Optional configurations used to fully dedicate a computer to the ITESLIVE display

This article contains technical configurations that will limit the actions that can be taken on the Windows device that is broadcasting the ITESLIVE display.

 

AVAILable with:
Windows Player: Starter, Pro, Premium

 

In the event that you wish to fully dedicate a computer to the use of the ITESLIVE display, there are optional configurations that can be added to your display computer. These configurations are much more restrictive on the operating system than those completed using the ITESLIVE installer. These configurations are also more technical and will most likely require the assistance of your IT department.

Required firewall modifications

Note: The following is an example of the format in which the modifications are presented. 

Rule to be created in the firewall
Details of the impact the rule will have on Windows

  • advfirewall firewall add rule name=""Windows Updates"" dir=out action=allow service=""wuauserv"" enable=yes
    advfirewall firewall add rule name=""Windows Updates"" dir=in action=allow service=""wuauserv"" enable=yes
    These configurations ensure that the Windows updates are authorized in the firewall.

  • advfirewall firewall add rule name=""Open Port 443"" dir=out action=allow protocol=TCP remoteport=443 
    This rule will allow outbound HTTPS communications to pass through the firewall.

  • advfirewall firewall add rule name=""Block Port 135"" dir=in action=block protocol=TCP localport=135 profile=public
    Blocks all inbound TCP communications that use port 135.

  • advfirewall firewall add rule name=""ntp"" dir=out action=allow protocol=UDP remoteport=123 - A retirer (fait)
    Allows outbound UPD communications that use port 123.

  • advfirewall firewall add rule name=""dns udp"" dir=out action=allow protocol=UDP remoteport=53
    Allows outbound UDP communications that use port 53.

  • advfirewall firewall add rule name=""dns tcp"" dir=out action=allow protocol=TCP remoteport=53
    Allows outbound TCP communications that use port 53.

  • advfirewall set publicprofile firewallpolicy BlockInbound,BlockOutbound
    Blocks all communications from a network connected to the computer that is using the « Public » network profile.

  • advfirewall set privateprofile firewallpolicy BlockInbound,BlockOutbound
    Blocks all communications from a network connected to the computer that is using the « Private » network profile.

  • advfirewall set domainprofile firewallpolicy BlockInbound,BlockOutbound 
    Blocks all communications from a network connected to the computer that is using the « Domain » network profile.

  • advfirewall set allprofiles state on
    Activates all of the « Windows Defender Firewall » profiles.

Required Windows registry modifications

Note: The following is an example of the format in which the modifications are presented.

Path to the location that needs to be modified
Modification
- Impact on Windows

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    HideIcons = 1 - Hides all of the desktop icons. 
    EnableBalloonTips = 0 - Hides the notification pop-ups in the notification zone.

  • HKEY_CURRENT_USER\Software\Policies\Microsoft\TabletPC
    TurnOffPenFeedback = 1 - Disables the contextual bubbles shown when the computer receives a touch input from an interactive monitor. 
    PreventFlicks = 1 - Makes all « Pen and touch » shortcuts and any associated features unavailable.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
    fDenyTSConnections = 1 - Disables the « Remote Desktop » connections.

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
    AutoReboot = 1 -
    Activates the automatic restart of the computer should a Windows blue screen occur.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoDriveTypeAutoRun = FF - Disables the « AutoRun » pop-up for all drive types (USB, hard drives, etc.).

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
    AUOptions = 4 -  Activates the automatic download and installation for Windows updates. This configuration is only valid if there are existing values for                                « ScheduledInstallDay » and « ScheduledInstallTime ».
    ScheduledInstallDay = 2 - Specifies that the « Windows updates » will be installed every Monday.
    ScheduledInstallTime = 2 - Specifies that the « Windows updates » will be installed at 2 AM.

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    Start_ShowMyPics = 0 - Hides the  « My Pictures » entry in the « Start menu ».
    Start_ShowMyMusic = 0 - Hides the  « My Music » entry in the « Start menu ».

    Start_ShowPrinters = 0 - Hides the  « Printers » entry in the « Start menu ».
    Start_MinMFU = 0 - Hides all recently used program entries in the « Start menu ».
    Start_JumpListItems = 0 - Hides all  « Jump list » entries in the « Start menu ».

    Start_ShowMyDocs = 0 - Hides the  « My Documents » entry in the « Start menu ».
     

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\DateTime\Servers

    0 = 0.ca.pool.ntp.org - Configures ntp 0.ca.pool.ntp.org as the time-server in the Windows configurations.

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    shutdownwithoutlogon = 0 -
    Disables the « Shutdown » button in the Windows login screen.

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoClose = 1 - Deletes and blocks access to the « Shutdown », « Restart », « Sleep » buttons.