- Ensure two user accounts are set up, an Admin, and a user that we want to lock down. In this case DSL was our admin and Engineer the account we want to lock down.
- Log in to the Admin account
- Enable Shell Launcher by going to Control Panel > Programs > Programs and Features > Turn windows features on or off. Then expand ‘Device Lockdown’, tick ‘Shell Launcher’ and Click ‘Ok’
- Launch “Windows Powershell ISE” and click File, then New. Paste the code into the open window. Save the file somewhere with your preferred name – in this case it was on the desktop called lockdown.ps1
- Edit the lockdown file to have the desired actions. The default for the user account in the Microsoft example was “cashier” so I went through and changed any occurrences of cashier to engineer. This I believe should be lines 75, 77, 97 and 99. * Below shows the code with the user already changed to Engineer
- Set the required action in line 99, for when Internet explorer is closed, in this case I chose restart_shell, but the actions we have available are shown on lines 81-83
- Run the script, but you may want to change line 99 to point to your program rather than Internet Explorer.
- Launch “Windows Powershell” as an admin and navigate to the location of the .ps1 file
- Type “lockdown.ps1” if given an error, try: “.\lockdown.ps1”
- If you still get an error at this point, i.e. the script couldn’t be run because execution of scripts is disabled on the system. To enable this, type “set-executionpolicy remotesigned” into powershell then try “.\lockdown.ps1” again