Mar 20 2019 09:24 AM
Mar 20 2019 09:24 AM
I am working with creating a Device Configuration Profile for Kiosk Mode. The device is Windows 10 1809 and is Azure AD joined only and is syncing and receiving policies, updates, and software.
When the device is restarted the Kiosk policy attempts to force the Auto-login option but fails. It is showing User "kioskUser0" and giving the generic message of "username/password is incorrect". I wait a minute or 2 and the timeout for attempting the login with the kiosk user occurs, then I am able to then login with any azure ad user I attempt.
When the policy is applied is it creating kioskUser0 as a local account on the device?
Other than restarting, is there any way for the device to attempt to log back into the kiosk section? (logging in and signing out does not seem to trigger this)
Mar 25 2019 03:00 PM
the policy is creating the kioskuser0 and confgures the autologon. If you combine this with a Autopilot Self Deploying Mode (SDM) Profile then the OOBE will enable the Enrollment Status Page (ESP) and waits for the receiving of this policy and then when it proceeds the kioskuser0 autologon will instantly take you to the Kiosk. In my tests I found a problem in this mode as the ESP is currently not correctly waiting for the kiosk profile therefore the autologon is not working. This is currently known by Microsoft and they are working on a fix.
Apr 01 2019 06:54 AM
To clarify, I am not using Auto-pilot with ESP. This are provisioned with a USB and the the kiosk mode profile is applied when the device is synced. Is the issue you stated still going to affect me?
Apr 03 2019 07:15 AM
hmm okay understand. I didn't setup kiosk with USB sticks and provisioning packages until now. Anyway after restart the auto logon should work. Did you try to specify .\kioskUser0 and leave the pasword blank? important is the .\ in front to make sure the logon window knows it is a local user logon. Do you have other MDM policies which getting applied to the device as well? maybe they create a kind of conflict. e.g. if you enforce via Compliance policy require passwort it will break auto logon.
Apr 10 2019 03:36 PM - edited Apr 11 2019 07:18 AM
I am working with Premiere support at the moment to dig in and figure this out. I will reply back with my notes for others to benefit from as well. This reply is to let everyone know this is still being investigated.
Apr 15 2019 02:25 PM
Below are the results of what I found with MS Support to be the steps taken to achieve Kiosk Mode.
Notes for the experience:
I found I had to restart the devices several times after everything was in place before it would actually take place. (Approx 3-4 times per device)
During some further testing I found:
In a Device Restriction policy, password section, filling in the preferred tenant name breaks the auto login feature for kiosk mode. I made a single change and once the devices synced, and restarted, they were unable to auto-login.
Thank you Oliver for reaching out to help me.