- Create two user accounts
- Administration account
- Kiosk Account - This account will be locked down with Parental Controls
- Set up remote management
- We are using Screens 4
- See Screens documentation Configuring macOS for Remote Access
- Install kiosk software
- We use a role-based Apple ID (ex: webmaster@[institution].org) to manage macOS software. Managing Apps this way saves lots of headaches.
- App Store xStand
- This is the best app we’ve found for running a browser in kiosk mode. It is reliable with enough customizations to be workable in a variety of situations.
- Keep desktop running
- See Installation Up 4evr
- Also, use the handy tool to automate some of the items listed in the article.
- Lock down kiosk account
- Set Kiosk account to login automatically on restart
- Go to: System Preferences > User & Groups > Login Options
- Update Kiosk account to use Parental Controls and lock down as needed. With the keyboard is available to visitors it is important to remove access to everything but the essentials. Overall these methods worked well. Only a few times did people get around these controls. A hard crash or two fixes/resets pretty much everything
Created
October 21, 2019 15:21
-
-
Save kulas/e51bd454547c0200ed791cdb31525be6 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have the following website running on the Kiosk in the "Scaife Gallery": https://northbrook.cmoa.io/table
The Mac Minis have a barcode with numbers on them like "09701".
The password for connect to the Mac Minis through "Screens 4" can be found in the 1password app
One will look for CMOA: Mac Mini - barcodeNumberHere
Make sure the Kiosk Account will load on reboot.
Do not do software updates (this could cause the Kiosk software not to run properly)
Limit what is in the apple menu
Don't allow keyboard commands
xStand has to be in the startup items
Setting up Parental Controls: System Preferences > Parental Controls > enter username and password for administrator (same credentials as username and password inside of 1password app) > Kiosk > Read this article and setup parental controls: https://appleinsider.com/articles/18/04/04/how-to-use-parental-controls-in-macos-to-limit-access-to-features-and-apps
Check the following under Apps
Check : Limit Applications on this Mac > UPDD Gestures -- UPDD, UPDD Gestures -- Application Support, updd.app, xStand,
If you need access a non-allowed app, right click, enter admin credentials.
Check the following radio button under Web
Try to limit access to adult websites (we may add more in the future, this is kind of a work in progress)
Check the following under Stores
Disable > iTunes Store > iTunes U, Apple Books
Restrict > Music with explicit content,
Check and set Movies to: PG,
Check and set TV shows to: TV-PG
Check and set Apps to: 12+
Check Books with explicit sexual content
Do not check anything under Time
Check the following under Privacy
Check Diagnostics
Other
Check > Turn off Siri & Dictation, Disable editing of printers and scanners, Block CD and DVD burning in the Finder, Restrict explicit language in Dictionary, Prevent the Dock from being modified
Make sure you click the lock to prevent further changes.
At this point, you should restart the computer and make sure xStand is loaded on reboot. Then you should make sure all of the screen gestures are off. Now make sure you can remote into the machine.
On reboot, xStand should load the website you started with it. You are best clicking "Shared Display"
The slideshow from https://northbrook.cmoa.io/table show reload on restart.