Yaroslav Goncharov (yaroslav@softspb.com), May 29, 2002.
I want to force the Pocket PC into kiosk mode and not allow the user to get out of this. How can I do it?
There are at least 3 possibilities to implement a kiosk mode on Pocket PC: implementing a custom shell, replacing a standard password prompt and using SHFullScreen. Custom shell implementation is out of the article scope. In the strict sense it will be a new platform that cannot be called Pocket PC. You can read about implementing custom shells in MSDN in Designing a Custom UI Shell for Microsoft Windows CE 3.0 Embedded Systems article.
The main idea of this solution is to replace the standard password prompt of Pocket PC with your custom application. To replace the standard prompt you should create a custom DLL that exports PromptForPasswd function and set redirection string in the registry. You can read more about technical aspects of this solution in this article.
This solution provides a good security level since it uses built-in security mechanism. Operating system guarantees that your application will exclusively use the device while your application does not return from PromptForPasswd.
Also a good point is that the application can be integrated with built-in password manager. For example, user will need to enter the system password to get full access to the device. A system password hash is stored in a secret place therefore it is quite hard to hack such systems. You can read about using a system password in Pocket PC password protection article.
However, this solution has significant disadvantages. The main problem is that this solution uses undocumented tricks. The application that replaces the standard system prompt will be restricted in its actions. Also you can meet some bugs that you do not meet in a standard mode. For example, SHFullScreen does not work correctly (you can use ShowWindow instead). Or SIP window can disappear and user will not be able to restore it using a SIP button. Also it is not possible to replace the standard password prompt on the SH3-based Jornada Pocket PC.
So if you choose this way and your application is not as trivial as a password prompt you should be prepared that your project can turn into the long fight with the operating system.
There is another way to implement a kiosk mode. This solution does not use undocumented features of the operating system therefore can be considered as more common. You can use SHFullScreen API function to provide a full screen mode for your application, redirect hardware keys to your application to avoid switching to other applications and register your application to start after a soft reset.
This solution provides a kiosk mode for wide range of applications. However, there are a lot of aspects that a developer should keep in mind: working with SIP, SHFullScreen function side effects and so on.
There is a ready-to-use solution for a kiosk mode on Pocket PC, Spb Kiosk Engine. This engine provides a correct full screen kiosk mode for custom applications. Also there is an admin mode that can be turned on using a secret hardware keys sequence. You can use Spb Kiosk Engine with your custom application or with 2 predefined applications: Pocket Internet Explorer and Terminal Services Client.