Lockdown means that a Windows operating system can be adapted to your needs with specific restrictions. In the following we will discuss the lockdown features that are used to customize the operating system. The features that provide more security will be discussed in another article.
Unbranded Boot
The function Unbranded Boot can suppress Windows items that appear while starting the operating system. This includes the bootlogo, the status ring and the status text – either one of them or all at the same time.
In addition you can adjust that a black screen appears instead of a blue screen (= a fault message in Windows) and that the device will restart automatically. This way users can’t see if the system had a crash. After each crash a dump file will be created in the background in order to read out the error.
Embedded Logon
The Embedded Logon allows you to suppress elements of the Windows 10 user interface while starting and shutting down the operating system. For instance, the login screen can be hidden and an automatic login can be configured instead. Then it is possible to display an application directly after the boot screen. Furthermore, the login screen can be personalized by hiding some elements.
Shell Launcher
With the Shell Launcher a Windows 10 app or a classic Win32 program can be opened automatically if you want to hide the standard Windows user interface. This means, that when the PC is started, the application starts and the operating system remains invisible. It is also possible to configure different shells for different users so that two accounts run on the PC: one with the application as a shell and another with the classic desktop shell for administrative things.
Furthermore the Shell Launcher can be used to control what happens if the program crashes or is closed. It could restart, shut down or also just do nothing.
Assigned Access
The Assigned Access has similar functions as the shell launcher. It is interesting particularly for the so-called “single-function devices”, i.e. devices which are to fulfill only one function. These include, for instance, kiosks, POS terminals or displays at fairs. If an account is configured for Assigned Access a selected Windows app will run above the lock screen for the selected user account. Users of this account can not access any other function in the device. With some optional element the Assigned Access can be further personalized. For example regarding the power button availability and greeting elements.
To block access to the system certain touch and mouse gestures as well as key combinations can be blocked. To exit the application you have to press a special breakout key with which you can get to the login screen.
Customized OEM information
Another feature that allows you to personalize your PC is the possibility to customize the OEM information. You can state your own manufacturer and model name and insert your logo. In addition the support hours, phone and URL can be provided, which allows your customers to see directly where the system comes from and whom to contact with problems.
##Overview page of Windows 10 IoT Enterprise