Mar 20 2019 09:24 AM
I am working with creating a Device Configuration Profile for Kiosk Mode. The device is Windows 10 1809 and is Azure AD joined only and is syncing and receiving policies, updates, and software.
When the device is restarted the Kiosk policy attempts to force the Auto-login option but fails. It is showing User "kioskUser0" and giving the generic message of "username/password is incorrect". I wait a minute or 2 and the timeout for attempting the login with the kiosk user occurs, then I am able to then login with any azure ad user I attempt.
When the policy is applied is it creating kioskUser0 as a local account on the device?
Other than restarting, is there any way for the device to attempt to log back into the kiosk section? (logging in and signing out does not seem to trigger this)
Mar 25 2019 03:00 PM
Hi @cbelcher,
the policy is creating the kioskuser0 and confgures the autologon. If you combine this with a Autopilot Self Deploying Mode (SDM) Profile then the OOBE will enable the Enrollment Status Page (ESP) and waits for the receiving of this policy and then when it proceeds the kioskuser0 autologon will instantly take you to the Kiosk. In my tests I found a problem in this mode as the ESP is currently not correctly waiting for the kiosk profile therefore the autologon is not working. This is currently known by Microsoft and they are working on a fix.
best,
Oliver
Apr 01 2019 06:54 AM
To clarify, I am not using Auto-pilot with ESP. This are provisioned with a USB and the the kiosk mode profile is applied when the device is synced. Is the issue you stated still going to affect me?
Apr 03 2019 07:15 AM
Hi @cbelcher,
hmm okay understand. I didn't setup kiosk with USB sticks and provisioning packages until now. Anyway after restart the auto logon should work. Did you try to specify .\kioskUser0 and leave the pasword blank? important is the .\ in front to make sure the logon window knows it is a local user logon. Do you have other MDM policies which getting applied to the device as well? maybe they create a kind of conflict. e.g. if you enforce via Compliance policy require passwort it will break auto logon.
best,
Oliver
Apr 10 2019 03:36 PM - edited Apr 11 2019 07:18 AM
I am working with Premiere support at the moment to dig in and figure this out. I will reply back with my notes for others to benefit from as well. This reply is to let everyone know this is still being investigated.
Apr 15 2019 02:25 PM
Below are the results of what I found with MS Support to be the steps taken to achieve Kiosk Mode.
Notes for the experience:
I found I had to restart the devices several times after everything was in place before it would actually take place. (Approx 3-4 times per device)
During some further testing I found:
In a Device Restriction policy, password section, filling in the preferred tenant name breaks the auto login feature for kiosk mode. I made a single change and once the devices synced, and restarted, they were unable to auto-login.
Thank you Oliver for reaching out to help me.
Feb 22 2023 08:20 AM
Hi all,
i am suffering the same issue, even if I have some other prerequisites. The aim is the same, i want to deploy an Single app, full-screen kiosk device., which displays a full screen web page, which can be used without any interactive logon.
My configuration is the following:
When I deploy my device, autopilot (WLAN or LAN) works like a charm, the device gets provisioned real fast, but then my trouble starts. Instead of displaying the configured website, I get the windows logonpage with no user prefilled. As soon as i enter the username '.\kioskuser0' i am able to sign in without the requirement of a password and the configured website gets displayed as i wish. But i have to logon every time with the user which is configured by the Kiosk Intune Profile. I can't remember, that this is an expected behavior and i haven't seen this in any blog or video.
Here are my Intune configurationprofiles, which get successfully deployed to the device:
No the steps I did to find the error:
I have double checked, if the client got the policy and made several reboots, to be sure the configuration is on the client. Well, it is:
Since I know, any password policy or preferred Tenant information will break the experience, I have tripplechecked this and made shure, that no corresponding Policy is in place. I can confirm, there is no device lock policy on the device. To make the things more tricky, the following Eventlogs are empty and can't help me in any way:
To get around the problem, i played with different settings within the Kiosk Profile, my problem didn't disappear. Regardless if i configure the Kiosk Browser or the Edge Browser with Digital/interactive Signage, i still get the windows 11 sign in screen.
@Oliver Kieselbach: Do you have any clue, how to get my configuration out of this mess? Even waiting an entire #membeer, to allow intune replication didn't work :(.
Greetings Michael
Feb 22 2023 08:25 AM
There's currently a known issue in Windows Update KB5022303, which applies to both Windows 10 and Windows 11, where Kiosk device profiles that have auto log on enabled won't auto login. After Autopilot completes provisioning, the device stays on the sign-in screen prompting for credentials. To work around this known issue, you can manually enter the kiosk user credentials with the username kioskUser0
and no password. After entering this username with no password, it should take you to the desktop. There's a fix pending, but no estimated date for the release of the fix at this time.
https://learn.microsoft.com/en-us/mem/autopilot/known-issues
Have you seen this?
best,
Oliver
Feb 24 2023 06:01 AM
Mar 12 2024 02:31 AM
Apr 11 2024 01:03 AM
Hi,
here is my little workaround tip:
Apr 11 2024 01:09 AM
I actually went away and came back to this with fresh eyes. I managed to get this working WITHOUT any scripts or other setups.
I found that although I did not assign a compliance policy and the default compliance policy that applied did not have any password settings I could see in Intune, as soon as I made a new, empty compliance policy to catch the machine when it enrolled - it worked.
Unfortunately, my experience with Intune has been if it doesn't work today, walk away and try another day and it may work. I can't guarantee this works every time as I only needed to make one kiosk setup.
I have a working Windows 11 kiosk configured by Intune alone.