In getting our ASK iPad pilot into full swing for Bloomberg Connects we needed to nail down how we were going to present the answers to museum-goers-—a seemingly simple task that unfurled into and increasing number of smaller details like peeling some kind of silicone based onion. We knew asking via the iPad worked for our visitors, but we wanted to introduce a second screen to display the answers.
At first we considered using two iPads: one to ask questions, the other to view the answers. However, we felt that the way that answers were presented needed not only to be visually compelling, but had to stand apart from (or perhaps even in opposition to) the ASK kiosk. Further, we had to be able properly lock down these devices to not only protect them from a overly curious user, but to ensure that any visitor to the museum can have the full experience without accidentally breaking a piece of it.
In the end we decided to use an All-In-One PC running Windows 8; specifically the HP ProOne 400. With a 23in widescreen monitor it stood in an appropriate contrast to the iPads. Also, given that it runs Windows 8 we could count of a host of software vendors to help us secure each device, if not our in-house expertise. This particular model is also VESA compatible (a surprisingly rare feature for All-In-Ones) allowing us to select from of a variety of wall mounts upon which to hang our soon to be Answer Kiosks.
Confident in our selection we purchased seven shiny new HP ProOne 400s and began the process of securing the first among them. This was the part of the onion peeling process where my eyes began to tear, and wouldn’t stop for several days.
Despite considerable research we could not find a vendor that provided kiosk software that could secure the devices in the way we needed. Although each effectively restricted the computer to the webpage, some injected their logos onto the page, while others allowed gestures that would complicate the experience. Disheartened, I resolved to lock it down using the settings and commands within Windows.
The Answer webpage was designed to work optimally with Google Chrome, which, if run from the command line with the “–kiosk” switch will present a web page in full screen and prevent someone from closing Chrome or opening a new program from the Start Screen. Later, while trying to find ways of breaking, or breaking into my setup I decided to add the following switches: –incognito (to suppress webpage restore options in the event that Chrome shutdown unexpectedly), and–disable-pinch (to disable pinch-to-zoom because Chrome enables this feature by default even if it is disabled in Windows).
Chrome’s configurations, however, were insufficient to secure these touch screen devices because of Windows 8’s edge gestures. If you swipe a finger inward from an edge on a touch screen computer running Windows 8 it will present menus that allow you to change the PCs settings, switch apps, or even shut the PC down—none of which would be conducive to the ASK experience. This one feature was also left unaddressed by the majority of the software vendors I researched earlier, forcing me to turn them down.
Fortunately, I was not the only citizen of the internet who had faced this dilemma and I was able to find a tech support forum post wherein another Network Admin explained that the edge swipe feature relied on explorer.exe, and could be “disabled” if you end the explorer.exe process. Of course, by doing so one closes the entire Windows experience—the start menu, task bar, and programs (most importantly the Answer webpage itself) all disappear from view, and remain as such until you re-run explorer.exe… the layers of the onion (and the tears) just kept on coming.
After some experimenting, I found that by running a short script that first disabled explorer.exe then ran Chrome with all my desired switches I could successfully present the Answer webpage in all its glory without leaving any prompts, buttons, or gestures that would complicate this for the user. Next I set this script to run on start up, so that when the PC is powered on it will automatically bring up and lock down the webpage. For the curious that script is as follows:
taskkill /IM explorer.exe /f
“C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –kiosk http://brooklynmuseum.org/ask/forum/responses.php?forum=28&” –incognito, –disable-pinch
Having stripped away that issue I went about unraveling the finer details. This included preventing the PC from going to sleep, disabling the card reader and Auto-Play to keep anyone from installing malicious software, setting it to run on an isolated wireless network, and having all of this run from a restricted account, which would automatically login upon startup.
To protect against power outages (whether accidental or otherwise) I configured the BIOS (a computer’s internal hardware settings) to automatically power on if power is lost then restored, and disabled the automated Startup Repair feature that normally runs if the PC isn’t shut down properly. At this point, to do anything in the PC other than view the Answer page one would need to plug in a keyboard directly into one of the PCs in an exhibition, which will be promptly stopped by museum security… something I experienced myself when was setting up one of the devices without my ID about my neck. I would like to note that discovering an angry cloud of grey and blue gathering behind me as I clacked away on my presumably contraband keyboard was my least favorite but most reassuring experience in this piece of the project, but I digress.
