3 Securing Kiosk Manager

Kiosk Manager allows multiple users to use a single workstation in a kiosk environment, such as a medical office or a hospital, by allowing one or more "sub-sessions" within the context of a single Windows account session.

Oracle recommends that you utilize one or more of Kiosk Manager's session security features:

• Lock the session when the user hits Ctrl-Alt-Del,

• Lock the session when the screen saver engages,

• Disable Task Manager, the Run command, as well as Start Menu and Windows taskbar access using the mouse and Windows hotkeys when session is locked so that applications cannot be launched, switched, or terminated by the user,

• Stay on top of all other windows and prevent other applications from stealing focus.

Provided that Logon Manager has been securely deployed and configured as described in , no extra work is necessary to secure Kiosk Manager. This is because the Kiosk Manager plug-in within Logon Manager uses Logons Manager's synchronization mechanism to interact with the repository, eliminating the need for a dedicated connection. Connection and data security is ensured by Logon Manager's built in encryption mechanisms, provided the repository connection is utilizing SSL.

To prevent a user from accessing the applications of another user within another Kiosk Manager session, you should follow industry standard best practices for securing a public end-user workstation. Specifically, the Windows account under which Kiosk Manager is to run should be stripped from all privileges except those that permit the launching and use of the required target applications so that the user cannot terminate Kiosk Manager or other users' applications.

You should also always set an inactivity timer which will lock the user's session after a short period of inactivity - for example, when the user walks away from the kiosk to tend to a patient.