the xzm module back to the xzm directory of the kiosk_ISO folder. Now run the make_iso.sh script to create the .ISO file again.

Simply burn that to a CD and put it in the intended Kiosk machine.

My additional customisations of the install itself are as follows. This is generated after you run through the wizard. The critical one for my needs was the wallpaper (needs to be a web address where it is downloaded and applied during install) and enable_file_protocal=yes. This allows referencing the local file structure for the home page with file://

additional_components=09-x11vnc.xzm uefi.zip 08-ssh.xzm 07-java.xzm 05-flash.xzm

Windows 7 Kiosk Build

I was recently asked to create some easy to use Kiosk machines for work that would be as locked down as possible, and provide a familiar and easy experience for our staff.

My first thought was Linux, and sure enough there were quite a few flavours out there to choose from when it came to pre-built ISO’s. I landed on what looked to be the cream of the crop, Proteus Kiosk. This was amazingly simple to customize with the startup config options, but in the end was lacking the latest Flash and Java versions that I needed. In order to customize it we would need to purchase a once-off customization ISO service, or donate to their project for a simple change (which this should be). However, I wanted to get this done for $0 and quick.

After half a day or so of searching on different ideas, I landed on building a stock Windows 7 machine and to lock it down with Group Policy and the registry.

Taking tips from here on the appropriate settings to look for, I began ripping in to the group policy and turning everything off that would cause trouble. Keyboard shortcuts, CTRL+ALT+DEL options etc.

The heart of the kiosk is Firefox. From the above page I altered the shell to be Firefox instead, which is running a plugin called R-Kiosk. By itself it works fine, but I made some adjustments for our staff.

Show the full nav bar
Create the file user.js under the following directory – C:\users\USERNAME\appdata\roaming\mozilla\firefox\profiles\PROFILEID

and add the following line

Hide the searchbar and step 1 of keeping nav bar visible (no auto-hide)
Create a folder called chrome in the same firefox profile directory as above, and create the file userChrome.css in there with the following lines

#searchbar { display: none !important; }

#navigator-toolbox[inFullscreen] #PersonalToolbar
{ visibility: visible !important; }

Additional configurations
– about:config
The above userChrome.css setting for making the navigator toolbox visible didn’t work by itself for me. I also had to load up the¬†about:config¬†settings pane and adjust the following settings


– Privacy Settings
In order to prevent certain websites from blocking mixed content between sessions (and requiring staff to click on Firefox’s shield icon at the top-left of the browser and manually enabling the content every time) the following privacy settings were needed. These are set so everything is reset between sessions, but site preferences are kept (which works with the above about:config setting of¬†security.mixed_content.block_active_content;false¬†to ensure all content is displayed without a prompt)
FF-Privacy settings 1 FF-Privacy settings 2

Ensuring user sessions aren’t left for too long
The last bit of housekeeping to ensure users aren’t using websites with other staff members credentials was to regularly reopen Firefox when the computer was left idle for a period of time. It had to be long enough to cater for someone going to the toilet etc and wanting to return to their session, but short enough that it wasn’t there all day. I settled on 12 minutes.

Part 1 – Screensaver
At first it seemed easy, just enable all security logs on the system, and watch for the screensaver invoked ID 4802. When this ID was logged, the scheduled task would fire off a script that simply closes the Firefox process, and opens it again. While this worked, for some reason the screensaver would load, appear for about 1 second, and then the scheduled task would kick in, clearing the screensaver and taking us back to the Firefox home page. This meant the screensaver would never stay, and always be interrupted. I am not 100% sure on why this happens, but can only guess that the scheduled task firing counted as user activity, so cleared the screensaver. So, the method that worked in the end was to only fire the task when the screensaver had been cleared by a user. To do this I changed it to instead look for event ID 4803 (screensaver dismissed) which worked a treat. There is a brief 1 second period when Firefox is closed and reopened after moving the mouse, but this is acceptable.

TASKILL /IM firefox.exe
ping -n 2 >NUL
CD “C:\Program Files (x86)\Mozilla Firefox”
START firefox.exe

task - restart FF

Part 2 РWhat if the user closes Firefox accidentally?
Solvable by another scheduled task, I simply used the following script and set the task to run every minute. It will check if Firefox is open, if so it does nothing. If Firefox is not open, it simply opens it once more, and so on and so forth.

On Error Resume Next
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colItems = objWMIService.ExecQuery(“Select * from Win32_Process where Name = ‘firefox.exe'”,,48)
Count = 0
For Each objItem in colItems
Count = Count + 1
If Count = 0 then
Set OShell = CreateObject(“wscript.Shell”)
‘oShell.Run (chr(34) & “C:\Kiosk\IE Kiosk Mode.lnk” & chr(34))
oShell.Run (chr(34) & “C:\Program Files (x86)\Mozilla Firefox\firefox.exe” & chr(34))
End if

task - check FF


It’s probably about time I satisfy the gaming portion of this¬†site title.

For Christmas my most awesome girlfriend bought a PlayStation 4. We’ve been having a great time every day since playing¬†The Lego Movie game and Little Big Planet 3 together, as well as me playing FarCry 4 and streaming my adventures on twitch using the PS4’s inbuilt share function.

Here are some details of where you can find me:

PlayStation Network

PlayStation ID



Activating Windows 7 on an OEM licensed desktop after a clean install

So I’ve been racking my brain and farting about on the web trying to find a way to activate our OEM machines at work which don’t contain a COA (Certificate Of Authenticity) on them.

Using the Magical Jelly Bean Keyfinder tool I was able to see the OEM cd key, but when trying to activate a fresh install of one of these machines (Lenovo M73 SFF) it just states that it couldn’t be activated.

After a bit more fluffing about I came across this thread on the Lenovo support forums.

Note post 15 from p1nh3a6. In it he describes success with using a tool to extract the activation certificate from the standard OEM installation, which can then be used on a fresh install of Windows 7 to reactivate using the same details.

So I went to his first suggestion of ABR.

Using this tool on a stock OEM machine from Lenovo I was able to create the backup files, then simply have them in the root of the ABR folder, and on the clean install run the restore executable and it automatically did it’s thing to import the certificate. The Windows install was activated after this was done.

Now on to creating a clean and shiny SOE!


One false start and a bit over one month after the initial install date, we’re finally online with NBN!

I’ve chosen to go with Exetel on a 100/40 500GB plan for $89/month, and managed to use over 100GB in updates and streaming in 2 days… might need to up that to unlimited for $10 more… hmmm….





New tent and location!

In continuing my completely ad-hoc use of this blog, here’s an update!

We bought a new tent. It’s going to be used for camping. Pretty revolutionary stuff. The tent is the best I’ve ever had. Bastard of a thing to get up at first, but then I pulled my head out and pinned all the corners down which made the process a hell of a lot easier.

Alice and I have also moved to Ballarat Victoria!

I’ve gotten myself a nice IT job here which I’m stoked about. Started today and my heads still spinning at all the possibilitiesūüôā Looking forward to the challenges ahead.

Here’s some happy snaps.