One would think that after all this every angle was covered, but a final nearly-overlooked detail arose in the 11th hour. Many of our answers include videos from YouTube, whose players we embed into the answer pages. These players include a “YouTube” button that links over to YouTube.com\/watch when tapped. If a user were to do so, given all the settings I described above, there would be no way of getting back to the answer page without power cycling the PC. For this, David Huerta and Christina White, our Head of IT, worked together to select a Chrome plugin aptly named “Redirector” which redirects any attempt to go to Youtube.com\/watch back to our answer page, effectively turning that link into a simple refresh button.
With that the Answer experience was fully secured, and the PCs mounted in their associated exhibitions. The process was documented to make future deployments easier, and an image backup was captured of each machine individually using Clonezilla. We would have used a managed imaging software like Symantec Ghost to deploy the settings to each device at once, but the complications between Symantec, Windows 8’s licensing mechanisms, and HP’s hardware make up the layers of another onion that is best left for another day.
Brian is a recent addition to the Technology department and serves as the museum’s Network Administrator. Although he started as student of Philosophy and Religious Studies at Pace University Brian became absorbed in the world of IT and established a PC (and occasionally Mac) repair business with his two brothers. Having worked in over 30 different networks he now helps manage the IT infrastructure and security for the Brooklyn Museum.
H - 9 years ago
Or you can just use the assigned user mode built right into windows 8 and saved yourself the trouble. it works with any Windows 8 app
Brian Weirich - 9 years ago
Assigned User Access mode was something that we tried in the beginning, but was unfortunately ruled out for a number of reasons. The core problem of achieving the clean, locked down experience we wanted with Assigned User Access was that these webpages were intended to be viewed in Google Chrome. When using Chrome as a Windows 8 app, which is required for Assigned User Access, issues arose with disabling pinch-to-zoom, viewing the right click menu, the URL bar being accessible, and a few other minor things that thankfully faded from memory.
Each of these problems COULD be addressed in this mode, but the process quickly degenerated into a game of break-fix Whack a Mole, which, besides being frustrating, was sucking up Developer and Sysadmin time. I ended up drawing out the path to resolution for both methods and found that disabling Explorer.exe and running Chrome with the switches described proved to be the path of least resistance that provided the experience we needed.
Stephen - 9 years ago
I am a volunteer at a small natural history museum, http://www.lyoniapreserve.com/lec.htm
I am converting a non-functioning mechanical display to a touch screen display. After reading Brian Weirich article, I have ordered a HP ProOne 400 and it will be here in a few days. I plan to mount the ProOne to a desktop that will allow easy wheelchair access.
Now I need some advise on a mount that will easily tilt forward to facilitate wheelchair access and tilt back for easy viewing by someone that is standing. I saw an article on this, but can’t find now. Any suggestions would be appreciated.
Brian Weirich - 9 years ago
Hi Steven,
Unfortunately, I cannot give you a specific model that will meet your needs as our own mounts are all stationary. However, I think that what you are looking for will be a mount that can tilt up to 45 degrees. That should be a sufficient range for your needs, but given the size of the PC you may not be able to get it to tilt the full range as it will hit the wall. Perhaps someone can build a stud for you that will let you set the mount a few inches from the wall, allowing people to tilt it completely.
Additionally, you want to ensure that it can handle the weight of the PC at all angles and one that uses four mounting screws to adhere to the wall itself is highly advisable. In the past I’ve found that some mounts tend to tilt downward with the weight of the PC/TV, but often it is hard to tell when shopping for them, so it may be best to try out a few models.
George - 9 years ago
How did you deal with right-click obtained via touch-and-hold on chrome?
Even if right-click is disabled in windows, chrome does it if user presses for longer.
Thanks for any suggestion.
David - 9 years ago
Hi George, we added some JavaScript to the page to block the right click menu in Chrome: https://gist.github.com/huertanix/01c06b0f92b57e279271.