DMC worked with a medical supply company to create a customized OS image that could be easily deployed to multiple machines. This allows the client to quickly update their devices in the field and maintain their uniformity. The image’s customizations created a de facto kiosk mode allowing the user access to only one program if they do not have admin privileges.
The OS image was created using Symantec Ghost Solution Suite. A bootloader was created on a USB flash drive allowing for saving and loading images onto an embedded system. A second USB flash drive can store the image itself and be deployed using the first. Concurrently, an online repository was created to store and organize image versions.
The image itself was customized to include a default user that functions as a kiosk mode. On startup, the device will auto-login to the default user and either run the client’s software, if it was installed, or default to a black screen. Nothing else can run because Embedded Lockdown Manager is running a shell script to only deploy the executables in one location. If the location has no executables to run, it's possible to switch users and access the Admin User. Another feature of Embedded Lockdown Manager is adding write protection to certain drives that can be toggled in admin mode.
Third party programs were used to provide functionality and simplify configuration for the OS image. AutoHotKey was used to suppress certain Windows popups and dialogs. My WCP Watermark Editor was used to quickly configure the Windows Watermark so it would reflect the image version. These programs were either run on startup from the shell script (AutoHotKey dialog suppression) or in one time instances in admin mode as needed (watermark update).