New Edge - Kiosk Mode - Assigned Access -Need to block Address bar BUT allow Home, back and forward?

%3CLINGO-SUB%20id%3D%22lingo-sub-1477471%22%20slang%3D%22en-US%22%3ENew%20Edge%20-%20Kiosk%20Mode%20-%20Assigned%20Access%20-Need%20to%20block%20Address%20bar%20BUT%20allow%20Home%2C%20back%20and%20forward%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1477471%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20run%20public%20(domain%20joined%20but%20local%20accounts)%20PCI%20Compliant%20Kiosks%20for%20Health%20and%20Government%20offices.%20The%20Kiosks%20run%20severely%20locked%20down%20with%20Group%20Policy%20and%20some%20Assigned%20Access%20MDM%20policy.%3CBR%20%2F%3E%3CBR%20%2F%3EWe%20are%20able%20to%20restrict%20the%20address%20bar%20in%20IE%20and%20Old%20Legacy%20Edge%20but%20NOT%20in%20Chromium%20Edge%20while%20still%20allowing%20access%20to%20Home%2C%20Back%20and%20Forward.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CU%3E%3CSTRONG%3EUsers%20still%20need%20to%20be%20able%20to%20go%20Back%2C%20Forward%20and%20have%20Home%20button%20but%20should%20NOT%20be%20able%20to%20Type%20an%20URL%20in%20the%20address%20bar.%3C%2FSTRONG%3E%3C%2FU%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CU%3E%3CSTRONG%3EPlease%2C%20please%2C%20please%20when%20setting%20up%20the%20New%20Edge%20Kiosk%20Support%20give%20us%20the%20ability%20to%20block%20the%20ability%20to%20type%20in%20the%20address%20bar%20in%20Group%20Policy%20and%20in%20the%20%22standard%20MDM%20policy%20for%20Assigned%20Access%22.%20It%20can%20even%20still%20be%20there%2C%20just%20cannot%20be%20%22clickable%22.%3C%2FSTRONG%3E%3C%2FU%3E%3CBR%20%2F%3E%3CBR%20%2F%3ENow%20MDM%20is%20pretty%20pathetic%20compared%20to%20what%20I%20can%20do%20in%20Group%20Policy%20so%20it%20has%20a%20LONG%20LONG%20way%20to%20go%20before%20it%20is%20really%20usable.%20For%20example%20not%20allowing%20Publisher%20Applocker%20rules%20or%20the%20ability%20to%20set%20the%20applocker%20rules%20to%20apply%20to%20ONLY%201%20user%20or%20group%20of%20users%20is%20pretty%20limiting.%20Plus%20having%20to%20code%20everything%20in%20XML%20what%20I%20can%20just%20do%20in%20Group%20Policy%20seems%20like%20going%20back%20to%20Kixscript%20and%201995.%3CBR%20%2F%3E%3CBR%20%2F%3EPlus%20for%20some%20reason%20I%20cannot%20set%20%22New%20Edge%20lockdown%20Group%20policies%22%20in%20MDM%20policy%20so%20I%20have%20to%20run%20a%20logon%20script%20with%20a%20reg%20hack%20to%20the%20local%20account%20to%20block%20settings%20page%2C%20and%20everything%20else.%3CBR%20%2F%3E%3CBR%20%2F%3EHowever%2C%20we%20need%20this%20ability%20for%20PCI%20Compliance%20to%20block%20clicking%20in%20the%20Address%20bar%20in%20Group%20Policy%20enforced%20(per%20user)%20AND%20MDM.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fconfiguration%2Flock-down-windows-10-to-specific-apps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fconfiguration%2Flock-down-windows-10-to-specific-apps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi,

 

I run public (domain joined but local accounts) PCI Compliant Kiosks for Health and Government offices. The Kiosks run severely locked down with Group Policy and some Assigned Access MDM policy.

We are able to restrict the address bar in IE and Old Legacy Edge but NOT in Chromium Edge while still allowing access to Home, Back and Forward.

Users still need to be able to go Back, Forward and have Home button but should NOT be able to Type an URL in the address bar. 


Please, please, please when setting up the New Edge Kiosk Support give us the ability to block the ability to type in the address bar in Group Policy and in the "standard MDM policy for Assigned Access". It can even still be there, just cannot be "clickable".

Now MDM is pretty pathetic compared to what I can do in Group Policy so it has a LONG LONG way to go before it is really usable. For example not allowing Publisher Applocker rules or the ability to set the applocker rules to apply to ONLY 1 user or group of users is pretty limiting. Plus having to code everything in XML what I can just do in Group Policy seems like going back to Kixscript and 1995.

Plus for some reason I cannot set "New Edge lockdown Group policies" in MDM policy so I have to run a logon script with a reg hack to the local account to block settings page, and everything else.

However, we need this ability for PCI Compliance to block clicking in the Address bar in Group Policy enforced (per user) AND MDM.

https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps

0 Replies